ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Digital Library logoTake a look at the new version of this page: [ beta version ]. Tell us what you think.
Security-control methods for statistical databases: a comparative study
Full text PdfPdf (3.64 MB)
Source ACM Computing Surveys (CSUR) archive
Volume 21 ,  Issue 4  (December 1989) table of contents
Pages: 515 - 556  
Year of Publication: 1989
ISSN:0360-0300
Authors
Nabil R. Adam  Rutgers Univ., Newark, NJ
John C. Worthmann  Eindhoven Univ. of Technology, Eindhoven, The Netherlands
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 50,   Downloads (12 Months): 517,   Citation Count: 135
Additional Information:

abstract   references   cited by   index terms   review   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/76894.76895
What is a DOI?

Warning: The download time has expired please click on the item to try again.


ABSTRACT

This paper considers the problem of providing security to statistical databases against disclosure of confidential information. Security-control methods suggested in the literature are classified into four general approaches: conceptual, query restriction, data perturbation, and output perturbation. Criteria for evaluating the performance of the various security-control methods are identified. Security-control methods that are based on each of the four approaches are discussed, together with their performance with respect to the identified evaluation criteria. A detailed comparative analysis of the most promising methods for protecting dynamic-online statistical databases is also presented. To date no single security-control method prevents both exact and partial disclosures. There are, however, a few perturbation-based methods that prevent exact disclosure and enable the database administrator to exercise "statistical disclosure control." Some of these methods, however introduce bias into query responses or suffer from the 0/1 query-set-size problem (i.e., partial disclosure is possible in case of null query set or a query set of size 1). We recommend directing future research efforts toward developing new methods that prevent exact disclosure and provide statistical-disclosure control, while at the same time do not suffer from the bias problem and the 0/1 query-set-size problem. Furthermore, efforts directed toward developing a bias-correction mechanism and solving the general problem of small query-set-size would help salvage a few of the current perturbation-based methods.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
ABUL-ELA, A.-L., GREENBERG, B. G., AND HORViTZ, D. G. 1967. A multi-proportions randomized response model. J. Am. Stat. Assoc. 62, 319 (Sept.), 990-1008.
 
2
ACHUGBUE, J. O., AND CHIN, F. Y. 1979. The effectiveness of output modification by rounding for protection of statistical databases. INFOR 17, 3 (Aug.), 209-218.
3
Leland L. Beck, A security machanism for statistical database, ACM Transactions on Database Systems (TODS), v.5 n.3, p.316-3338, Sept. 1980  [doi>10.1145/320613.320617]
4
Francis Y. Chin, Security in statistical databases for queries with small counts, ACM Transactions on Database Systems (TODS), v.3 n.1, p.92-104, March 1978  [doi>10.1145/320241.320250]
 
5
CHIN, F. Y., KOSSOWSKI, P., AND LOH, S. C. 1984. Efficient inference control for range sum queries. TheoL. Comput. Sci. 32, 77-86.
 
6
CHIN, F. Y., AND C)ZSOYOC, LU, G. 1982. Auditing and inference control in statistical databases. IEEE Trans. Softw. Eng. SE-8, 6 (Apr.), 574-582.
7
Francis Y. Chin , Gultekin Ozsoyoglu, Statistical database design, ACM Transactions on Database Systems (TODS), v.6 n.1, p.113-139, March 1981  [doi>10.1145/319540.319558]
 
8
CHIN, F. Y., AND 0ZSOYO~,LU, G. 1979. Security in partitioned dynamic statistical databases. In Proceedings of the iEEE COMPSAC, pp. 594-601.
 
9
Cox, L. H. 1980. Suppression methodology and statistical disclosure control. J. Am. Star. Assoc. 75, 370 (June), 377-385.
 
10
DALENIUS, T. 1981. A simple procedure for controlled rounding. Statistik Tidskrift 3, 202-208.
 
11
DALENIUS, T. 1977. Towards a methodology for statistical disclosure control. Statistik Tidskrift 15, 429-444.
 
12
DALENIUS, T. 1974. The invasion of privacy problem and statistics production. An overview. Statistik Tidskrift 12, 213-225.
 
13
DENNING, D. E. 1985. Commutative filters for reducing inference threats in multilevel database systems. In Proceedings of the 1985 Symposium on Security and Privacy, IEEE Computer Society, pp. 134-146.
 
14
DENNING, D. E. 1984. Cryptographic check-sums for multilevel database security. In Proceedings of the 1984 Symposium on Security and Privacy, IEEE Computer Society, pp. 52-61.
 
