|
 ABSTRACT
A statistical database (SDB) is an ordinary database that returns statistical information to user queries. The security problem for the SDB is to control the use of the SDB so that only statistical information is available and no sequence of queries is sufficient to infer protected information about any individual. When such information is obtained, the SDB is said to be compromised. Many researchers have studied different protection mechanisms to prevent an SDB from being compromised. However, most of these mechanisms are either ineffective or inefficient or are only applicable to large SDBs. Auditing in SDBs is initially proposed in the form of investigating log trails manually. In this paper, we present a practical technique for managing the past history of user's queries, discuss how the sequence of all the answered queries of the SDB can be reduced and stored in finite storage, and describe how this storage scheme can provide an effective way of checking compromise. We believe that this will help us to develop a more practical and efficient tool for protection in a small SDB than the previously known mechanisms. We also extend the idea to batched queries and a more general environment for better protection and performance. We also state that the problem of maximizing the amount of information to the users without compromising the SDB is NP-complete.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
|
 |
2
|
|
| |
3
|
|
| |
4
|
|
| |
5
|
Chin F. Y., Ozsoyoglu G., "Security of Statistical Databases", Chapter 3, Advances in Computer Security Management, Hayden & Son, Inc., 1980.
|
| |
6
|
Chin F. Y., Ozsoyoglu G., "Auditing and Inference Control in Statistical Databases", Tech. Report #81-1, CIS, Cleveland State University, 1981.
|
| |
7
|
DeMillo R., Dobkin D., Lipton R. J., "Combinatorial Inference", Foundations of Secure Computation edited by DeMillo et al. Academic Press 1978, pp. 27-38, (presented at a 3 day workshop held at Georgia Institute of Technology, Atlanta Oct. 1977).
|
| |
8
|
Denning D. E., "Are Statistical Databases Secure?", (Proc. AFIPS NCC Vol 47, 1948).
|
| |
9
|
|
| |
10
|
|
| |
11
|
|
| |
12
|
Dobkin D., Lipton R. J., Reiss S. P., "Aspects of the Database Security Problem", Proceedings on a Conference on Theoretical Computer Science, Waterloo, Canada, 1977, pp. 262-274.
|
| |
13
|
Fellegi I. P., Phillips J. L., "Statistical Confidentiality: Some Theory and Applications to Data Dissemination", Annals of Econ. Soc'l Measurement, 3, 2, 1972, pp. 399-409.
|
| |
14
|
Garey M., Johnson D. and Stockmeyer L., "Some Simplified NP-Complete Graph Problems", Journal Theo. Comp. Sci., 1, 1976, pp. 237-267.
|
| |
15
|
Hoffman L. J., Modern Methods for Computer Security and Privacy, Prentice-Hall, 1977.
|
| |
16
|
|
| |
17
|
Nargundkar M. S., Saveland W., "Random Rounding to Prevent Statistical Disclosure", Proc. Amer. Stat. Assoc., Soc. Stat. Sec., 1972, pp. 382-385.
|
| |
18
|
|
| |
19
|
Schlorer J., "Identification and Retrieval of Personal Records from a Statistical Databank", Methods of Info. in Medicine, 14, 1, 1975, pp. 7-15.
|
| |
20
|
Schlorer J., "Confidentiality of Statistical Records: A Threat Monitoring Scheme for On-line dialogue", Methods of Info. in Medicine, 15, 1, 1976, pp. 36-42.
|
| |
21
|
Schlorer J., "Union Tracker and Open Statistical Databases", TBIMSD 1/78, Inst. Med. Statist. Dok., Univ. Giessen, 1979
|
| |
22
|
|
CITED BY 3
|
|
|
|
|
Shubha U. Nabar , Bhaskara Marthi , Krishnaram Kenthapadi , Nina Mishra , Rajeev Motwani, Towards robustness in query auditing, Proceedings of the 32nd international conference on Very large data bases, September 12-15, 2006, Seoul, Korea
|
|
|
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
K.6