DOCSLIB.ORG

Djoin: Differentially Private Join Queries Over Distributed Databases

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Djoin: Differentially Private Join Queries Over Distributed Databases DJoin: Differentially Private Join Queries over Distributed Databases Arjun Narayan Andreas Haeberlen University of Pennsylvania University of Pennsylvania Abstract sult of others, it is possible to give a strong upper bound on how much an adversary could learn about an individ- In this paper, we study the problem of answering queries ual person’s data, even under worst-case assumptions. about private data that is spread across multiple different Several differentially private query processors, includ- databases. For instance, a medical researcher may want ing PINQ [23], Airavat [32], Fuzz [16], and PDDP [6], to study a possible correlation between travel patterns have been developed and are available today. and certain types of illnesses. The necessary informa- However, existing query processors assume either tion exists today – e.g., in airline reservation systems that all the data is available in a single database [16, 23, and hospital records – but it is maintained by two sepa- 32] or that distributed queries can be broken into sev- rate companies who are prevented by law from sharing eral subqueries that can each be answered using only this information with each other, or with a third party. one of the databases [6, 10, 15, 31]. In practice, this is This separation prevents the processing of such queries, not necessarily the case. For instance, suppose a medical even if the final answer, e.g., a correlation coefficient, researcher wanted to study how a certain illness is cor- would be safe to release. related with travel to a particular region. This data may We present DJoin, a system that can process such dis- be available, e.g., in a hospital database H and an airline tributed queries and can give strong differential privacy reservation system R, but to determine the correlation, guarantees on the result. DJoin can support many SQL- it is necessary to join the two databases together – for style queries, including joins of databases maintained by instance, we must count the individuals who have been different entities, as long as they can be expressed using treated for the illness (according to H) and have traveled DJoin’s two novel primitives: BN-PSI-CA, a differen- to the region (according to R). tially private form of private set intersection cardinal- We are not aware of any existing method or query ity, and DCR, a multi-party combination operator that processor that can efficiently support join queries with can aggregate noised cardinalities without compounding differential privacy guarantees. Joins cannot be bro- the individual noise terms. Our experimental evaluation ken into smaller subqueries on individual databases be- shows that DJoin can process realistic queries at prac- cause, in order to match up the same persons’ data tical timescales: simple queries on three databases with in the two databases, such queries would have to ask 15,000 rows each take between 1 and 7.5 hours. about individual rows, which is exactly what differen- tial privacy is designed to prevent. In principle, one 1 Introduction could process joins using secure multi-party computa- tion (MPC) [38], but MPC is only practical for small A vast amount of information is constantly accumu- computational tasks, and differential privacy only works lating in databases (social networks, hospital records, well for large databases. The cost of an entire join under airline reservation systems, etc.) all around the world. MPC would be truly spectacular. There are many good uses to which this data could po- DJoin, the system we present in this paper, is a so- tentially be put; however, much of this data is sensitive lution to this problem. DJoin can support SQL-style and cannot safely be released because of privacy con- queries across multiple databases, including common cerns. Simple solutions, such as anonymizing or aggre- forms of joins. The key insight behind DJoin is that the gating the data before release, are not reliable; experi- distributed parts of many queries can be expressed as ence with cases like the Netflix prize [3] or the AOL intersections of sets or multisets. For instance, we can search data [2] shows that such data can sometimes be rewrite the query from above to locally select all patients de-anonymized with auxiliary information [26]. with the illness from H and all travelers to the relevant Differential privacy [7] has been proposed as a way to region from R, then intersect the resulting sets, and fi- solve this problem. By disallowing certain queries, and nally count the number of elements in the intersection. by adding a carefully chosen amount of noise to the re- Not all SQL queries can be rewritten in this way, but 1 USENIX Association 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI ’12) 149 many counting queries can: conjunctions and disjunc- tacker can learn about any individual, even with access tions of equality tests directly correspond to unions and to auxiliary information. intersections of data elements. As we will show, a num- Differentially private query processors: PINQ [23], ber of additional operations, such as inequalities and nu- Airavat [32], and Fuzz [16] are query processors that meric comparisons, can be expressed in terms of multi- support differential privacy, but they assume a central- set operations. ized setting in which a single entity has access to the en- Protocols for private set operations have been stud- tire data. We are aware of five solutions for distributed ied by cryptographers for some time [14, 17, 37], but settings [6, 10, 15, 31, 33], but these assume that the data existing solutions compute exact set elements or exact is horizontally partitioned (i.e., each individual’s data is cardinalities, which is not compatible with differential completely contained in one of the databases), and that