This proposal investigates privacy-aware, efficient management of relational data with a star schema. In particular, we consider denormalized, non-aggregated databases containing personal data. Further, we assume a database model where many dimension tables are linked with a large fact table via surrogate keys. Typically, such databases process read operations very frequently, insert- and delete operations must be executed from time to time, but update operations on existing tuples are infrequently processed. We focus on this scenario for three reasons: Firstly, the star schema is a classical database model that is used by numerous recent applications storing personal data, e.g., for data warehousing and mining, to manage transaction histories of customers in an ERP system, or to annotate digital objects with social software approaches like Folksonomies. Secondly, it is particularly important to develop privacy approaches for relational databases with a star schema now, because there is a strong tendency to move such databases into the custody of third parties by using techniques like cloud computing or database-as-a-service. Thirdly, it is unclear how to protect the privacy of the individuals concerned by such databases. There exist privacy approaches for statistical databases, geospatial trajectories, set-valued databases or graph databases, e.g., anonymization approaches like Differential Privacy or architectures like Hippocratic Databases. Nevertheless, such approaches cannot be deployed readily for relational databases with a star schema. Our objective is to develop a privacy-aware database management system for relational data with a star schema (RDSS) that handles queries, insert- and delete operations efficiently. Thus, every user should be able to know and to determine who is able to access which personal values relating to the user. For this purpose, we want to create privacy methods for RDSS that (1) conceal the relation of the data to the individual concerned, or (2) restrict the access to sensitive data. In this context, we want to design system architectures, algorithms, database models and attacker models. Thus, we strive for a holistic approach that takes into account that privacy challenges might arise from many aspects of storing, transferring and processing personal data in RDSS.

DFG Programme Research Grants