View
714
Download
0
Category
Preview:
DESCRIPTION
Citation preview
Securing the privacy of Customer
Presentation
On
04/08/23 1
• Privacy is the right of individuals.
• Computer security is the prevention or
protection against
– access to information by unauthorized
recipients
– intentional but unauthorized destruction
or alteration of that information
Introduction
04/08/23 2
• Traditional databases
• Statistical databases
• Secure databases
Related Work
04/08/23 3
• Hippocratic databases require all the capabilities
provided by current database systems
• Different focus
• Need to rethink data definition and query
languages, query processing, indexing and
storage structures, and access control
mechanisms
Traditional Database
04/08/23 4
• Goal: Provide statistical information
• Query restriction
• Data perturbation
Statistical Databases
04/08/23 5
• Sensitive information is transmitted over a
secure channel and stored securely
• Access controls
• Encryption
• Multilevel secure databases
Secure Databases
04/08/23 6
• Purpose Specification
• Consent
• Limited Collection
• Limited Use
• Limited Disclosure
Principles of Hippocratic
04/08/23 7
• Limited Retention
• Accuracy
• Safety
• Openness
• Compliance
Continue…….
04/08/23 8
• Team Formation
• Setting the responsibility
• Setting the objective
• Aware the Customer
Key Requisites for Privacy Policy
04/08/23 9
• Lawful collection
• Maintaining the accuracy
• Obtaining complete information
• Data Security
Continue…….
04/08/23 10
• Disclosure norms
• Storage norms
• Updated norms
• Information norms
Continue…….
04/08/23 11
• Privacy Metadata
• Data Collection
• Querying
• Retention
• Data Collection Organizer
Proposed Design and Implementation
04/08/23 12
• External recipients
• Retention Period
• Authorized users
Privacy Metadata
04/08/23 13
• Data is inserted with the purpose for which it
may be used.
• Data Accuracy Analyzer addresses the Principle
of Accuracy
Data Collection
04/08/23 14
• Queries are tagged with a purpose
• Before query execution
• During query execution
• After query execution
Querying
04/08/23 15
• A data item should be retained for the maximum
retention period among all the purposes for which
it has been collected.
• After this period, it should be deleted.
Retention
04/08/23 16
• Data is fed into the database.
• It has to be retained till its purpose is solved.
• Data manager deletes all the data once
purpose is solved.
Applicable Restriction
04/08/23 17
• Fine grained access control (FGAC)
• In order to maintain the retention restriction along
with sustaining data consider a example
The Proposed Model
04/08/23 18
Table1
Customer details Constraints Data type
Cust_id Not NULL Integer
Cust_name Char(32)
Cust_add Varchar2
04/08/23 19
Table2
Restriction details Constraints Data type
Restrict_id NotNULL Integer
Restrict_name Varchar2
Restrict_date date
04/08/23 20
Table3
Restriction date Data type
Restrict_id Integer
Restrict_startdate date
Restrict_enddate date
04/08/23 21
Table4
Customer_acc Data type
Cust_id Integer
Cust_acc Integer
Cust_bal Integer
04/08/23 22
• Create restriction<restriction_name>
On <table>
For <authorization>
(((to columns<column list>|to rows
[Where search_condition] |to cells
<column_list[where search_condition]+))
[for retension time time_interval])+ [restriction access to commands>]
Syntax for creating the restriction
04/08/23 23
• Create restriction rest1 on table Customer_acc For user manager To Columns(cust_bal) for retension time12 Restricting access to select
Example
04/08/23 24
• If the clause for retention 12 is omitted then the restriction is set for unspecified period
Continue…….
04/08/23 25
Create restriction_user
On Customer_acc
For public
To rows where name=user Restricting access to all
User specific accessing
04/08/23 26
• This type of restriction helps in building the confidence level of customers for the company.
Brand Stability and proposed model
04/08/23 27
Conclusion
04/08/23 28
Thank You
alllllllllllllllllllllll
Presented by:
Harjinder Mann
Shelly
Sonia
Anupama
MCA-final04/08/23 29
Recommended