The problem of data privacy is to verify that confidential information stored in an information system is not provided to unauthorized users and, therefore, personal and other sensitive data remain private. The main challenge in such a context is to share some data while protecting other personally identifiable information. The aim of our project is to develop formal methods and the corresponding algorithms to enable automated reasoning about data privacy. Data stored in a relational database or knowledge base system usually is protected from unauthorized access. Users of such a system are then only allowed to access a limited portion of the stored information. In this situation the following important questions arise:
- What can a user infer from the information to which he has access?
- Can we guarantee that a user cannot obtain knowledge about certain sensitive information?
- Is it possible to grant a user information access in such a way that she is able to fulfil her duties without letting her know secret information?