Abstract: A system, method, computer program product, and data management service that allows any comparison operation to be applied on encrypted data, without first decrypting the operands. The encryption scheme of the invention allows equality and range queries as well as the aggregation operations of MAX, MIN, and COUNT. The GROUPBY and ORDERBY operations can also be directly applied. Query results produced using the invention are sound and complete, the invention is robust against cryptanalysis, and its security strictly relies on the choice of a private key. Order-preserving encryption allows standard database indexes to be built over encrypted tables. The invention can easily be integrated with existing systems.

Abstract: A system, method, and computer program product to automatically eliminate the distribution information available for reconstruction from a disguised dataset. The invention flattens input numerical values into a substantially uniformly distributed dataset, then maps the uniformly distributed dataset into equivalent data in a target distribution. The invention allows the incremental encryption of new values in an encrypted database while leaving existing encrypted values unchanged. The flattening comprises (1) partitioning, (2) mapping, and (3) saving auxiliary information about the data processing, which is encrypted and not updated. The partitioning is MDL based, and includes a growth phase for dividing a space into fine partitions and a prune phase for merging some partitions together.

Abstract: An auditing framework for determining whether a database disclosure of information adhered to its data disclosure policies. Users formulate audit expressions to specify the (sensitive) data subject to disclosure review. An audit component accepts audit expressions and returns all queries (deemed “suspicious”) that accessed the specified data during their execution.

Abstract: A method and system for enhancing security in a database by establishing a bit pattern using secret information, the pattern establishing a watermark that can be detected in a copy (authorized or not) of the database only by using the secret information.

Abstract: A system, method, computer program product, and data management service that allows any comparison operation to be applied on encrypted data, without first decrypting the operands. The encryption scheme of the invention allows equality and range queries as well as the aggregation operations of MAX, MIN, and COUNT. The GROUPBY and ORDERBY operations can also be directly applied. Query results produced using the invention are sound and complete, the invention is robust against cryptanalysis, and its security strictly relies on the choice of a private key. Order-preserving encryption allows standard database indexes to be built over encrypted tables. The invention can easily be integrated with existing systems.

Abstract: A system, method, and computer program product to automatically eliminate the distribution information available for reconstruction from a disguised dataset. The invention flattens input numerical values into a substantially uniformly distributed dataset, then maps the uniformly distributed dataset into equivalent data in a target distribution. The invention allows the incremental encryption of new values in an encrypted database while leaving existing encrypted values unchanged. The flattening comprises (1) partitioning, (2) mapping, and (3) saving auxiliary information about the data processing, which is encrypted and not updated. The partitioning is MDL based, and includes a growth phase for dividing a space into fine partitions and a prune phase for merging some partitions together.

Abstract: A query optimization technique that determines whether a query includes a self join that is transitively derived through table expressions having UNION operators. If so, the query is simplified to eliminate the table expressions and to reduce the query to an equivalent query over tables.

Abstract: A computer-based system and method to enforce, monitor, and assess internal controls over financial reporting is provided. A bottom-up approach is used to model transaction-control workflows using logs of past transaction activity executions. Past workflows are reconstructed from these logs and reconstruction rules. The transaction-control workflows are compared with these reconstructed past workflows to determine whether transactions are compliant with the internal controls.

Abstract: A system, method, and computer program product to automatically eliminate the distribution information available for reconstruction from a disguised dataset. The invention flattens input numerical values into a substantially uniformly distributed dataset, then maps the uniformly distributed dataset into equivalent data in a target distribution. The invention allows the incremental encryption of new values in an encrypted database while leaving existing encrypted values unchanged. The flattening comprises (1) partitioning, (2) mapping, and (3) saving auxiliary information about the data processing, which is encrypted and not updated. The partitioning is MDL based, and includes a growth phase for dividing a space into fine partitions and a prune phase for merging some partitions together.

Abstract: A system, method, computer program product, and data management service that allows any comparison operation to be applied on encrypted data, without first decrypting the operands. The encryption scheme of the invention allows equality and range queries as well as the aggregation operations of MAX, MIN, and COUNT. The GROUPBY and ORDERBY operations can also be directly applied. Query results produced using the invention are sound and complete, the invention is robust against cryptanalysis, and its security strictly relies on the choice of a private key. Order-preserving encryption allows standard database indexes to be built over encrypted tables. The invention can easily be integrated with existing systems.

Abstract: A method of transforming relational database management systems into their privacy-preserving equivalents is provided. Language constructs allow fine grained access control (FGAC) restrictions to be specified on the access to data in a table at the level of a row, a column or a cell. Fine grained restrictions are a combination of access control and privacy policy restrictions, which ensure compliance with current privacy legislation mandates.

