Enforcement of Purpose Based Access Control within Relational Database Management Systems

Privacy is becoming a key requirement for ICT applications that handle personal data. However, Database Management Systems (DBMSs), which are devoted to data collection and processing by definition, still do not provide the proper support for privacy policies. Policies are enforced by ad-hoc programmed software modules that complement DBMS access control services. This practice is time consuming, error prone, and neither general nor scalable. This work does a first step to overcome these limits. We propose a systematic approach to the automatic development of a monitor that regulates the execution of SQL queries based on purpose based privacy policies. The proposed solution does not require programming, it is general, platform independent and usable with most of the existing relational DBMSs.