privacy. We present blinded, noised private set inter- the query can be factored into subqueries that are each section cardinality (BN-PSI-CA), an extension of the local to a single database. For instance, [10] computes set-intersection protocol from [17] that supports private queries of the form ∑i f (di), i.e., the sum over all rows i noising, as well as denoise-combine-renoise (DCR), an in the database after applying a function f to each row. operator that can add or subtract multiple noised sub- DJoin’s data model is more general: multiple databases set cardinalities without compounding the correspond- may contain data for a given individual, and queries ing noise terms. DCR relies on MPC to remove the noise can contain joins. We note that some of the other sys- terms on its inputs and to re-noise the output, but DCR’s tems have far more sophisticated query languages, but complexity grows with the number of parties and not we speculate that DJoin’s rewriting and execution en- with the number of elements in the sets. For the queries gine could be integrated with existing systems, e.g., with we tried, this step never took more than 20 seconds. PINQ or Fuzz. We have implemented and evaluated a prototype of Private set operations: The first protocols for private DJoin. Our results show that the costs are substantial but two-party set intersection and set intersection cardinal- typically feasible. For instance, the elements in a sim- ity were proposed by Freedman et al. [14]. Since then, ple two-way join on databases with 32,000 rows each a number of improvements have been proposed; for in- can be evaluated in about 1.8 hours, with 83 MB of stance, Kissner and Song [17] extended the protocols to traffic, using a single commodity workstation for each multiple parties, and Vaidya and Clifton [37] reduced database. This is orders of magnitude faster than gen- the computational overhead. These protocols produce eral MPC. DJoin’s cost is too high for interactive use, exact results, and are thus not directly suitable for dif- but it seems practical for applications that can tolerate a ferential privacy. There are specialized protocols for certain amount of latency, such as research studies. Our other private multi-party operations, e.g., for decision- algorithms are easy to parallelize, so the speed could be tree learning [29], and some of these have been adapted improved by increasing the number of cores. for differential privacy, e.g., [39]. To summarize, this paper makes the following four Computational differential privacy: The standard def- contributions: inition of differential privacy is information-theoretic, i.e., it holds even against a computationally unbounded two new primitives, BN-PSI-CA and DCR, for dis- • adversary. In contrast, DJoin provides computational tributed private query processing (Section 4); differential privacy [25]: it relies on a homomorphic a query planner that rewrites SQL-style queries to • cryptosystem and thus depends on certain computa- take advantage of those two primitives (Section 5); tional hardness assumptions. Mironov et al. [25] demon- the design of DJoin, an engine for distributed, dif- strated a protocol for this model that privately approxi- • ferentially private queries (Section 6); and mates the Hamming distance between two vectors in a an experimental evaluation of DJoin, based on a two-party setting. This problem is closely related to that • prototype implementation (Section 7). of computing the cardinality of set intersections, which is solved by BN-PSI-CA. Untrusted servers: Several existing systems enable 2 Related work clients to use an untrusted server without exposing DJoin provides differential privacy [7, 8, 9, 11], which private information to that server. In SUNDR [19], is one of the strongest privacy guarantees that have been SPORC [13], and Depot [22], the server provides stor- proposed so far. Alternatives include randomization [1], age; in CryptDB [30], it implements a database and k-anonymity [34], and l-diversity [21], which are gener- SQL-style queries.
Load more

Recommended publications
  • SAQE: Practical Privacy-Preserving Approximate Query Processing for Data Federations
    SAQE: Practical Privacy-Preserving Approximate Query Processing for Data Federations Johes Bater Yongjoo Park Xi He Northwestern University University of Illinois (UIUC) University of Waterloo [email protected] [email protected] [email protected] Xiao Wang Jennie Rogers Northwestern University Northwestern University [email protected] [email protected] ABSTRACT 1. INTRODUCTION A private data federation enables clients to query the union of data Querying the union of multiple private data stores is challeng- from multiple data providers without revealing any extra private ing due to the need to compute over the combined datasets without information to the client or any other data providers. Unfortu- data providers disclosing their secret query inputs to anyone. Here, nately, this strong end-to-end privacy guarantee requires crypto- a client issues a query against the union of these private records graphic protocols that incur a significant performance overhead as and he or she receives the output of their query over this shared high as 1,000× compared to executing the same query in the clear. data. Presently, systems of this kind use a trusted third party to se- As a result, private data federations are impractical for common curely query the union of multiple private datastores. For example, database workloads. This gap reveals the following key challenge some large hospitals in the Chicago area offer services for a cer- in a private data federation: offering significantly fast and accurate tain percentage of the residents; if we can query the union of these query answers without compromising strong end-to-end privacy. databases, it may serve as invaluable resources for accurate diag- To address this challenge, we propose SAQE, the Secure Ap- nosis, informed immunization, timely epidemic control, and so on.
