Application specific Anonymization and Privacy – Preserving Access Control Mechanism for Relational data

Abstract
Access Control Mechanisms (ACM) are used to ensure that only authorized information is available to users. However, sensitive information can still be misused by authorized users to compromise the privacy of consumers. The concept of privacy-preservation for sensitive data can require the enforcement of privacy policies or the protection against identity disclosure by satisfying some privacy requirements. Anonymity techniques can be used with an access control mechanism to ensure both security and privacy of the sensitive information. The privacy is achieved at the cost of accuracy and imprecision is introduced in the authorized information under an access control policy. The proposed system is an integrated framework of achieving both privacy and security is proposed though the integration of Access Control Mechanism with Privacy Preservation Technique to prevent the authorized user from misusing the sensitive information with some accuracy loss of data due to the application of privacy preserving technique. The access control policies define selection predicates available to roles while the privacy requirement is to satisfy the k-anonymity or l-diversity. An additional constraint that needs to be satisfied by the PPM is the imprecision bound for each selection predicate. The proposed system applies the application specific anonymization.
INDEX DREAMS:Access control, privacy, k-anonymity, query evaluation, application specific anonymization .
INTRODUCTION
AS organizations increase their adoption of database systems as the key data management technology for day-to-day operations and decision making, the security of data managed by these systems becomes crucial. Damage and misuse of data affect not only a single user or application, but may have disastrous consequences on the entire organization. The recent rapid proliferation of Web based applications and information systems have further increased the risk exposure of databases and, thus, data protection is today more crucial than ever. It is also important to appreciate that data needs to be protected not only from external threats, but also from insider threats, the proposed system uses the concept of imprecision bound for each permission to define a threshold on the amount of imprecision that can be tolerated. Existing workload aware Anonymization techniques. In this proposed system the focus is on a static relational table that is anonymized only once. To exemplify the proposed approach, role-based access control is assumed. However, the concept of accuracy constraints for permissions can be applied to any privacy-preserving security policy, e.g., discretionary access control. Organizations collect and analyze consumer data to improve their services. Access Control Mechanisms (ACM) are used to ensure that only authorized information is available to users. However, sensitive information can still be misused by authorized users to compromise the privacy of consumers. The concept of privacy-preservation for sensitive data can require the enforcement of privacy poli- cies or the protection against identity disclosure by satisfy- ing some privacy requirements [1]. In this paper, we investigate privacy-preservation from the anonymity aspect. The sensitive information, even after the removal of identifying attributes, is still susceptible to linking attacks by the authorized users [2]. This problem has been studied extensively in the area of micro data publishing [3] and pri- vacy definitions, e.g., k-anonymity [2],l-diversity [4], and variance diversity [5]. Anonymization algorithms use sup- pression and generalization of records to satisfy privacy requirements with minimal distortion of micro data.