Evaluation of Interactive Query Optimization Interfaces

There are two concerns that could hamper the widespread adoption use of PASQL. First, users would have to learn the syntax and semantics of PASQL in addition to SQL. Incurring such a burden detracts from the usability of our proposed approach and its practical ability to protect user privacy. Second, users would need to anticipate possible intensional leaks that could violate their privacy. To address both of these concerns, a more user-friendly approach to specify (I, A)-privacy concerns is needed.

Towards this ends, we have developed an interactive approach to query optimization that allows users to ensure that the intension of their queries is protected by (I, A)-privacy without the need to learn PASQL. Our general approach to interactive query optimization is illustrated in Figure22. To begin the interactive query optimization process, users simply issue their queries in SQL to a interactive query optimization client. This client will then proceed to optimize the user’s query and produce a plan to evaluate that query. Before passing this plan off for evaluation, however, the client will present a representation of that plan to the user. This allows users to directly see how the intension of their queries will be disseminated during the evaluation of the displayed query plan. In response to this information, users can inform the client of what portions of the generated query plan are unacceptable (i.e., users can identify portions of the query plan that they feel violate their privacy and ensure that the client will correct them before issuing the query plan to be evaluated). The client will then take this collection of user constraints and the originally specified query, produce a new query plan that does not violate the constraints, and present this

SELECT * FROM Plants, Supplies, Polluted_Waters, Waterway_Maps WHERE Supplies.type = 'solvent'

AND Supplies.name = Polluted_Waters.pollutant AND Plants.id = Supplies.plant_id AND Polluted_Waters.name = Waterway_Maps.name AND Waterway_Maps.location = Plants.location;

?

?

Figure 22: An overview of our proposed interactive optimization process.

new query plan to the user for review. This interactive process will continue until an acceptable query plan is produced (i.e., the user does not feel it violates her privacy). Once such an acceptable query plan is generated, the client will issue this plan to all of the remote sites needed to evaluate it and return the result to the user.

Currently, we have developed two different client applications for performing interactive query optimization [61]. Both of these clients take user feedback and generate PASQL constraints ac- cordingly. These constraints are then attached to the original SQL query and passed to PAQO for optimization. Each of the two clients then takes a different approach to presenting the plan to the user. The two main graphical user interfaces presented by these clients are show in Fig- ures23and24.

Figure 23presents our query view approach to interactive query optimization. After a query plan is produced, the user is presented with an interactive version of their original query. The user can highlight any portion of the query and be shown what site (or sites) is assigned to evaluate oper- ations on involving that portion of the query. Specifically, Figure23shows a user highlighting the

relational attribute Supplies.name while the client indicates that only Pollution Watch’s server is assigned to evaluate any operation on that attribute in the current plan. Similarly, if a user were to highlight a server in the system, the client would be shown what portions of the query that server is assigned to evaluate.

Our second client interface, the hierarchical view interface is shown in Figure 24. With this interface, users are presented with lists of all of the servers in the system and and all of the parame- ters (e.g., attribute names, selection conditions, join conditions) of the query. Users can either start by selecting a server or a parameter, and be shown either a list of all of the parameters operated on by that server, or all of the servers that evaluate an operation on that parameter. Selecting both a server and parameter will present the user with the list of operations in the current query plan that operate on the selected parameter at the selected site. In Figure 24, for example, the user has selected the Mapper server from the “Sites” hierarchy, and the location attribute of the plantstable from the “Parameters” hierarchy. In response to this, the client displays the only operation node form the current plan that operates on the location attribute of the plants table, and is evaluated by the Mapper server (far right). If the user changed the selection under the “Sites” hierarchy to be the Pollution Watch server, the entire parameters hierarchy would update to reflect all of the relations and attributes evaluated at the Pollution Watch server, and the “Query Plan Nodes” pane would be blank until the user selected an item from the “Parameters” hierarchy.

Both of these interfaces further assist users in crafting constraints in response to their viewing of the current query plan. Figures25and26present the dialogues for constraints creation for the query view and hierarchical view interfaces (respectively). After specifying new constraints to be applied to their query, the user can instruct either interface to produce a new query plan. After applying PASQL constraints to the user’s query and having PAQO reoptimize the query with the new constraints, the interfaces not only present the new query plan to the user, but further highlight the differences between the previous and current query plans (as shown in Figure27).

While these interfaces represent a represent a very strong first step towards ensuring the us- ability of (I, A)-privacy, we currently have no evaluation to verify their usability. As the subject of ongoing work, feedback from demonstrating these interfaces will be used to drive a future user study to evaluate the usability that they provide.