Defesa de Qualificação de Doutorado: Francisco Daniel Bezerra de Souza Praciano
Data da publicação: 22 de outubro de 2025 Categoria: Notícias, Qualificação de Doutorado
Título: Purpose-Compliant and Privacy-Preserving Access Method
Data: 29/10/2025
Horário: 09h
Local: Online
Resumo:
In the modern landscape of data-driven environments, organizations that handle personal data need to comply with data protection requirements that emphasize ensuring data owners’ consent and
declared processing purposes. However, existing Database Management Systems (DBMS) rely mainly on traditional access control models, such as Role-Based Access Control (RBAC) or Fine-Grained Access Control (FGAC), that are insufficient to guarantee compliance with recent data protection regulations like the GDPR and LGPD. These regulations require that data processing not only restrict access but also ensure adherence to specific purposes and informed consent. In this work, we investigate the problem of ensuring purpose-compliant access while preserving privacy without information leakage. We propose two approaches: 1) Purpose Scan (PS), a novel access method that is introduced into the execution plan to enforce purpose-compliant access directly within the DBMS. In PS, every query must explicitly declare its processing purpose, and the DBMS, based on the Truman Model execution paradigm, uses this declared purpose to guide data retrieval. The PS access method ensures that only tuples whose data owners have provided consent for that specific purpose are accessed and returned, thereby embedding purpose and consent verification natively into query execution. This approach enables transparency, auditability, and regulatory compliance at the data layer without relying on query rewriting or external enforcement techniques; 2) Differential Purpose Scan (DPS), which incorporates Differential Privacy (DP) properties to prevent information leakage, such as attacks exploiting denial constraints to infer sensitive information from non-sensitive outputs. DPS replaces nullified cells due to opt-out decisions with synthetic values generated under formal DP guaranties, effectively preventing inference attacks without compromising the complete usefulness of the data. Preliminary experimental results performed on PostgreSQL implemented with Purpose Scan show that our approach outperforms a view-based
approach competitor and guarantees that no violations occur in the consents of the data owners and that regular queries are executed without added overhead.
Banca examinadora:
Prof. Dr. Javam de Castro Machado (MDCC/UFC) – Orientador
Prof. Dr. Angelo Roncalli Alencar Brayner (MDCC/UFC)
Prof. Dr. José Maria da Silva Monteiro Filho (MDCC/UFC)
