Databases Reference
In-Depth Information
5 Conclusion
Since the initial articulation of the Hippocratic Database vision in 2002, sig-
nificant strides have been taken in developing technologies that adhere to the
founding principles. Active enforcement technology supports the principles of
purpose specification, consent, limited use and limited disclosure for relational
database and XML-based systems. Compliance auditing, query ranking, and
curation auditing technologies support the compliance principle. Sovereign In-
formation Integration enables limited use and limited disclosure in distributed
environments with no trusted third parties, while order-preserving encryption
and the Partition Plaintext Ciphertext storage model promote the safety prin-
ciple. Nevertheless, there are many interesting HDB technologies that require
further research, such as improved policy specification, enforcement after data
retrieval, support for filter and deny semantics, limited retention, limited col-
lection, intrusion detection, data integrity, and openness. The growth of elec-
tronic medical and financial records accompanied by many highly publicized
privacy breaches in recent years underscore the importance of continuing re-
search in HDB technology.
References
1. H. Von Staden, translator, “In a Pure and Holy Way: Personal and Professional
Conduct in the Hippocratic Oath,”
Journal of the History of Medicine and
Applied Sciences
51, 406-408, 1966.
2. R. Agrawal, J. Kiernan, R. Srikant, Y. Xu., “Hippocratic Databases,”
Proceed-
ings of the 28th International Conference on Very Large Databases
, Hong Kong,
China, August 2002.
3. K. LeFevre, R. Agrawal, R. Ercegovac, R. Ramakrishnan, Y. Xu, D. DeWitt,
“Limiting Disclosure in Hippocratic Databases,”
In Proceedings of the 30th
International Conference on Very Large Databases
, Toronto, Canada, August
2004.
4. IBM Hippocratic Database Active Enforcement User Guide,
http://www.almaden.ibm.com/software/projects/iis/hdb/Publications/papers/
HDBEnforcementUserGuide.pdf.
5. R. Agrawal, J. Kiernan, R. Srikant, Y. Xu, “An XPath-based Preference Lan-
guage for P3P,”
In Proceedings of the 12th International World Wide Web Con-
ference
, Budapest, Hungary, May 2003.
6. R. Agrawal, P. Bird, T. Grandison, J. Kieman, S. Logan, W. Rjaibi, “Extending
Relational Database Systems to Automatically Enforce Privacy Policies,”
In
Proceedings of the 21st Int'l Conf. on Data Engineering (ICDE 2005)
, Tokyo,
Japan, April 2005.
7. E. Bertino, S. Castano, E. Ferrari, “On Specifying Security Policies for Web Doc-
uments with an XML-based Language,”
In ACM Symposium on Access Control
Models and Technologies
, Chantilly, Virginia, United States, May, 2001.
8. R. Agrawal, R. Bayardo, C. Faloutsos, J. Kiernan, R. Rantzau, R. Srikant,
“Auditing Compliance with a Hippocratic Database,”
In Proceedings of the 30th
