Abstract
Access control mechanisms protect sensitive information from unauthorized users. However, when sensitive information is shared and a Privacy Protection Mechanism (PPM) is not in place, an authorized insider can still compromise the privacy of a person leading to identity disclosure. A PPM can use suppression and generalization to anonymize and satisfy privacy requirements, e.g., k-anonymity and l-diversity. However, the protection of privacy is achieved at the cost of precision of authorized information. In this thesis, we propose an accuracy-constrained privacy-preserving access control framework for static relational data and data streams. The access control policies define selection predicates available to roles and the associated imprecision bound. The PPM has to satisfy the privacy requirement along with the imprecision bound for each selection predicate. We prove the hardness of problem, propose heuristics for anonymization algorithms and show empirically that the proposed approach satisfies imprecision bounds for more queries than the current state of the art. We also formulate the problem of predicate role mining for extraction of authorized selection predicates and propose an approximate algorithm. The access control for stream data allows roles access to tuples satisfying an authorized predicate sliding window query. The generalization introduces imprecision in the authorized view of stream. This imprecision can be reduced by delaying the publishing of stream data. However, the delay in sharing the stream tuples to access control can lead to false negatives. The challenge is to optimize the time duration for which the data is held by PPM so that the imprecision bound for maximum number of queries are met. We present the hardness results, provide an anonymization algorithm, and conduct experimental evaluation of the proposed algorithm.^