15
DENNING, D. r. 1983. A security model for the statistical database problem. In Proceedings of the 2nd International Workshop on Management, pp. 1-16.
 
16
Dorothy Elizabeth Rob Denning, Cryptography and Data Security, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1982
 
17
DENNING, D. E. 1981. Restricting queries that might lead to compromise. In Proceedings of IEEE Symposium on Security and Privacy (Apr.), pp. 33-40.
18
Dorothy E. Denning, Secure statistical databases with random sample queries, ACM Transactions on Database Systems (TODS), v.5 n.3, p.291-315, Sept. 1980  [doi>10.1145/320613.320616]
 
19
DENNING, D. E., AND SCHLORER, J. 1983. Inference control for statistical databases. Computer 16, 7 (July), 69-82.
20
Dorothy E. Denning , Jan Schlörer, A fast procedure for finding a tracker in a statistical database, ACM Transactions on Database Systems (TODS), v.5 n.1, p.88-102, March 1980  [doi>10.1145/320128.320138]
 
21
DENNING, D. E., SCHLORER, J., AND WEHRLE, E. 1982. Memoryless inference controls for statistical databases. Computer Science Dept., Purdue Univ.
22
Dorothy E. Denning , Peter J. Denning , Mayer D. Schwartz, The tracker: a threat to statistical database security, ACM Transactions on Database Systems (TODS), v.4 n.1, p.76-96, March 1979  [doi>10.1145/320064.320069]
23
David Dobkin , Anita K. Jones , Richard J. Lipton, Secure databases: protection against user influence, ACM Transactions on Database Systems (TODS), v.4 n.1, p.97-106, March 1979  [doi>10.1145/320064.320068]
 
24
FELLEGI, I. r. 1972. On the question of statistical confidentiality. J. Am. Stat. Assoc. 67, 337 (Mar.), 7-18.
 
25
FELLEGI, I. P., AND PHILLIPS, J. r. 1974. Statistical confidentiality: Some theory and applications to data dissemination. Ann. Ec. Soc. MeaN. 3, 2 (Apr.), 399-409.
 
26
FRIEDMAN, A. D., AND HOFFMAN, L. J. 1980. Towards a fail-safe approach to secure databases. In Proceedings of IEEE Symposium on Security and Privacy (Apr.).
 
27
S P Ghosh, Statistical relational tables for statistical database management, IEEE Transactions on Software Engineering, v.12 n.12, p.1106-1116, Dec.1986
 
28
GHOSU, S. P. 1985. An application of statistical databases in manufacturing testing. IEEE Trans. Softw. Eng. SE-11, 7, 591-596.
 
29
Sakti P. Ghosh, An Application of Statistical Databases in Manufacturing Testing, Proceedings of the First International Conference on Data Engineering, p.96-103, April 24-27, 1984
 
30
GREENBERG, B. G., ABERNATHY, J. R., AND HORVITZ, D. G. 1969a. Application of randomized response technique in obtaining quantitative data. In Proceedings of Social Statistics Section, America, Statistical Association, (Aug.), 40-43.
 
31
GREENBERG, B. G., ABUL-ELA, A.-L., SIMMONS, W. R., AND HORVITZ, U. G. 1969b. The unrelated question randomized response model: Theoretical framework. J. Am. Star. Assoc. 64, 326 (June), 520-539.
 
32
HAQ, M. I. UL. 1977. On safeguarding statistical disclosure by giving approximate answers to queries. In Proceedings of International Computer Symposium (North-Holland), pp. 491-495.
 
33
HAQ, M. I. UL. 1975. Insuring individual's privacy from statistical database users. In Proceedings of National Computer Conference (Montvale, N.J.), vol. 44. AFIPS Press, Arlington, Va., pp. 941-946.
 
34
HOFFMAN, L. J. 1977. Modern Methods for Computer Security and Privacy. Prentice-Hall, Englewood Cliffs, N.J.
 
35
HOFFMAN, L. J., AND MILLER, W. F. 1970. Getting a personal dossier from a statistical data bank. Datarnation 16, 5 (May), 74-75.
36
Wiebren de Jonge, Compromising statistical databases responding to queries about means, ACM Transactions on Database Systems (TODS), v.8 n.1, p.60-80, March 1983  [doi>10.1145/319830.319834]
37
John B. Kam , Jeffrey D. Ullman, A model of statistical database their security, ACM Transactions on Database Systems (TODS), v.2 n.1, p.1-10, March 1977  [doi>10.1145/320521.320525]
 
