Deciding Data Privacy for ALC Knowledge Bases

Conclusions 65 Bibliography 67 5 Introduction In information systems, data privacy refers to the confidentiality of certain information that might be stored in the system. systems are often required to share part of their data with third-parties. This can be realized, for instance, through direct access to the systems or through reports that are provided at a future time. Privacy concerns arise when, at the same time, a system is also required to keep certain sensitive information confidential. For this purpose, confidentiality verifications ought to be provided. Such verifications would assure that all shared data preserve the privacy of the confidential information and so, there is no leakage of it. The problem of providing such verifications is called the data privacy problem. This is an active topic that has appeared recently in the literature and is of wide interest. In fact, there is not just one data privacy problem but rather a family of problems each of which serves certain privacy concerns. For instance, perfect privacy [MS04] is concerned with the problem of verifying that the possibility of guessing the confidential information is not influenced at all by the shared data. Other privacy related issues are discussed in a separated section. In this thesis, we examine the privacy problem of inferring accurately the confidential information. That is to say, given the shared data, decide whether one can be certain about the validity of the confidential information. This notion of privacy, the so-called provable data privacy is defined on the notion of certain answers, a notion that stem out from the study of incomplete databases [vdM98] and is now widely used in the context of data integration [CCGL02, Hal01] and data exchange [AL05, FKMP05]. Provable data privacy has initially been introduced in [SS05] from the perspective of relational database systems. There, it was shown that, when conjunctive queries are considered, provable data privacy can be decided in PTime. In this thesis, we present a general definition of this problem that applies to arbitrary systems. In order to agree on terminology, the minimum requirements of a system are first described. The data of a system is stored in the repository (e.g. a database) and 7 8 INTRODUCTION there is an interface for accessing the repository via queries. A set of queries is called a view definition D V. When the queries are issued (i.e. they are all evaluated on the same repository) …