    [Show full text]
  • WIN: an Efficient Data Placement Strategy for Parallel XML Databases
    WIN : An Efficient Data Placement Strategy for Parallel XML Databases Nan Tang† Guoren Wang‡ Jeffrey Xu Yu† Kam-Fai Wong† Ge Yu‡ † Department of SE & EM, The Chinese University of Hong Kong, Hong Kong, China ‡ College of Information Science and Engineering, Northeastern University, Shenyang, China {ntang, yu, kfwong}se.cuhk.edu.hk {wanggr, yuge}@mail.neu.edu.cn Abstract graph-based. Distinct from them, XML employs a tree struc- The basic idea behind parallel database systems is to ture. Conventional data placement strategies in perform operations in parallel to reduce the response RDBMSs and OODBMSs cannot serve XML data well. time and improve the system throughput. Data place- Semistructured data involve nested structures; there ment is a key factor on the overall performance of are much intricacy and redundancy when represent- parallel systems. XML is semistructured data, tradi- ing XML as relations. Data placement strategies in tional data placement strategies cannot serve it well. RDBMSs cannot, therefore, well solve the data place- In this paper, we present the concept of intermediary ment problem of XML data. Although graph partition node INode, and propose a novel workload-aware data algorithms in OODBMSs can be applied to tree parti- placement WIN to effectively decluster XML data, to tion problems, the key relationships between tree nodes obtain high intra query parallelism. The extensive ex- such as ancestor-descendant or sibling cannot be clearly periments show that the speedup and scaleup perfor- denoted on graph. Hence data placement strategies mance of WIN outperforms the previous strategies. for OODBMSs cannot well adapt to XML data either.
    [Show full text]
  • Tepzz¥ 67¥¥Za T
    (19) TZZ¥ ¥¥Z_T (11) EP 3 267 330 A1 (12) EUROPEAN PATENT APPLICATION (43) Date of publication: (51) Int Cl.: 10.01.2018 Bulletin 2018/02 G06F 17/30 (2006.01) (21) Application number: 16187202.3 (22) Date of filing: 05.09.2016 (84) Designated Contracting States: (72) Inventors: AL AT BE BG CH CY CZ DE DK EE ES FI FR GB • Abolhassani, Neda GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO Athens, GA Georgia 30605 (US) PL PT RO RS SE SI SK SM TR • Sheausan Tung, Teresa Designated Extension States: San Jose, CA California 95120 (US) BA ME • Gomadam, Karthik Designated Validation States: San Jose, CA California 95112 (US) MA MD (74) Representative: Müller-Boré & Partner (30) Priority: 07.07.2016 US 201662359547 P Patentanwälte PartG mbB 03.08.2016 US 201615227605 Friedenheimer Brücke 21 80639 München (DE) (71) Applicant: Accenture Global Solutions Limited Dublin 4 (IE) (54) QUERY REWRITING IN A RELATIONAL DATA HARMONIZATION FRAMEWORK (57) A query rewriting processor (processor) analyz- an SQL query). The processor may then pass the rela- es database semantic models (e.g., RDF knowledge tional database query to another system or process (e.g., graphs) that capture the interconnections (e.g., foreign a data virtualization layer) for execution against the indi- and primary key links to other tables) present in a rela- vidual relational databases. In this manner, the processor tional database. The processor generates an enriched automatically translates queries for information about the model query given an initial model query (e.g., a SPARQL relational database structure to a corresponding or query) against the semantic model.
