We may want to keep sensitive information in a relational database hidden from a user or group thereof. We characterize sensitive data as the extensions of secrecy views. The database, before returning the answers to a query posed by a restricted user, is updated to make the secrecy views empty or a single tuple with null values. Then, a query about any of those views returns no meaningful information. Since the database is not supposed to be physically changed for this purpose, the updates are only virtual, and also minimal. Minimality makes sure that query answers, while being privacy preserving, are also maximally informative. The virtual updates are based on null values as used in the SQL standard. We provide the semantics of secrecy views, virtual updates, and secret answers (SAs) to queries. The different instances resulting from the virtually updates are specified as the models of a logic program with stable model semantics, which becomes the basis for computation of the SAs.

Additional Metadata
Keywords answer set programs, Data privacy, database repairs, null values, query answering, view updates, views
Persistent URL dx.doi.org/10.1109/TKDE.2012.86
Journal IEEE Transactions on Knowledge and Data Engineering
Bertossi, L, & Li, L. (Lechen). (2013). Achieving data privacy through secrecy views and null-based virtual updates. IEEE Transactions on Knowledge and Data Engineering, 25(5), 987–1000. doi:10.1109/TKDE.2012.86