ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A security machanism for statistical database
Full text PdfPdf (1.58 MB)
Source ACM Transactions on Database Systems (TODS) archive
Volume 5 ,  Issue 3  (September 1980) table of contents
Pages: 316 - 3338  
Year of Publication: 1980
ISSN:0362-5915
Author
Leland L. Beck  Southern Methodist Univ., Dallas, TX
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 24,   Downloads (12 Months): 105,   Citation Count: 43
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/320613.320617
What is a DOI?

ABSTRACT

The problem of user inference in statistical databases is discussed and illustrated with several examples. It is assumed that the database allows “total,” “average,” “count,” and “percentile” queries; a query may refer to any arbitrary subset of the database. Methods for protecting the security of such a database are considered; it is shown that any scheme which gives “statistically correct” answers is vulnerable to penetration. A precise definition of compromisability (in a statistical sense) is given. A general model of user inference is proposed; two special cases of this model appear to contain all previously published strategies for compromising a statistical database. A method for protecting the security of such a statistical database against these types of user inference is presented and discussed. It is shown that the number of queries required to compromise the database can be made arbitrarily large by accepting moderate increases in the variance of responses to queries. A numerical example is presented to illustrate the application of the techniques discussed.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
BORUCH, R.F. Maintaining confidentiality in educational research: A systematic analysis. Am. Psychol. 26 (1971), 413-430.
 
2
CAMPBELL, D.T., BORUCH, R.F., SCHWARTZ, R.D., AND STEINBERG, J. Confidentiality-preserving modes of access to files and to interfile exchange for useful statistical analysis. Eval. Quart. 1, 2 (May 1977), 266-269.
3
Francis Y. Chin, Security in statistical databases for queries with small counts, ACM Transactions on Database Systems (TODS), v.3 n.1, p.92-104, March 1978  [doi>10.1145/320241.320250]
4
Richard Conway , David Strip, Selective partial access to a database, Proceedings of the annual conference, p.85-89, October 20-22, 1976, Houston, Texas, United States  [doi>10.1145/800191.805537]
 
5
DALENIUS, T. Towards a methodology for statistical disclosure control. Stirtryck ur Statistisk tidskrift 15 (1977}, 429-444.
 
6
DALENIUS, T., AND REINS, S.P. Data-swapping--A technique for disclosure control. Comput. Sci. Tech. Rep. 39, Brown Univ., Providence, R.I., July I978.
 
7
DAVIDA, G.I., AND KAM, J.B. Data security: Theory and practice. Rep. TR-CS-76-2, Coll. Engineering and Applied Science, Univ. Wisconsin, Milwaukee, WIN., 1976.
 
8
DAVIDA, G.I., LINTON, D.J., SZELAG, C.R., AND WELLS, D.L. Data base security. IEEE Trans. Softw. Eng. SE-4, 6 (Nov. 1978), 531-533.
 
9
DEMmLO, R.A., DOBKIN, D., AND LIPTON, R.J. Combinatorial inference. In Foundations of Secure Computation, R. A. DeMiUo et al., Eds. Academic Press, New York, 1978, pp. 27-35.
 
10
DEMILLO, R.A., DOBKIN, D., AND LIPTON, R.J. Even databases that lie can be compromised. IEEE Trans. Softw. Eng. SE-4, 1 (Jan. 1978), 73-75.
 
11
DENNING, D.E. Are statistical data bases secure? Proc. AFIPS 1978 NCC, vol. 47, AFIPS Press, Arlington, Va., pp. 525-530.
 
12
DENNING, D.E. Secure statistical databases with random sample queries. Rep. CSD-TR~302, Dep. Computer Science, Purdue Univ., W. Lafayette, Ind., April 1979.
 