    [Show full text]
  • Conjunctive Query Answering in the Description Logic EL Using a Relational Database System
    Conjunctive Query Answering in the Description Logic EL Using a Relational Database System Carsten Lutz - Universität Bremen, Germany David Toman - University of Waterloo, Canada FrankWolter - University of Liverpool, UK Presented By : Jasmeet Jagdev Background • One of the main application of ontologies is data access • Ontologies formalize conceptual information about the data • Calvanese et al. have argued, true scalability of CQ answering over DL ontologies can only be achieved by making use of RDBMSs • Not straight forward ! Background • RDBMSs are unaware of Tboxes (the DL mechanism for storing conceptual information) and adopt the closed-world semantics • In contrast, ABoxes (the DL mechanism for storing data) and the associated ontologies employ the open-world semantics Introduction • Approach for using RDBMSs for CQ answering over DL ontologies • We apply it to an extension of EL family of DLs • Widely used as ontology languages for large scale bio-medical ontologies such as SNOMED CT and NCI Introduction • EL allows – Concept Intersection – Existential restrictions dr • ELH⊥ = EL + bottom concept, role inclusions, and domain and range restrictions Main Idea • To incorporate the consequences of the TBox T into the relational instance corresponding to the given ABox A • To introduce the idea of combined first-order (FO) rewritability • It is possibly only if: – A and T can be written into an FO structure – q and T into FO query q* Main Idea • Properties of this approach: – It applies to DLs for which data complexity of CQ dr answering
    [Show full text]
  • Query Rewriting Using Monolingual Statistical Machine Translation
    Query Rewriting using Monolingual Statistical Machine Translation Stefan Riezler∗ Yi Liu∗∗ Google Google Long queries often suffer from low recall in web search due to conjunctive term matching. The chances of matching words in relevant documents can be increased by rewriting query terms into new terms with similar statistical properties. We present a comparison of approaches that deploy user query logs to learn rewrites of query terms into terms from the document space. We show that the best results are achieved by adopting the perspective of bridging the “lexical chasm” between queries and documents by translating from a source language of user queries into a target language of web documents. We train a state-of-the-art statistical machine translation (SMT) model on query-snippet pairs from user query logs, and extract expansion terms from the query rewrites produced by the monolingual translation system. We show in an extrinsic evaluation in a real-world web search task that the combination of a query-to-snippet translation model with a query language model achieves improved contextual query expansion compared to a state-of-the-art query expansion model that is trained on the same query log data. 1. Introduction Information Retrieval (IR) applications have been notoriously resistant to improvement attempts by Natural Language Processing (NLP). With a few exceptions for specialized tasks1, the contribution of part-of-speech taggers, syntactic parsers, or ontologies of nouns or verbs, has been inconclusive. In this paper, instead of deploying NLP tools or ontologies, we apply NLP ideas to IR problems. In particular, we take a viewpoint that looks at the problem of the word mismatch between queries and documents in web search as a problem of translating from a source language of user queries into a target language of web documents.
    [Show full text]
  • On Using an Automatic, Autonomous and Non-Intrusive Approach for Rewriting SQL Queries
    Simpósio Brasileiro de Banco de Dados - SBBD 2013 Short Papers On Using an Automatic, Autonomous and Non-Intrusive Approach for Rewriting SQL Queries Arlino H. M. de Araújo1;2, José Maria Monteiro2, José Antônio F. de Macêdo2, Júlio A. Tavares3, Angelo Brayner3, Sérgio Lifschitz4 1 Federal University of Piauí, Brazil 2 Federal University of Ceará, Brazil {arlino,monteiro,jose.macedo}@lia.ufc.br 3 University of Fortaleza, Brazil [email protected] 4 Pontifical Catholic University of Rio de Janeiro [email protected] Abstract. Database applications have become very complex, dealing with a huge volume of data and database objects. Concurrently, low query response time and high transaction throughput have emerged as mandatory requirements to be ensured by database management systems (DBMSs). Among other possible interventions regarding database performance, SQL query rewriting has been shown quite efficient. The idea is to rewrite a new SQL statement equivalent to the statement initially formulated, where the new SQL statement provides performance gains w.r.t. query response time. In this paper, we propose an automatic and non-intrusive approach for rewriting SQL queries. The proposed approach has been implemented and its behavior was evaluated in three different DBMSs using TPC-H benchmark. The results show that the proposed approach is quite efficient and can be effectively considered by database professionals. Categories and Subject Descriptors: H.2 [Database Management]: Miscellaneous Keywords: Query processing, Database tuning, Query rewriting 1. INTRODUCTION Database queries are expressed by means of high-level declarative languages, such as SQL (Structured Query Language), for instance. Such queries are submitted to the query engine, which is responsible for processing queries in database mangement systems (DBMSs).