38
Ezio Lefons , Alberto Silvestri , Filippo Tangorra, An Analytic Approach to Statistical Databases, Proceedings of the 9th International Conference on Very Large Data Bases, p.260-274, October 31-November 02, 1983
 
39
Ernst L. Leiss, Randomizing, A Practical Method for Protecting Statistical Databases Against Compromise, Proceedings of the 8th International Conference on Very Large Data Bases, p.189-196, September 08-10, 1982
40
Chong K. Liew , Uinam J. Choi , Chung J. Liew, A data distortion by probability distribution, ACM Transactions on Database Systems (TODS), v.10 n.3, p.395-411, Sept. 1985  [doi>10.1145/3979.4017]
 
41
MATLOFr, N. E. 1986. Another look at the use of noise addition for database security. In Proceedings of IEEE Symposium on Security and Privacy, pp. 173-180.
 
42
Mary McLeish, An information theoretic approach to statistical databases and their security: a preliminary report, Proceedings of the 2nd international workshop on Proceedings of the Second International Workshop on Statistical Database Management, p.355-359, September 27-29, 1983, Los Altos, California
 
43
MILLER, A. R. 1971. The Assault on Privacy-Com~ puters, Data Banks and Dossiers. University of Michigan Press, Ann Arbor, Mich.
44
Matthew Morgenstern, Security and inference in multilevel database and knowledge-base systems, Proceedings of the 1987 ACM SIGMOD international conference on Management of data, p.357-373, May 27-29, 1987, San Francisco, California, United States
 
45
0ZSOYOGLU, G., AND CHIN, F. Y. 1982. Enhancing the security of statistical databases with a ques* tion-answering system and a kernel design. IEEE Trans. Softw. Eng. SE-8, 3, 223-234.
 
46
Gultekin Özsoyoglu , JiYoung Chung, Information Loss in the Lattice Model of Summary Tables due to Cell Suppression, Proceedings of the Second International Conference on Data Engineering, p.75-83, February 05-07, 1986
 
47
Gultekin Özsoyoglu , Z. Meral Özsoyoglu, Update handling techniques in statistical databases, Proceedings of the 1st LBL Workshop on Statistical database management, p.249-283, December 02-04, 1981, Melno Park, California
 
48
0ZSOYOGLU, G., AND Su, T. A. 1985. Rounding and inference control in conceptual models for statistical databases. In Proceedings of IEEE Symposium on Security and Privacy, pp. 160-173.
 
49
Michael A. Palley, Security of Statistical Databases - Compromise through Attribute Correlational Modeling, Proceedings of the Second International Conference on Data Engineering, p.67-74, February 05-07, 1986
50
Michael A. Palley , Jeffrey S. Simonoff, The use of regression methodology for the compromise of confidential information in statistical databases, ACM Transactions on Database Systems (TODS), v.12 n.4, p.593-608, Dec. 1987  [doi>10.1145/32204.42174]
 
51
REISS, J. P. 1980. Practical data-swapping: The first steps. In Proceedings of IEEE Symposium on Security and Privacy, pp. 36-44.
52
Steven P. Reiss, Practical data-swapping: the first steps, ACM Transactions on Database Systems (TODS), v.9 n.1, p.20-37, March 1984  [doi>10.1145/348.349]
 
53
Neil C. Rowe, Diophantine Inferences from Statistical Aggregates on Few-Valued Attributes, Proceedings of the First International Conference on Data Engineering, p.107-110, April 24-27, 1984
 
54
Gordon Sande, Automated cell suppression to preserve confidentiality of business statistics, Proceedings of the 2nd international workshop on Proceedings of the Second International Workshop on Statistical Database Management, p.346-354, September 27-29, 1983, Los Altos, California
 
55
SCHLORER, J. 1983. Information loss in partitioned statistical databases. Comput. J. 26, 3, 218-223.
56
Jan Schlörer, Security of statistical databases: multidimensional transformation, ACM Transactions on Database Systems (TODS), v.6 n.1, p.95-112, March 1981  [doi>10.1145/319540.319555]
57
Jan Schlöer, Security of statistical databases: multidimensional transformation, ACM Transactions on Database Systems (TODS), v.5 n.4, p.467-492, Dec. 1980  [doi>10.1145/320610.320645]
 
58
SCHLORER, J. 1976. Confidentiality of statistical records: A threat monitoring scheme of on-line dialogue. Methods Inform. Med. 15, 1, 36-42.
 