13
DENNING, D.E. Complexity results relating to statistical confidentiality. Computer Science and Statistics: 12th Ann. Symp. Interface, Waterloo, Canada, May 1979.
14
Dorothy E. Denning , Peter J. Denning , Mayer D. Schwartz, The tracker: a threat to statistical database security, ACM Transactions on Database Systems (TODS), v.4 n.1, p.76-96, March 1979  [doi>10.1145/320064.320069]
15
David Dobkin , Anita K. Jones , Richard J. Lipton, Secure databases: protection against user influence, ACM Transactions on Database Systems (TODS), v.4 n.1, p.97-106, March 1979  [doi>10.1145/320064.320068]
 
16
FELLEGI, I.P., AND PHILLIPS, J.L. Statistical confidentiality: Some theory and applications to data dissemination. Ann. Econ. Soc. MeaN. 3, 2 (April 1974), 399-409.
 
17
HANSEN, M.H. Insuring confidentiality of individual records in data storage and retrieval for statistical purposes. Proc. AFIPS 1971 FJCC, vol. 39, AFIPS Press, Arlington, Va., pp. 579-585.
 
18
HOFFMAN, L.J., AND MILLER, W.F. Getting a personal dossier from a statistical data bank. Datamation 16, 5 (May 1970), 74-75.
 
19
HocG, R.V., AND CRAIG, A.T. introduction to Mathematical Statistics. Macmillan, New York, 1970.
20
John B. Kam , Jeffrey D. Ullman, A model of statistical database their security, ACM Transactions on Database Systems (TODS), v.2 n.1, p.1-10, March 1977  [doi>10.1145/320521.320525]
 
21
NARGUNDKAR, M.S., AND SAVELAND, W. Random rounding to prevent statistical disclosure. Proc. Am. Stat. Assoc., Soc. Stat. Sect. (1972), 382-385.
 
22
SC~IL6RER, J. Disclosure from statistical databases: Quantitative aspects of trackers. Inst. Medizinische Statistik und Dokumentation, Univ. Giessen, Giessen, W. Germany, March 1979.
 
23
SC~II~6RER, J. Security of statistical databases: Multidimensional transformation. Rep. TB- IMSD 2/78, Inst. Medizinische Statistik und Dokumentation, Univ. Giessen, Giessen, W. Germany, March 1979.
 
24
SCHL6RER J. Union tracker and open statistical databases. Rep. TB-IMSD 1/78, Inst. Medizinische Statistik und Dokumentation, Univ. Giessen, Giessen, W. Germany, June 1978.
25
C. T. Yu , F. Y. Chin, A study on the protection of statistical data bases, Proceedings of the 1977 ACM SIGMOD international conference on Management of data, August 03-05, 1977, Toronto, Ontario, Canada  [doi>10.1145/509404.509432]