    [Show full text]
  • Towards Practical Privacy-Preserving Data Analytics by Noah Michael
    Towards Practical Privacy-Preserving Data Analytics by Noah Michael Johnson A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Engineering - Electrical Engineering and Computer Sciences in the Graduate Division of the University of California, Berkeley Committee in charge: Professor Dawn Song, Chair Professor David Wagner Professor Deirdre Mulligan Fall 2018 Towards Practical Privacy-Preserving Data Analytics Copyright 2018 by Noah Michael Johnson 1 Abstract Towards Practical Privacy-Preserving Data Analytics by Noah Michael Johnson Doctor of Philosophy in Engineering - Electrical Engineering and Computer Sciences University of California, Berkeley Professor Dawn Song, Chair Organizations are increasingly collecting sensitive information about individuals. Extracting value from this data requires providing analysts with flexible access, typically in the form of data- bases that support SQL queries. Unfortunately, allowing access to data has been a major cause of privacy breaches. Traditional approaches for data security cannot protect privacy of individuals while providing flexible access for analytics. This presents a difficult trade-off. Overly restrictive policies result in underutilization and data siloing, while insufficient restrictions can lead to privacy breaches and data leaks. Differential privacy is widely recognized by experts as the most rigorous theoretical solution to this problem. Differential privacy provides a formal guarantee of privacy for individuals while allowing general statistical analysis of the data. Despite extensive academic research, differential privacy has not been widely adopted in practice. Additional work is needed to address performance and usability issues that arise when applying differential privacy to real-world environments. In this dissertation we develop empirical and theoretical advances towards practical differential privacy.
    [Show full text]
  • Data Management 09 Transaction Processing
    1 SCIENCE PASSION TECHNOLOGY Data Management 09 Transaction Processing Matthias Boehm, Arnab Phani Graz University of Technology, Austria Computer Science and Biomedical Engineering Institute of Interactive Systems and Data Science BMK endowed chair for Data Management Last update: Dec 06, 2020 2 Announcements/Org . #1 Video Recording . Link in TeachCenter & TUbe (lectures will be public) . Due to second lockdown: webex recording . #2 Exercise Submissions . Exercise 1: grading done . Exercise 2: in process of being grading . Exercise 3: published on Dec 01, submit by Dec 22 11:59pm . Issues dataset (Nov 19) / expected results (Nov 16, Nov 26) . Two approaches of handling actors . Incorrect expected results 5 extra points INF.01017UF Data Management / 706.010 Databases – 09 Transaction Processing Matthias Boehm, Graz University of Technology, WS 2020/21 3 Transaction (TX) Processing User 2 User 1 User 3 read/write TXs #1 Multiple users Correctness? DBS DBMS #2 Various failures Deadlocks (TX, system, media) Constraint Reliability? violations DBs Network Crash/power failure Disk failure failure . Goal: Basic Understanding of Transaction Processing . Transaction processing from user perspective . Locking and concurrency control to ensure #1 correctness . Logging and recovery to ensure #2 reliability INF.01017UF Data Management / 706.010 Databases – 09 Transaction Processing Matthias Boehm, Graz University of Technology, WS 2020/21 4 Agenda . Overview Transaction Processing . Locking and Concurrency Control . Logging and Recovery . Exercise
    [Show full text]
  • Distributed Complex Event Processing with Query Rewriting
    Distributed Complex Event Processing with Query Rewriting Nicholas Poul Matteo Migliavacca Peter Pietzuch Schultz-Møller Department of Computing Department of Computing Department of Computing Imperial College London Imperial College London Imperial College London United Kingdom United Kingdom United Kingdom [email protected] [email protected] [email protected] ABSTRACT is first stored and indexed and only queried afterwards. The nature of data in enterprises and on the Internet is In contrast, complex event processing (CEP) systems re- changing. Data used to be stored in a database first and gard new data (or updates to existing data) as a stream of queried later. Today timely processing of new data, repre- events [19]. Users can specify queries as high-level patterns sented as events, is increasingly valuable. In many domains, of events. The CEP system detects complex events matching complex event processing (CEP) systems detect patterns of these queries and notifies clients of matches in soft real-time. events for decision making. Examples include processing of For example, a credit card processing company may monitor environmental sensor data, trades in financial markets and fraudulent credit card use by specifying patterns that detect RSS web feeds. Unlike conventional database systems, most concurrent transactions caused by the same credit card at current CEP systems pay little attention to query optimi- geographically distant locations. sation. They do not rewrite queries to more efficient rep- Detecting complex patterns in high-rate event streams re- resentations or make decisions about operator distribution, quires substantial CPU resources. To make a CEP system limiting their overall scalability.
