A security machanism for statistical database

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback
Take a look at the new version of this page: [ beta version ]. Tell us what you think.

A security machanism for statistical database

Full text

Pdf (1.58 MB)

Source

ACM Transactions on Database Systems (TODS) archive
Volume 5 , Issue 3 (September 1980) table of contents

Pages: 316 - 3338

Year of Publication: 1980

ISSN:0362-5915

Author

Leland L. Beck

Southern Methodist Univ., Dallas, TX

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 7, Downloads (12 Months): 79, Citation Count: 45

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/320613.320617 What is a DOI?

ABSTRACT

The problem of user inference in statistical databases is discussed and illustrated with several examples. It is assumed that the database allows “total,” “average,” “count,” and “percentile” queries; a query may refer to any arbitrary subset of the database. Methods for protecting the security of such a database are considered; it is shown that any scheme which gives “statistically correct” answers is vulnerable to penetration. A precise definition of compromisability (in a statistical sense) is given. A general model of user inference is proposed; two special cases of this model appear to contain all previously published strategies for compromising a statistical database. A method for protecting the security of such a statistical database against these types of user inference is presented and discussed. It is shown that the number of queries required to compromise the database can be made arbitrarily large by accepting moderate increases in the variance of responses to queries. A numerical example is presented to illustrate the application of the techniques discussed.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	BORUCH, R.F. Maintaining confidentiality in educational research: A systematic analysis. Am. Psychol. 26 (1971), 413-430.
	2	CAMPBELL, D.T., BORUCH, R.F., SCHWARTZ, R.D., AND STEINBERG, J. Confidentiality-preserving modes of access to files and to interfile exchange for useful statistical analysis. Eval. Quart. 1, 2 (May 1977), 266-269.
	3	Francis Y. Chin, Security in statistical databases for queries with small counts, ACM Transactions on Database Systems (TODS), v.3 n.1, p.92-104, March 1978 [doi>10.1145/320241.320250]
	4	Richard Conway , David Strip, Selective partial access to a database, Proceedings of the annual conference, p.85-89, October 20-22, 1976, Houston, Texas, United States [doi>10.1145/800191.805537]
	5	DALENIUS, T. Towards a methodology for statistical disclosure control. Stirtryck ur Statistisk tidskrift 15 (1977}, 429-444.
	6	DALENIUS, T., AND REINS, S.P. Data-swapping--A technique for disclosure control. Comput. Sci. Tech. Rep. 39, Brown Univ., Providence, R.I., July I978.
	7	DAVIDA, G.I., AND KAM, J.B. Data security: Theory and practice. Rep. TR-CS-76-2, Coll. Engineering and Applied Science, Univ. Wisconsin, Milwaukee, WIN., 1976.