Abstract: A query optimization technique that determines whether a query includes a self join that is transitively derived through table expressions having UNION operators. If so, the query is simplified to eliminate the table expressions and to reduce the query to an equivalent query over tables.

Abstract: A method for publishing relational data as XML by translating XML queries into queries against a relational database. Conversion of the relational database into an XML database is not required. Each relational table is mapped to a virtual XML document, and XML queries are issued over these virtual documents. An XML query is parsed and transformed into a language-neutral intermediate representation, which is a sequence of operations describing how the output document is derived from the underlying relational tables. The intermediate representation is then translated into an SQL query over the underlying relational tables. The intermediate representation is also used to generate a tagger graph, which the tagger runtime ‘walks’ to generate the tagged, structured XML output. Each of the nodes of the tagger graph are operators which perform processing on the results of the SQL query. The SQL query is executed, and the SQL query results are then provided to the tagger.

Abstract: A system, method, and computer program product to automatically eliminate the distribution information available for reconstruction from a disguised dataset. The invention flattens input numerical values into a substantially uniformly distributed dataset, then maps the uniformly distributed dataset into equivalent data in a target distribution. The invention allows the incremental encryption of new values in an encrypted database while leaving existing encrypted values unchanged. The flattening comprises (1) partitioning, (2) mapping, and (3) saving auxiliary information about the data processing, which is encrypted and not updated. The partitioning is MDL based, and includes a growth phase for dividing a space into fine partitions and a prune phase for merging some partitions together.

Abstract: A query optimization technique that determines whether any column from a right quantifier of a left outer join query is projected out of the query. If not, then all predicates in an ON clause are removed from the left outer join query, the right quantifier is removed from the left outer join query, and the left outer join query is converted to a simple select query. A number of steps are performed to determine whether any of the columns quantified by the right quantifier participate in a projection list of the query. A set of equivalence class columns is computed for the query, wherein the equivalence classes are derived from equi-join predicates in the query. A set of columns quantified by the right quantifier across the computed set of equivalence classes is computed. A determination is made whether a subset of the set of columns form a key for the right quantifier. If the right quantifier columns are not projected out of the query, then the optimization may be performed.

Abstract: A method and system for enhancing security in a database by establishing a bit pattern using secret information, the pattern establishing a watermark that can be detected in a copy (authorized or not) of the database only by using the secret information.

Abstract: A method, apparatus, and article of manufacture for a computer-implemented technique for query optimization with deferred updates and autonomous sources. An object-oriented query is executed to retrieve data from a database. The database is stored on a data storage device connected to a computer. The object-oriented query is transformed into subqueries, wherein at least one subquery is directed against a database, and wherein one subquery is directed against an object cache. Each subquery that is directed against a database is executed to retrieve data from the database into the object cache. The subquery that is directed against the object cache is executed to retrieve data for the query, wherein the data incorporates updates to the object cache and updates to the database.

Abstract: A query optimization technique that determines whether any column from a right quantifier of a left outer join query is projected out of the query. If not, then all predicates in an ON clause are removed from the left outer join query, the right quantifier is removed from the left outer join query, and the left outer join query is converted to a simple select query. A number of steps are performed to determine whether any of the columns quantified by the right quantifier participate in a projection list of the query. A set of equivalence class columns is computed for the query, wherein the equivalence classes are derived from equi-join predicates in the query. A set of columns quantified by the right quantifier across the computed set of equivalence classes is computed. A determination is made whether a subset of the set of columns form a key for the right quantifier. If the right quantifier columns are not projected out of the query, then the optimization may be performed.

Abstract: A query optimization technique that determines whether a query includes a self join that is transitively derived through table expressions having UNION operators. If so, the query is simplified to eliminate the table expressions and to reduce the query to an equivalent query over tables.

Abstract: A method, apparatus, and article of manufacture for a computer-implemented technique for query optimization using a multi-layered object cache. An object-oriented query is executed to retrieve data from a database. The database is stored on a data storage device connected to a computer and queries are run against lower cache layers which have better performance characteristics than the external or upper layers. The multi-layered cache has an application objects (AOs) cache and a data access objects (DAOs) cache, and the application objects include methods deriving data from DAOs. The method includes a step of rewriting the query into a query directed against the DAOs cache, applying a pushdown transformation algorithm to the rewritten query directed against the DAOs cache, and executing the transformed query against the DAOs cache. The method also allows optimizing queries with path expressions by transforming path expression into joins.