    [Show full text]
  • Probabilistic Query Rewriting for Efficient and Effective Keyword
    Probabilistic Query Rewriting for Efficient and Effective Keyword Search on Graph Data Lei Zhang Thanh Tran Achim Rettinger Karlsruhe Institute of Karlsruhe Institute of Karlsruhe Institute of Technology Technology Technology 76128 Karlsruhe, Germany 76128 Karlsruhe, Germany 76128 Karlsruhe, Germany [email protected] [email protected] [email protected] ABSTRACT connecting them, which represent final answers covering all The problem of rewriting keyword search queries on graph query keywords. The space of possible subgraphs is gener- data has been studied recently, where the main goal is to ally exponential in the number of query keywords. Through clean user queries by rewriting keywords as valid tokens ap- grouping keywords into larger meaningful units (called seg- pearing in the data and grouping them into meaningful seg- ments), the number of keywords to be processed and the ments. The main solution to this problem employs heuris- corresponding search space is reduced. tics for ranking query rewrites and a dynamic programming The two main tasks involved in query cleaning (henceforth algorithm for computing them. Based on a broader set of also called query rewriting) are token rewriting, where query queries defined by an existing benchmark, we show that the keywords are rewritten as tokens appearing in the data, and use of these heuristics does not yield good results. We pro- query segmentation, where tokens are grouped together as pose a novel probabilistic framework, which enables the op- segments representing compound keywords. Query rewrit- timality of a query rewrite to be estimated in a more princi- ing helps to improve not only the result quality but also the pled way.
    [Show full text]
  • First-Order Query Rewriting for Inconsistent Databases
    First-Order Query Rewriting for Inconsistent Databases Ariel D. Fuxman and Ren´ee J. Miller Department of Computer Science University of Toronto {afuxman, miller}@cs.toronto.edu Abstract. We consider the problem of retrieving consistent answers over databases that might be inconsistent with respect to some given integrity constraints. In particular, we concentrate on sets of constraints that consist of key dependencies. Most of the existing work has focused on identifying intractable cases of this problem. In contrast, in this paper we give an algorithm that computes the consistent answers for a large and practical class of conjunctive queries. Given a query q, the algorithm returns a first-order query Q (called a query rewriting) such that for ev- ery (potentially inconsistent) database I, the consistent answers for q can be obtained by evaluating Q directly on I. 1 Introduction Consistent query answering is the problem of retrieving “consistent” answers over databases that might be inconsistent with respect to some given integrity constraints. Applications that have motivated the study of this problem include data integration and data exchange. In data integration, the goal is to provide “a uniform interface to multiple autonomous data sources” [Hal01]. In data ex- change, “data structured under one (source) schema must be restructured and translated into an instance of a different (target) schema” [FKMP03]. In both contexts, it is often the case that the source data does not satisfy the integrity constraints of the global or target schema. The traditional approach to deal with this situation involves “cleaning” the source instance in order to remove data that violates the target constraints.
    [Show full text]
  • A Comparison of Query Rewriting Techniques for DL-Lite
    A Comparison of Query Rewriting Techniques for DL-Lite H´ector P´erez-Urbina, Boris Motik, and Ian Horrocks Oxford University Computing Laboratory Oxford, England {hector.perez-urbina,boris.motik,ian.horrocks}@comlab.ox.ac.uk 1 Introduction An incomplete database is defined by a set of constraints and a partial database instance [1]. Answering conjunctive queries over incomplete databases is an im- portant computational task that lies at the core of many problems, such as in- formation integration [12], data exchange [9], and data warehousing [17]. Given a query and an incomplete database, the task is to compute the so-called certain answers—the tuples that satisfy the query in every database instance that con- forms to the partial instance and satisfies the constraints [16]. It is well known that answering queries under general constraints is undecidable; therefore, the expressivity of the constraint languages considered is typically restricted in order to achieve decidability. Description Logics (DLs) [3] can be viewed as very expressive but decidable first-order fragments, which makes them natural candidates for constraint lan- guages. DLs are a family of knowledge representation formalisms that represent a given domain in terms of concepts (unary predicates), roles (binary predicates), and individuals (constants). A DL Knowledge Base (KB) K = hT , Ai consists of a terminological component T called the TBox, and an assertional compo- nent A called the ABox. In analogy to incomplete databases, the TBox can be seen as a conceptual schema containing the set of constraints, and the ABox as some partial instance of the schema. The use of DLs as constraint languages has already proven to be useful in a variety of scenarios such as ontology-based information integration [7] and the Semantic Web [10].
    [Show full text]