CITED BY  43
Francis Chin, Security problems on inference control for SUM, MAX, and MIN queries, Journal of the ACM (JACM), v.33 n.3, p.451-464, July 1986
D. S. Rogers , E. A. Unger, A deterrent to linear system inferential attacks using a mediator, Proceedings of the 1994 ACM symposium on Applied computing, p.15-19, March 06-08, 1994, Phoenix, Arizona, United States
J. F. Traub , Y. Yemini , H. Woźniakowski, The statistical security of a statistical database, ACM Transactions on Database Systems (TODS), v.9 n.4, p.672-679, Dec. 1984
Dorothy E. Denning, Secure statistical databases with random sample queries, ACM Transactions on Database Systems (TODS), v.5 n.3, p.291-315, Sept. 1980
Mary McLeish, Further results on the security of partitioned dynamic statistical databases, ACM Transactions on Database Systems (TODS), v.14 n.1, p.98-113, March 1989
Steven P. Reiss , Mark J. Post , Tore Dalenius, Non-reversible privacy transformations, Proceedings of the 1st ACM SIGACT-SIGMOD symposium on Principles of database systems, March 29-31, 1982, Los Angeles, California
Nabil R. Adam , John C. Worthmann, Security-control methods for statistical databases: a comparative study, ACM Computing Surveys (CSUR), v.21 n.4, p.515-556, Dec. 1989
Keishi Tajima, Static detection of security flaws in object-oriented databases, ACM SIGMOD Record, v.25 n.2, p.341-352, June 1996
Michael A. Palley , Jeffrey S. Simonoff, The use of regression methodology for the compromise of confidential information in statistical databases, ACM Transactions on Database Systems (TODS), v.12 n.4, p.593-608, Dec. 1987
Jon Kleinberg , Christos Papadimitriou , Prabhakar Raghavan, Auditing Boolean attributes, Proceedings of the nineteenth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, p.86-91, May 15-18, 2000, Dallas, Texas, United States
Rakesh Agrawal , Ramakrishnan Srikant, Privacy-preserving data mining, ACM SIGMOD Record, v.29 n.2, p.439-450, June 2000
Francis Chin , Gultekin Ozsoyoglu, Auditing for secure statistical databases, Proceedings of the ACM '81 conference, p.53-59, January 1981
Maurizio Rafanelli, Preface, Multidimensional databases: problems and solutions, Idea Group Publishing, Hershey, PA, 2003
Irit Dinur , Kobbi Nissim, Revealing information while preserving privacy, Proceedings of the twenty-second ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, p.202-210, June 09-11, 2003, San Diego, California
Gultekin Özsoyoglu , Z. Meral Özsoyoglu, Update handling techniques in statistical databases, Proceedings of the 1st LBL Workshop on Statistical database management, p.249-283, December 02-04, 1981, Melno Park, California
Claus Boyens , Oliver Günther , Maximilian Teltzrow, Privacy conflicts in CRM services for online shops: a case study, Proceedings of the IEEE international conference on Privacy, security and data mining, p.27-35, December 01, 2002, Maebashi City, Japan
Jon Kleinberg , Christos Papadimitriou , Prabhakar Raghavan, Auditing Boolean attributes, Journal of Computer and System Sciences, v.66 n.1, p.244-253, 01 February 2003
Chong K. Liew , Uinam J. Choi , Chung J. Liew, A data distortion by probability distribution, ACM Transactions on Database Systems (TODS), v.10 n.3, p.395-411, Sept. 1985
David Woodruff , Jessica Staddon, Private inference control, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA
Jitender S. Deogun , Vijay V. Raghavan, Query directed partitioning scheme for securing statistical databases, Proceedings of the 1st LBL Workshop on Statistical database management, p.285-293, December 02-04, 1981, Melno Park, California
Krishnaram Kenthapadi , Nina Mishra , Kobbi Nissim, Simulatable auditing, Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 13-15, 2005, Baltimore, Maryland
Sheng Zhong , Zhiqiang Yang , Rebecca N. Wright, Privacy-enhancing k-anonymization of customer data, Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 13-15, 2005, Baltimore, Maryland
Lingyu Wang , Duminda Wijesekera , Sushil Jajodia, Cardinality-based inference control in data cubes, Journal of Computer Security, v.12 n.5, p.655-692, September 2004
Dorothy E. Denning, A security model for the statistical database problem, Proceedings of the 2nd international workshop on Proceedings of the Second International Workshop on Statistical Database Management, p.368-390, September 27-29, 1983, Los Altos, California
