Provenance views for module privacy

Susan B. Davidson, Sanjeev Khanna, Tova Milo, Debmalya Panigrahi, Sudeepa Roy

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


Scientific workflow systems increasingly store provenance information about the module executions used to produce a data item, as well as the parameter settings and intermediate data items passed between module executions. However, authors/owners of workflows may wish to keep some of this information confidential. In particular, a module may be proprietary, and users should not be able to infer its behavior by seeing mappings between all data inputs and outputs. The problem we address in this paper is the following: Given a workflow, abstractly modeled by a relation R, a privacy requirement Γ and costs associated with data. The owner of the workflow decides which data (attributes) to hide, and provides the user with a view R' which is the projection of R over attributes which have not been hidden. The goal is to minimize the cost of hidden data while guaranteeing that individual modules are Γ-private. We call this the Secure-View problem. We formally define the problem, study its complexity, and offer algorithmic solutions.

Original languageEnglish
Title of host publicationPODS'11 - Proceedings of the 30th Symposium on Principles of Database Systems
Number of pages12
StatePublished - 2011
Event30th Symposium on Principles of Database Systems, PODS'11 - Athens, Greece
Duration: 13 May 201115 May 2011

Publication series

NameProceedings of the ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems


Conference30th Symposium on Principles of Database Systems, PODS'11


  • Approximation
  • Privacy
  • Provenance
  • Workflows


Dive into the research topics of 'Provenance views for module privacy'. Together they form a unique fingerprint.

Cite this