59
SCHLORER, J. 1975. Identification and retrieval of personal records from a statistical data bank. Methods Info. Med. 14, i, 7-13.
60
M. D. Schwartz , D. E. Denning , P. J. Denning, Linear queries in statistical databases, ACM Transactions on Database Systems (TODS), v.4 n.2, p.156-167, June 1979  [doi>10.1145/320071.320073]
 
61
Su, T., AND 0ZSOYOS, LU, G. 1987. Data dependencies and inference control in multilevel relational database systems. In Proceedings of the 1987 Symposium on Security and Privacy, IEEE Computer Society, pp. 202-211.
 
62
TENDICK, P., AND MATLOFr, N. S. 1987. Recent results on the noise addition method for database security. Presented at the Joint ASA/IMS Statis~ tical Meetings, San Francisco.
63
J. F. Traub , Y. Yemini , H. Woźniakowski, The statistical security of a statistical database, ACM Transactions on Database Systems (TODS), v.9 n.4, p.672-679, Dec. 1984  [doi>10.1145/1994.383392]
 
64
TRUEBLOOD, R. P. 1984. Security issues in knowledge systems. In Proceedings of I st International Workshop on Expert Database Systems, vol. 2, pp. 834-840.
 
65
TURN, R., AND SHAPIRO, N. Z. 1978. Privacy and security in databank systems: Measure of effectiveness, costs, and protector-intruder interactions. Computers and Security, C. T. Dinardo, Ed. AFIPS Press, Arlington, Va., pp. 49-57.
 
66
WARNER, S. L. 1971. The linear randomized response model. J. Am. Star. Assoc. 66, 336 (Dec.), 884-888.
 
67
WARNER, S. L. 1965. Randomized response: A survey technique for eliminating evasive answer bias. J. Am. Stat. Assoc. 60, 309 (Mar.), 63-69.
68
C. T. Yu , F. Y. Chin, A study on the protection of statistical data bases, Proceedings of the 1977 ACM SIGMOD international conference on Management of data, August 03-05, 1977, Toronto, Ontario, Canada  [doi>10.1145/509404.509432]