Francis Y. L. Chin , Peter Kossowski, Efficient inference control for range SUM queries on statistical data bases, Proceedings of the 1st LBL Workshop on Statistical database management, p.239-248, December 02-04, 1981, Melno Park, California
Zbigniew Michalewicz, Statistical databases: their model, query language and security, Proceedings of the 2nd international workshop on Proceedings of the Second International Workshop on Statistical Database Management, p.391-402, September 27-29, 1983, Los Altos, California
Daniel Stamate , Henri Luchian , Ben Paechter, A general model for the answer-perturbation techniques, Proceedings of the 7th international conference on Scientific and Statistical Database Management, p.90-96, September 28-30, 1994, Charlottesville, Virginia
Peter Jonsson , Andrei Krokhin, Computational complexity of auditing finite attributes in statistical databases, Journal of Computer and System Sciences, v.74 n.5, p.898-909, August, 2008
Ashwin Machanavajjhala , Daniel Kifer , Johannes Gehrke , Muthuramakrishnan Venkitasubramaniam, L-diversity: Privacy beyond k-anonymity, ACM Transactions on Knowledge Discovery from Data (TKDD), v.1 n.1, p.3-es, March 2007
Mark O'Connor , Dan Cosley , Joseph A. Konstan , John Riedl, PolyLens: a recommender system for groups of users, Proceedings of the seventh conference on European Conference on Computer Supported Cooperative Work, p.199-218, September 16-20, 2001, Bonn, Germany
G. Aggarwal , M. Bawa , P. Ganesan , H. Garcia-Molina , K. Kenthapadi , N. Mishra , R. Motwani , U. Srivastava , D. Thomas , J. Widom , Y. Xu, Vision paper: enabling privacy for the paranoids, Proceedings of the Thirtieth international conference on Very large data bases, p.708-719, August 31-September 03, 2004, Toronto, Canada
Rakesh Agrawal , Jerry Kiernan , Ramakrishnan Srikant , Yirong Xu, Hippocratic databases, Proceedings of the 28th international conference on Very Large Data Bases, p.143-154, August 20-23, 2002, Hong Kong, China
Rhys Smith , Jianhua Shao, Privacy and e-commerce: a consumer-centric perspective, Electronic Commerce Research, v.7 n.2, p.89-116, June 2007
Arie Shoshani, Statistical Databases: Characteristics, Problems, and some Solutions, Proceedings of the 8th International Conference on Very Large Data Bases, p.208-222, September 08-10, 1982
Ezio Lefons , Alberto Silvestri , Filippo Tangorra, An Analytic Approach to Statistical Databases, Proceedings of the 9th International Conference on Very Large Data Bases, p.260-274, October 31-November 02, 1983
Steven C. Hansen, Hybrid inferential security methods for statistical databases, ACM SIGAPP Applied Computing Review, v.3 n.1, p.14-18, Summer 1995
Carl Stephen Guynes, Protecting statistical databases: a matter of privacy, ACM SIGCAS Computers and Society, v.19 n.1, p.15-20, March 1989
Lingyu Wang , Yingjiu Li , Sushil Jajodia , Duminda Wijesekera, Parity-based inference control for multi-dimensional range sum queries, Journal of Computer Security, v.15 n.4, p.417-445, September 2007
Buğra Gedik , Ling Liu, Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms, IEEE Transactions on Mobile Computing, v.7 n.1, p.1-18, January 2008
Vangalur S. Alagar , Bernard Blanchard , David Glaser, Effective inference control mechanisms for securing statistical databases, Proceedings of the May 4-7, 1981, national computer conference, May 04-07, 1981, Chicago, Illinois
Xiangdong An , Dawn Jutla , Nick Cercone, Dynamic inference control in privacy preference enforcement, Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, October 30-November 01, 2006, Markham, Ontario, Canada
Haibing Lu , Yingjiu Li , Vijayalakshmi Atluri , Jaideep Vaidya, An efficient online auditing approach to limit private data disclosure, Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology, March 24-26, 2009, Saint Petersburg, Russia
Sheng Zhong, On Distributed k-Anonymization, Fundamenta Informaticae, v.92 n.4, p.411-431, December 2009

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.0 General
          Subjects: Security, integrity, and protection**

Additional Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.4 Systems
          Subjects: Query processing
      H.2.8 Database applications
          Subjects: Statistical databases


General Terms:
Design, Security


Keywords:
compromisability, data security, database inference, privacy protection, statistical databases, statistical queries

Collaborative Colleagues:
Leland L. Beck: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player