Statistical Disclosure Limitation

Cox, Lawrence H.

doi:10.1002/0471667196.ess1166

Cited by 7 publications

(11 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the previous example, the attribute SALARY is called the response variable of the sum-query Q and the "where"-clause specifies the category of interest. Given an instance D of the SDB containing the relation R of name Personnel, the category specified by the "where"-clause of Q determines a subset of R, called the query-set of Q, and the sum of the values of the attribute SALARY over the query-set of Q is the value of Q on D. If SALARY is a confidential attribute, then answering Q (and, more in general, answering a statistical query whose response variable is a confidential attribute) raises concerns on the compromise of individual privacy since releasing the value of Q could lead to the ("exact" or "approximate") disclosure of the value of SALARY for some element of the query-set of Q [8,9,26,27]. Such a sum-query, which risks the confidentiality of the response variable and, hence, the security of the SDB, is called intrusive and the category S specified by its "where"-clause is said to be sensitive in D.…”

Section: Qmentioning

confidence: 99%

“…Typically, for a fixed positive integer k, S is sensitive if the number of tuples in R that fall in S are less than k (exact disclosure) or there are k or fewer tuples in R that give a dominant contribution to the value of Q (approximate disclosure) [8,9,26,27]. …”

Section: Qmentioning

confidence: 99%

“…Two of the authors [17] proved that the same holds for an arbitrary graph. The point is how to get a nonnegative solution of system (9). Of course, the query system can get the true solution from the summary table, which requires O(|Ω|) time.…”

Section: Graphical Modelmentioning

confidence: 99%

“…We shall show that, more in general, in a graphical information model the problem of finding the feasibility range for an arbitrary sum of variables can be solved using a strongly polynomial algorithm. Suppose that, given a subset J of {1, …, m}, one wants to compute the tightest lower bound or the tightest upper bound on the sum of variables ∑ j∈J x j over the set of nonnegative solutions of system (9). They can be obtained by solving the linear-programming problem minimize ∑ j=1,…,m c j x j (11) subject to G x = w, x ≥ 0 where each c j is set to the j-th component of the characteristic vector of J (for the tightest lower bound) or to its opposite (for the tightest upper bound).…”

Section: Graphical Modelmentioning

confidence: 99%

See 3 more Smart Citations

Auditing sum-queries to make a statistical database secure

Malvestuto

Mezzini

Moscarini

2006

ACM Trans. Inf. Syst. Secur.

View full text Add to dashboard Cite

Abstract. In response to queries asked to a statistical database, the query system should avoid releasing summary statistics that could lead to the disclosure of confidential individual data. Attacks to the security of a statistical database may be direct or indirect, and in order to repel them, the query system should audit queries by controlling the amount of information released by their responses. The paper focuses on sumqueries with a response variable of nonnegative real type and proposes a compact representation of answered sum-queries, called an information model in "normal form", which allows the query system to decide whether the value of a new sum-query can or cannot be safely answered. If it cannot, then the query system will issue the range of feasible values of the new sum-query consistent with previously answered sum-queries. Both the management of the information model and the answering procedure require solving linear-programming problems and, since standard linear-programming algorithms are not polynomially bounded (despite their good performances in practice), effective procedures that make a parsimonious use of them are stated for the general case. Moreover, in the special case that the information model is "graphical", then it is shown that the answering procedure can be implemented in polynomial time. 2 IntroductionA statistical database (SDB) [1] is an ordinary database that contains information on individuals (persons, households, companies, organisations etc.), but its users are allowed only to ask for summary statistics over groups of individuals, possibly for on-line analytic processing (OLAP) purposes. For example, consider an SDB containing a relation name Personnel with scheme {NAME, SSN, GENDER, AGE, SALARY}. The users of the SDB can ask for summary statistics on the attribute SALARY (using aggregate functions such as sum, average, max and min) for groups of employees which at the conceptual level are specified by predicates involving the attributes GENDER, AGE and DEPARTMENT but not NAME and SSN which are private attributes. In this paper, we focus on queries such as

show abstract

Section: Qmentioning

confidence: 99%

Section: Qmentioning

confidence: 99%

Section: Graphical Modelmentioning

confidence: 99%

Section: Graphical Modelmentioning

confidence: 99%

See 2 more Smart Citations

Auditing sum-queries to make a statistical database secure

Malvestuto

Mezzini

Moscarini

2006

ACM Trans. Inf. Syst. Secur.

View full text Add to dashboard Cite

show abstract

“…Furthermore, auditing provides users with unperturbed query results as long as no inference vulnerability is detected. Due to these features, auditing has triggered intensive research in database security from the 1970s [43,24] through the 1980s [9,6,5,4] and 1990s [11,34,58] to the 21st century [59,27,55,31,33,54,30]. Unfortunately, auditing faces enormous difficulty in practical deployment, mainly due to the excessive computational overhead it requires to check for inference vulnerabilities from the accumulated query log.…”

Section: Introductionmentioning

confidence: 99%

New Paradigm of Inference Control with Trusted Computing

Yang

Deng

2007

Data and Applications Security XXI

View full text Add to dashboard Cite

Abstract. The database server is a crucial bottleneck in traditional inference control architecture, as it enforces highly computation-intensive auditing for all users who query the protected database. As a result, most auditing methods, though rigorously studied, can never be implemented in practice for protecting largescale real-world database systems. To shift this paradigm, we propose a new inference control architecture that will entrust inference control to each users platform, provided that the platform is equipped with trusted computing technology. The trusted computing technology is designed to attest the state of a users platform to the database server, so as to assure the server that inference control could be enforced as expected. A generic protocol is proposed to formalize the interactions between the users platform and database server. Any existing inference control technique can work with our protocol, for which the security properties are formally proven. Since each user's platform enforces inference control for its own queries, our solution avoids the bottleneck.

show abstract

A new paradigm using proxy server to mitigate inference

Anuradha

Iswarya²

2011

2011 3rd International Conference on Electronics Computer Technology

View full text Add to dashboard Cite

In the database security the inference has been a longstanding issue. The main aim of the Inference control is to control the inference and provide a defense to the database. Researches focus on mitigating the impact of inference problem in database. The existing inference control methods, though rigorously studied, are not practical for protecting large-scale real-world database systems. Most of the existing architectures either burden the server or client to ensure the inference control. A modern inference control(IC) architecture is proposed which will reduce the burden on the server and the client and also ensure proper access control and inference control.

show abstract

Statistical Disclosure Limitation

Cited by 7 publications

References 5 publications

Auditing sum-queries to make a statistical database secure

Auditing sum-queries to make a statistical database secure

New Paradigm of Inference Control with Trusted Computing

A new paradigm using proxy server to mitigate inference

Contact Info

Product

Resources

About