Abstract: A method and system for controlling access to data stored in a table of a database are provided. The method includes marking the table of the database as being protected with fine-grained access control (FGAC), creating a system authorization class for the table of the database, the system authorization class having a default row authorization that prevents access to all rows in the table, the system authorization class being unmodifiable, creating a user authorization class for the table of the database, the user authorization class having a default row authorization that prevents access to all rows in the table, the user authorization class being modifiable, and associating the system authorization class and the user authorization class with the table of the database.

Abstract: A method and system for controlling access to data stored in a table of a database are provided. The method includes marking the table of the database as being protected with fine-grained access control (FGAC), creating a system authorization class for the table of the database, the system authorization class having a default row authorization that prevents access to all rows in the table, the system authorization class being unmodifiable, creating a user authorization class for the table of the database, the user authorization class having a default row authorization that prevents access to all rows in the table, the user authorization class being modifiable, and associating the system authorization class and the user authorization class with the table of the database.

Abstract: A system and method is provided for identifying the source of an unauthorized database disclosure. The system and method stores a plurality of past database queries and determines the relevance of the results of the past database queries (query results) to a sensitive table containing the unauthorized disclosed data. The system and method also ranks the past database queries based on the determined relevance. A list of the most relevant past database queries can then be generated which are ranked according to the relevance, such that the highest ranked queries on the list are most similar to said disclosed data. Three techniques used in embodiments of the invention include partial tuple matching, statistical linkage and deviation probability gain.

Abstract: A system and method is provided for identifying the source of an unauthorized database disclosure. The system and method stores a plurality of past database queries and determines the relevance of the results of the past database queries (query results) to a sensitive table containing the unauthorized disclosed data. The system and method also ranks the past database queries based on the determined relevance. A list of the most relevant past database queries can then be generated which are ranked according to the relevance, such that the highest ranked queries on the list are most similar to said disclosed data. Three techniques used in embodiments of the invention include partial tuple matching, statistical linkage and deviation probability gain.

Abstract: A query optimization technique that determines whether a query includes a self join that is transitively derived through table expressions having UNION operators. If so, the query is simplified to eliminate the table expressions and to reduce the query to an equivalent query over tables.

Abstract: A tool for enforcing limited disclosure rules in a software application, typically an unmodified database. The invention enables individual queries to respect data subjects' preferences and choices by storing privacy semantics, classifying data items into categories, rewriting incoming queries to reflect stored privacy semantics, and masking prohibited values. Privacy semantics include individual data subject choices and privacy policies comprise rules describing authorized data recipients and authorized data access purposes. Privacy policies may require specific consent from data subjects. The invention assigns each (purpose, recipient) pair a view over each database table, so entire tuples and individual cells can have particular privacy semantics. Purposes and recipients are inferred based on the application issuing the query. Masking is performed at the individual cell level, and may employ NULL or other predetermined indicia for prohibited values.

Abstract: An auditing framework for determining whether a database disclosure of information adhered to its data disclosure policies. Users formulate audit expressions to specify the (sensitive) data subject to disclosure review. An audit component accepts audit expressions and returns all queries (deemed “suspicious”) that accessed the specified data during their execution.

Abstract: A system, method, computer program product, and data management service that allows any comparison operation to be applied on encrypted data, without first decrypting the operands. The encryption scheme of the invention allows equality and range queries as well as the aggregation operations of MAX, MIN, and COUNT. The GROUPBY and ORDERBY operations can also be directly applied. Query results produced using the invention are sound and complete, the invention is robust against cryptanalysis, and its security strictly relies on the choice of a private key. Order-preserving encryption allows standard database indexes to be built over encrypted tables. The invention can easily be integrated with existing systems.