	8	DAVIDA, G.I., LINTON, D.J., SZELAG, C.R., AND WELLS, D.L. Data base security. IEEE Trans. Softw. Eng. SE-4, 6 (Nov. 1978), 531-533.
	9	DEMmLO, R.A., DOBKIN, D., AND LIPTON, R.J. Combinatorial inference. In Foundations of Secure Computation, R. A. DeMiUo et al., Eds. Academic Press, New York, 1978, pp. 27-35.
	10	DEMILLO, R.A., DOBKIN, D., AND LIPTON, R.J. Even databases that lie can be compromised. IEEE Trans. Softw. Eng. SE-4, 1 (Jan. 1978), 73-75.
	11	DENNING, D.E. Are statistical data bases secure? Proc. AFIPS 1978 NCC, vol. 47, AFIPS Press, Arlington, Va., pp. 525-530.
	12	DENNING, D.E. Secure statistical databases with random sample queries. Rep. CSD-TR~302, Dep. Computer Science, Purdue Univ., W. Lafayette, Ind., April 1979.
	13	DENNING, D.E. Complexity results relating to statistical confidentiality. Computer Science and Statistics: 12th Ann. Symp. Interface, Waterloo, Canada, May 1979.
	14	Dorothy E. Denning , Peter J. Denning , Mayer D. Schwartz, The tracker: a threat to statistical database security, ACM Transactions on Database Systems (TODS), v.4 n.1, p.76-96, March 1979 [doi>10.1145/320064.320069]
	15	David Dobkin , Anita K. Jones , Richard J. Lipton, Secure databases: protection against user influence, ACM Transactions on Database Systems (TODS), v.4 n.1, p.97-106, March 1979 [doi>10.1145/320064.320068]
	16	FELLEGI, I.P., AND PHILLIPS, J.L. Statistical confidentiality: Some theory and applications to data dissemination. Ann. Econ. Soc. MeaN. 3, 2 (April 1974), 399-409.
	17	HANSEN, M.H. Insuring confidentiality of individual records in data storage and retrieval for statistical purposes. Proc. AFIPS 1971 FJCC, vol. 39, AFIPS Press, Arlington, Va., pp. 579-585.
	18	HOFFMAN, L.J., AND MILLER, W.F. Getting a personal dossier from a statistical data bank. Datamation 16, 5 (May 1970), 74-75.
	19	HocG, R.V., AND CRAIG, A.T. introduction to Mathematical Statistics. Macmillan, New York, 1970.
	20	John B. Kam , Jeffrey D. Ullman, A model of statistical database their security, ACM Transactions on Database Systems (TODS), v.2 n.1, p.1-10, March 1977 [doi>10.1145/320521.320525]
	21	NARGUNDKAR, M.S., AND SAVELAND, W. Random rounding to prevent statistical disclosure. Proc. Am. Stat. Assoc., Soc. Stat. Sect. (1972), 382-385.
	22	SC~IL6RER, J. Disclosure from statistical databases: Quantitative aspects of trackers. Inst. Medizinische Statistik und Dokumentation, Univ. Giessen, Giessen, W. Germany, March 1979.
	23	SC~II~6RER, J. Security of statistical databases: Multidimensional transformation. Rep. TB- IMSD 2/78, Inst. Medizinische Statistik und Dokumentation, Univ. Giessen, Giessen, W. Germany, March 1979.
	24	SCHL6RER J. Union tracker and open statistical databases. Rep. TB-IMSD 1/78, Inst. Medizinische Statistik und Dokumentation, Univ. Giessen, Giessen, W. Germany, June 1978.
	25	C. T. Yu , F. Y. Chin, A study on the protection of statistical data bases, Proceedings of the 1977 ACM SIGMOD international conference on Management of data, August 03-05, 1977, Toronto, Ontario, Canada [doi>10.1145/509404.509432]

