ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A formal analysis of information disclosure in data exchange
Full text PdfPdf (295 KB)
Source International Conference on Management of Data archive
Proceedings of the 2004 ACM SIGMOD international conference on Management of data table of contents
Paris, France
SESSION: Research sessions: security and privacy table of contents
Pages: 575 - 586  
Year of Publication: 2004
ISBN:1-58113-859-8
Authors
Gerome Miklau  University of Washington
Dan Suciu  University of Washington
Sponsor
SIGMOD: ACM Special Interest Group on Management of Data
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 5,   Downloads (12 Months): 65,   Citation Count: 28
Additional Information:

abstract   references   cited by   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1007568.1007633
What is a DOI?

ABSTRACT

We perform a theoretical study of the following query-view security problem: given a view V to be published, does V logically disclose information about a confidential query S? The problem is motivated by the need to manage the risk of unintended information disclosure in today's world of universal data exchange. We present a novel information-theoretic standard for query-view security. This criterion can be used to provide a precise analysis of information disclosure for a host of data exchange scenarios, including multi-party collusion and the use of outside knowledge by an adversary trying to learn privileged facts about the database. We prove a number of theoretical results for deciding security according to this standard. We also generalize our security criterion to account for prior knowledge a user or adversary may possess, and introduce techniques for measuring the magnitude of partical disclosures. We believe these results can be a foundation for practical efforts to secure data exchange frameworks, and also illuminate a nice interaction between logic and probability theory.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Nabil R. Adam , John C. Worthmann, Security-control methods for statistical databases: a comparative study, ACM Computing Surveys (CSUR), v.21 n.4, p.515-556, Dec. 1989  [doi>10.1145/76894.76895]
 
2
F. Bancilhon and N. Spyratos. Protection of information in relational data bases. In VLDB, 1977.
3
François Bancilhon , Nicolas Spyratos, Algebraic versus probabilstic independence in data bases, Proceedings of the fourth ACM SIGACT-SIGMOD symposium on Principles of database systems, p.149-153, March 25-27, 1985, Portland, Oregon, United States  [doi>10.1145/325405.325424]
 
4
Elisa Bertino , Sushil Jajodia , Pierangela Samarati, Database security: research and practice, Information Systems, v.20 n.7, p.537-556, Nov. 1995  [doi>10.1016/0306-4379(95)00029-4]
5
José A. Blakeley , Neil Coburn , Per-:1Vke Larson, Updating derived relations: detecting irrelevant and autonomously computable updates, ACM Transactions on Database Systems (TODS), v.14 n.3, p.369-400, Sept. 1989  [doi>10.1145/68012.68015]
 
6
Dorothy Elizabeth Rob Denning, Cryptography and Data Security, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1982
7
Charles Elkan, Independence of logic database queries and update, Proceedings of the ninth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems, p.154-160, April 02-04, 1990, Nashville, Tennessee, United States  [doi>10.1145/298514.298557]
 
8
R. Fagin. Probabilities on finite models. Notices of the Am. Math. Soc., October: A714, 1972.
 
9
R. Fagin, Probabilities on finite models. Journal of Symbolic Logic, 41(1), 1976.
 
10
C. Fortuin, P. Kasteleyn, and J. Ginibre. Correlation inequalities on some partially ordered sets. Comm. in Math. Physics, 22:89--103, 1971.
11
Lise Getoor , Benjamin Taskar , Daphne Koller, Selectivity estimation using probabilistic models, Proceedings of the 2001 ACM SIGMOD international conference on Management of data, p.461-472, May 21-24, 2001, Santa Barbara, California, United States
12
Ashish Gupta , Yehoshua Sagiv , Jeffrey D. Ullman , Jennifer Widom, Constraint checking with partial information, Proceedings of the thirteenth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems, p.45-55, May 24-27, 1994, Minneapolis, Minnesota, United States  [doi>10.1145/182591.182597]
 
13
Alon Y. Halevy, Answering queries using views: A survey, The VLDB Journal — The International Journal on Very Large Data Bases, v.10 n.4, p.270-294, December 2001  [doi>10.1007/s007780100054]
 
14
Daphne Koller , Avi Pfeffer, Probabilistic frame-based systems, Proceedings of the fifteenth national/tenth conference on Artificial intelligence/Innovative applications of artificial intelligence, p.580-587, July 1998, Madison, Wisconsin, United States
 
15
Alon Y. Levy , Yehoshua Sagiv, Queries Independent of Updates, Proceedings of the 19th International Conference on Very Large Data Bases, p.171-181, August 24-27, 1993
 
16
G. Miklau and D. Suciu. A formal analysis of information disclosure in data exchange. University of Washington Technical Report (TR 03-12-02), Dec 2003. www.cs.washington.edu/homes/gerome.
 
17
B. Schneier. Applied Cryptography, Second Edition. John Wiley and Sons, Inc., 1996.
 
18
C. E. Shannon. Communication theory of secrecy systems. In Bell System Technical Journal, 1949.
 
19
Latanya Sweeney, k-anonymity: a model for protecting privacy, International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, v.10 n.5, p.557-570, October 2002  [doi>10.1142/S0218488502001648]

