A Privacy Preserving Database Management System (PP-DBMS) provides the core functions expected of any DBMS while guaranteeing data provided by a supplier is only used for its intended purpose. This research program will develop a DBMS that includes privacy as a core feature rather than as an "add-on" to an existing non-privacy aware DBMS. The goal is to develop a system where data providers supply information with explicit privacy requirements, possibly different requirements for different kinds of data, while the DBMS itself can collect the data at any level but only use it in concordance with the privacy specified by the provider. Thus, the data provider's privacy is preserved by the PP-DBMS.

An open challenge to the work in privacy is the high degree of variability in what people consider "private information." There are a number of legislative and andecotal definitions currently used the literature but none of them fully capture the full nuance of "privacy." A key foundation of our work is a comprehensive definiton that does not get trapped in what individuals consider "private" but rather defines key privacy concepts abstractly so they can be applied to a number of different systems and research programs. Additonal information about this definition and a link to the paper is avaiable here.

Once the privacy model is developed and demonstrated to be correct and complete, the approach is to take an existing DBMS, probably open source, and add these privacy features by wrapping an existing DBMS with them. This will not require changes to the DBMS engine itself and will provide insights into how to add privacy retroactively to legacy systems. Based on the lessons learned from this extension, the model will be incorporated directly into an open source DBMS engine to create a privacy-preservation that is native in that all features are implemented within the enginer itself. Thus, the native PP-DBMS will incorporate the privacy model in all components of a DBMS engine including the user interface, query processor, and transaction manager. This will ultimately lead to a system that can provide stronger security and provide users with increased privacy protection.

If you interested in this aspect of our work and believe you are qualified to join our group, I encourage you to contact me about your interests and indicate what you feel will be able to bring to the research agenda. The details of the application process can be reached from out Departmental Web Page (www.cpsc.ucalgary.ca) by following the link to "Graduate Studies". Please be sure to indicate me as a potential supervisor in your application or I will not see your application in the review process.