CITED BY 45

	Francis Chin, Security problems on inference control for SUM, MAX, and MIN queries, Journal of the ACM (JACM), v.33 n.3, p.451-464, July 1986
	D. S. Rogers , E. A. Unger, A deterrent to linear system inferential attacks using a mediator, Proceedings of the 1994 ACM symposium on Applied computing, p.15-19, March 06-08, 1994, Phoenix, Arizona, United States
	J. F. Traub , Y. Yemini , H. Woźniakowski, The statistical security of a statistical database, ACM Transactions on Database Systems (TODS), v.9 n.4, p.672-679, Dec. 1984
	Dorothy E. Denning, Secure statistical databases with random sample queries, ACM Transactions on Database Systems (TODS), v.5 n.3, p.291-315, Sept. 1980
	Mary McLeish, Further results on the security of partitioned dynamic statistical databases, ACM Transactions on Database Systems (TODS), v.14 n.1, p.98-113, March 1989
	Steven P. Reiss , Mark J. Post , Tore Dalenius, Non-reversible privacy transformations, Proceedings of the 1st ACM SIGACT-SIGMOD symposium on Principles of database systems, March 29-31, 1982, Los Angeles, California
	Nabil R. Adam , John C. Worthmann, Security-control methods for statistical databases: a comparative study, ACM Computing Surveys (CSUR), v.21 n.4, p.515-556, Dec. 1989
	Keishi Tajima, Static detection of security flaws in object-oriented databases, ACM SIGMOD Record, v.25 n.2, p.341-352, June 1996
	Michael A. Palley , Jeffrey S. Simonoff, The use of regression methodology for the compromise of confidential information in statistical databases, ACM Transactions on Database Systems (TODS), v.12 n.4, p.593-608, Dec. 1987
	Jon Kleinberg , Christos Papadimitriou , Prabhakar Raghavan, Auditing Boolean attributes, Proceedings of the nineteenth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, p.86-91, May 15-18, 2000, Dallas, Texas, United States
	Rakesh Agrawal , Ramakrishnan Srikant, Privacy-preserving data mining, ACM SIGMOD Record, v.29 n.2, p.439-450, June 2000
	Francis Chin , Gultekin Ozsoyoglu, Auditing for secure statistical databases, Proceedings of the ACM '81 conference, p.53-59, January 1981
	Maurizio Rafanelli, Preface, Multidimensional databases: problems and solutions, Idea Group Publishing, Hershey, PA, 2003
	Irit Dinur , Kobbi Nissim, Revealing information while preserving privacy, Proceedings of the twenty-second ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, p.202-210, June 09-11, 2003, San Diego, California
	Gultekin Özsoyoglu , Z. Meral Özsoyoglu, Update handling techniques in statistical databases, Proceedings of the 1st LBL Workshop on Statistical database management, p.249-283, December 02-04, 1981, Melno Park, California
	Claus Boyens , Oliver Günther , Maximilian Teltzrow, Privacy conflicts in CRM services for online shops: a case study, Proceedings of the IEEE international conference on Privacy, security and data mining, p.27-35, December 01, 2002, Maebashi City, Japan
	Jon Kleinberg , Christos Papadimitriou , Prabhakar Raghavan, Auditing Boolean attributes, Journal of Computer and System Sciences, v.66 n.1, p.244-253, 01 February 2003
	Chong K. Liew , Uinam J. Choi , Chung J. Liew, A data distortion by probability distribution, ACM Transactions on Database Systems (TODS), v.10 n.3, p.395-411, Sept. 1985
	David Woodruff , Jessica Staddon, Private inference control, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA
	Jitender S. Deogun , Vijay V. Raghavan, Query directed partitioning scheme for securing statistical databases, Proceedings of the 1st LBL Workshop on Statistical database management, p.285-293, December 02-04, 1981, Melno Park, California
	Krishnaram Kenthapadi , Nina Mishra , Kobbi Nissim, Simulatable auditing, Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 13-15, 2005, Baltimore, Maryland
	Sheng Zhong , Zhiqiang Yang , Rebecca N. Wright, Privacy-enhancing k-anonymization of customer data, Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 13-15, 2005, Baltimore, Maryland
	Lingyu Wang , Duminda Wijesekera , Sushil Jajodia, Cardinality-based inference control in data cubes, Journal of Computer Security, v.12 n.5, p.655-692, September 2004
	Dorothy E. Denning, A security model for the statistical database problem, Proceedings of the 2nd international workshop on Proceedings of the Second International Workshop on Statistical Database Management, p.368-390, September 27-29, 1983, Los Altos, California