CITED BY  29
Bee-Chung Chen , Daniel Kifer , Kristen LeFevre , Ashwin Machanavajjhala, Privacy-Preserving Data Publishing, Foundations and Trends in Databases, v.2 n.1–2, p.1-167, January 2009
Chao Yao , X. Sean Wang , Sushil Jajodia, Checking for k-anonymity violation by views, Proceedings of the 31st international conference on Very large data bases, August 30-September 02, 2005, Trondheim, Norway
Daniel Kifer , Johannes Gehrke, Injecting utility into anonymized datasets, Proceedings of the 2006 ACM SIGMOD international conference on Management of data, June 27-29, 2006, Chicago, IL, USA
Ping Lin , K. Selçuk Candan, Enabling access-privacy for random walk based data analysis applications, Data & Knowledge Engineering, v.63 n.3, p.667-683, December, 2007
Ashwin Machanavajjhala , Johannes Gehrke, On the efficiency of checking perfect privacy, Proceedings of the twenty-fifth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 26-28, 2006, Chicago, IL, USA
Hui Wang , Laks V.S. Lakshmanan, Probabilistic privacy analysis of published views, Proceedings of the 5th ACM workshop on Privacy in electronic society, October 30-30, 2006, Alexandria, Virginia, USA
Hui Wang , Laks V. S. Lakshmanan, Efficient secure query evaluation over encrypted XML databases, Proceedings of the 32nd international conference on Very large data bases, September 12-15, 2006, Seoul, Korea
Ke Wang , Benjamin C. M. Fung, Anonymizing sequential releases, Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining, August 20-23, 2006, Philadelphia, PA, USA
Ashwin Machanavajjhala , Daniel Kifer , Johannes Gehrke , Muthuramakrishnan Venkitasubramaniam, L-diversity: Privacy beyond k-anonymity, ACM Transactions on Knowledge Discovery from Data (TKDD), v.1 n.1, p.3-es, March 2007
Nilesh Dalvi , Dan Suciu, Management of probabilistic data: foundations and challenges, Proceedings of the twenty-sixth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, p.1-12, June 11-13, 2007, Beijing, China
Gerome Miklau , Dan Suciu, A formal analysis of information disclosure in data exchange, Journal of Computer and System Sciences, v.73 n.3, p.507-534, May, 2007
Rakesh Agrawal , Alexandre Evfimievski , Jerry Kiernan , Raja Velu, Auditing disclosure by relevance ranking, Proceedings of the 2007 ACM SIGMOD international conference on Management of data, June 11-14, 2007, Beijing, China
Xiaochun Yang , Chen Li, Secure XML publishing without information leakage in the presence of data inference, Proceedings of the Thirtieth international conference on Very large data bases, p.96-107, August 31-September 03, 2004, Toronto, Canada
C. M. Johnson , T. W. A. Grandison, Compliance with data protection laws using hippocratic database active enforcement and auditing, IBM Systems Journal, v.46 n.2, p.255-264, April 2007
Jun Gao , Tengjiao Wang , Dongqing Yang, XFlat: Query-friendly encrypted XML view publishing, Information Sciences: an International Journal, v.178 n.3, p.774-787, February, 2008
Christopher Re , Dan Suciu, Management of data with uncertainties, Proceedings of the sixteenth ACM conference on Conference on information and knowledge management, p.3-8, November 06-10, 2007, Lisbon, Portugal
Alexandre Evfimievski , Ronald Fagin , David P. Woodruff, Epistemic privacy, Proceedings of the twenty-seventh ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 09-12, 2008, Vancouver, Canada
Christopher Ré , Julie Letchner , Magdalena Balazinksa , Dan Suciu, Event queries on correlated probabilistic streams, Proceedings of the 2008 ACM SIGMOD international conference on Management of data, June 09-12, 2008, Vancouver, Canada
Lei Zhang , Sushil Jajodia , Alexander Brodsky, Information disclosure under realistic assumptions: privacy versus optimality, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA
Bee-Chung Chen , Kristen LeFevre , Raghu Ramakrishnan, Privacy skyline: privacy with multidimensional adversarial knowledge, Proceedings of the 33rd international conference on Very large data bases, September 23-27, 2007, Vienna, Austria
Christopher Ré , Dan Suciu, Materialized views in probabilistic databases: for information exchange and query optimization, Proceedings of the 33rd international conference on Very large data bases, September 23-27, 2007, Vienna, Austria
Lingyu Wang , Yingjiu Li , Sushil Jajodia , Duminda Wijesekera, Parity-based inference control for multi-dimensional range sum queries, Journal of Computer Security, v.15 n.4, p.417-445, September 2007
Vibhor Rastogi , Michael Hay , Gerome Miklau , Dan Suciu, Relationship privacy: output perturbation for queries with joins, Proceedings of the twenty-eighth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 29-July 01, 2009, Providence, Rhode Island, USA
Justin Brickell , Vitaly Shmatikov, The cost of privacy: destruction of data-mining utility in anonymized data publishing, Proceeding of the 14th ACM SIGKDD international conference on Knowledge discovery and data mining, August 24-27, 2008, Las Vegas, Nevada, USA
Daniel Kifer, Attacks on privacy and deFinetti's theorem, Proceedings of the 35th SIGMOD international conference on Management of data, June 29-July 02, 2009, Providence, Rhode Island, USA
Chao Yao , Lingyu Wang , X. Sean Wang , Claudio Bettini , Sushil Jajodia, Evaluating privacy threats in released database views by symmetric indistinguishability, Journal of Computer Security, v.17 n.1, p.5-42, January 2009
Bee-Chung Chen , Kristen Lefevre , Raghu Ramakrishnan, Adversarial-knowledge dimensions in data privacy, The VLDB Journal — The International Journal on Very Large Data Bases, v.18 n.2, p.429-467, April 2009
Millist W. Vincent , Mukesh Mohania , Mizuho Iwaihara, Detecting privacy violations in database publishing using disjoint queries, Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology, March 24-26, 2009, Saint Petersburg, Russia
Noman Mohammed , Benjamin C. M. Fung , Ke Wang , Patrick C. K. Hung, Privacy-preserving data mashup, Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology, March 24-26, 2009, Saint Petersburg, Russia
Collaborative Colleagues:
Gerome Miklau: colleagues
Dan Suciu: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player