	Francis Y. L. Chin , Peter Kossowski, Efficient inference control for range SUM queries on statistical data bases, Proceedings of the 1st LBL Workshop on Statistical database management, p.239-248, December 02-04, 1981, Melno Park, California
	Zbigniew Michalewicz, Statistical databases: their model, query language and security, Proceedings of the 2nd international workshop on Proceedings of the Second International Workshop on Statistical Database Management, p.391-402, September 27-29, 1983, Los Altos, California
	Daniel Stamate , Henri Luchian , Ben Paechter, A general model for the answer-perturbation techniques, Proceedings of the 7th international conference on Scientific and Statistical Database Management, p.90-96, September 28-30, 1994, Charlottesville, Virginia
	Peter Jonsson , Andrei Krokhin, Computational complexity of auditing finite attributes in statistical databases, Journal of Computer and System Sciences, v.74 n.5, p.898-909, August, 2008
	Ashwin Machanavajjhala , Daniel Kifer , Johannes Gehrke , Muthuramakrishnan Venkitasubramaniam, L-diversity: Privacy beyond k-anonymity, ACM Transactions on Knowledge Discovery from Data (TKDD), v.1 n.1, p.3-es, March 2007
	Mark O'Connor , Dan Cosley , Joseph A. Konstan , John Riedl, PolyLens: a recommender system for groups of users, Proceedings of the seventh conference on European Conference on Computer Supported Cooperative Work, p.199-218, September 16-20, 2001, Bonn, Germany
	G. Aggarwal , M. Bawa , P. Ganesan , H. Garcia-Molina , K. Kenthapadi , N. Mishra , R. Motwani , U. Srivastava , D. Thomas , J. Widom , Y. Xu, Vision paper: enabling privacy for the paranoids, Proceedings of the Thirtieth international conference on Very large data bases, p.708-719, August 31-September 03, 2004, Toronto, Canada
	Rakesh Agrawal , Jerry Kiernan , Ramakrishnan Srikant , Yirong Xu, Hippocratic databases, Proceedings of the 28th international conference on Very Large Data Bases, p.143-154, August 20-23, 2002, Hong Kong, China
	Rhys Smith , Jianhua Shao, Privacy and e-commerce: a consumer-centric perspective, Electronic Commerce Research, v.7 n.2, p.89-116, June 2007
	Arie Shoshani, Statistical Databases: Characteristics, Problems, and some Solutions, Proceedings of the 8th International Conference on Very Large Data Bases, p.208-222, September 08-10, 1982
	Ezio Lefons , Alberto Silvestri , Filippo Tangorra, An Analytic Approach to Statistical Databases, Proceedings of the 9th International Conference on Very Large Data Bases, p.260-274, October 31-November 02, 1983
	Steven C. Hansen, Hybrid inferential security methods for statistical databases, ACM SIGAPP Applied Computing Review, v.3 n.1, p.14-18, Summer 1995
	Carl Stephen Guynes, Protecting statistical databases: a matter of privacy, ACM SIGCAS Computers and Society, v.19 n.1, p.15-20, March 1989
	Lingyu Wang , Yingjiu Li , Sushil Jajodia , Duminda Wijesekera, Parity-based inference control for multi-dimensional range sum queries, Journal of Computer Security, v.15 n.4, p.417-445, September 2007
	Buğra Gedik , Ling Liu, Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms, IEEE Transactions on Mobile Computing, v.7 n.1, p.1-18, January 2008
	Vangalur S. Alagar , Bernard Blanchard , David Glaser, Effective inference control mechanisms for securing statistical databases, Proceedings of the May 4-7, 1981, national computer conference, May 04-07, 1981, Chicago, Illinois
	Xiangdong An , Dawn Jutla , Nick Cercone, Dynamic inference control in privacy preference enforcement, Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, October 30-November 01, 2006, Markham, Ontario, Canada
	Haibing Lu , Yingjiu Li , Vijayalakshmi Atluri , Jaideep Vaidya, An efficient online auditing approach to limit private data disclosure, Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology, March 24-26, 2009, Saint Petersburg, Russia
	Sheng Zhong, On Distributed k-Anonymization, Fundamenta Informaticae, v.92 n.4, p.411-431, December 2009
	Gerardo Canfora , Bice Cavallo, A Bayesian model for disclosure control in statistical databases, Data & Knowledge Engineering, v.68 n.11, p.1187-1205, November, 2009
	Rui Wang , Yong Fuga Li , XiaoFeng Wang , Haixu Tang , Xiaoyong Zhou, Learning your identity and disease from research papers: information leaks in genome wide association study, Proceedings of the 16th ACM conference on Computer and communications security, November 09-13, 2009, Chicago, Illinois, USA