CITED BY  135
Kun Liu , Hillol Kargupta , Jessica Ryan, Random Projection-Based Multiplicative Data Perturbation for Privacy Preserving Distributed Data Mining, IEEE Transactions on Knowledge and Data Engineering, v.18 n.1, p.92-106, January 2006
D. S. Rogers , E. A. Unger, A deterrent to linear system inferential attacks using a mediator, Proceedings of the 1994 ACM symposium on Applied computing, p.15-19, March 06-08, 1994, Phoenix, Arizona, United States
Benny Chor , Eyal Kushilevitz , Oded Goldreich , Madhu Sudan, Private information retrieval, Journal of the ACM (JACM), v.45 n.6, p.965-981, Nov. 1998
Ran Canetti , Yuval Ishai , Ravi Kumar , Michael K. Reiter , Ronitt Rubinfeld , Rebecca N. Wright, Selective private function evaluation with applications to private statistics, Proceedings of the twentieth annual ACM symposium on Principles of distributed computing, p.293-304, August 2001, Newport, Rhode Island, United States
Michael Anderson, A dynamic knowledge based approach to the problem of deduction on a non-statistical multilevel secure database, Proceedings of the second international conference on Information and knowledge management, p.154-163, November 01-05, 1993, Washington, D.C., United States
Krishnamurty Muralidhar , Rathindra Sarathy, Security of random data perturbation methods, ACM Transactions on Database Systems (TODS), v.24 n.4, p.487-493, Dec. 1999
Rakesh Agrawal , Ramakrishnan Srikant, Privacy-preserving data mining, ACM SIGMOD Record, v.29 n.2, p.439-450, June 2000
P. c. Chu, Cell Suppression Methodology: The Importance of Suppressing Marginal Totals, IEEE Transactions on Knowledge and Data Engineering, v.9 n.4, p.513-523, July 1997
Bee-Chung Chen , Daniel Kifer , Kristen LeFevre , Ashwin Machanavajjhala, Privacy-Preserving Data Publishing, Foundations and Trends in Databases, v.2 n.1–2, p.1-167, January 2009
Rafail Ostrovsky , Victor Shoup, Private information storage (extended abstract), Proceedings of the twenty-ninth annual ACM symposium on Theory of computing, p.294-303, May 04-06, 1997, El Paso, Texas, United States
Nan Zhang , Wei Zhao , Jianer Chen, Cardinality-based inference control in OLAP systems: an information theoretic approach, Proceedings of the 7th ACM international workshop on Data warehousing and OLAP, November 12-13, 2004, Washington, DC, USA
Goetz Graefe, Query evaluation techniques for large databases, ACM Computing Surveys (CSUR), v.25 n.2, p.73-169, June 1993
Rakesh Agrawal, Privacy in data systems, Proceedings of the twenty-second ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, p.37-37, June 09-11, 2003, San Diego, California
Jon Kleinberg , Christos Papadimitriou , Prabhakar Raghavan, Auditing Boolean attributes, Proceedings of the nineteenth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, p.86-91, May 15-18, 2000, Dallas, Texas, United States
Sushil Jajodia, Database security and privacy, ACM Computing Surveys (CSUR), v.28 n.1, p.129-131, March 1996
F. M. Malvestuto , M. Moscarini , M. Rafanelli, Suppressing marginal cells to protect sensitive information in a two-dimensional statistical table (extended abstract), Proceedings of the tenth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems, p.252-258, May 29-31, 1991, Denver, Colorado, United States
Peng Liu , Xu Hao, Efficient damage assessment and repair in resilient distributed database systems, Proceedings of the fifteenth annual working conference on Database and application security, p.75-89, July 15-18, 2001, Niagara, Ontario, Canada
Maurizio Rafanelli, Preface, Multidimensional databases: problems and solutions, Idea Group Publishing, Hershey, PA, 2003
Robert Garfinkel , Ram Gopal , Paulo Goes, Privacy Protection of Binary Confidential Data Against Deterministic, Stochastic, and Insider Threat, Management Science, v.48 n.6, p.749-764, June 2002
Irit Dinur , Kobbi Nissim, Revealing information while preserving privacy, Proceedings of the twenty-second ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, p.202-210, June 09-11, 2003, San Diego, California
Josep Domingo-Ferrer , Vicenç Torra, On the connections between statistical disclosure control for microdata and some artificial intelligence tools, Information Sciences—Informatics and Computer Science: An International Journal, 151, p.153-170, May 2003
Piero A. Bonatti , Sarit Kraus , V. s. Subrahmanian, Foundations of Secure Deductive Databases, IEEE Transactions on Knowledge and Data Engineering, v.7 n.3, p.406-422, June 1995
P. Samarati, Protecting Respondents' Identities in Microdata Release, IEEE Transactions on Knowledge and Data Engineering, v.13 n.6, p.1010-1027, November 2001
Jon Kleinberg , Christos Papadimitriou , Prabhakar Raghavan, Auditing Boolean attributes, Journal of Computer and System Sciences, v.66 n.1, p.244-253, 01 February 2003
Francesco Malvestuto , Marina Moscarini, Privacy in multidimensional databases, Multidimensional databases: problems and solutions, Idea Group Publishing, Hershey, PA, 2003
Chris Clifton , Murat Kantarcioǧlu , AnHai Doan , Gunther Schadow , Jaideep Vaidya , Ahmed Elmagarmid , Dan Suciu, Privacy-preserving data integration and sharing, Proceedings of the 9th ACM SIGMOD workshop on Research issues in data mining and knowledge discovery, June 13, 2004, Paris, France
Traian Marius Truta , Farshad Fotouhi , Daniel Barth-Jones, Assessing global disclosure risk in masked microdata, Proceedings of the 2004 ACM workshop on Privacy in the electronic society, October 28-28, 2004, Washington DC, USA
S. C. Hansen , E. A. Unger, An extended memoryless inference control model: accounting for dependence in table-level controls, ACM SIGMOD Record, v.20 n.2, p.348-356, June 1991
Paul Ammann , Sushil Jajodia , Peng Liu, Recovery from Malicious Transactions, IEEE Transactions on Knowledge and Data Engineering, v.14 n.5, p.1167-1185, September 2002
Gerome Miklau , Dan Suciu, A formal analysis of information disclosure in data exchange, Proceedings of the 2004 ACM SIGMOD international conference on Management of data, June 13-18, 2004, Paris, France
Rakesh Agrawal , Alexandre Evfimievski , Ramakrishnan Srikant, Information sharing across private databases, Proceedings of the 2003 ACM SIGMOD international conference on Management of data, June 09-12, 2003, San Diego, California
Cleopas O. Angaye , Steven C. Hansen, Inferential security in individual computing environments, ACM SIGICE Bulletin, v.20 n.1, p.27-32, July 1994
Alexandre Evfimievski , Ramakrishnan Srikant , Rakesh Agarwal , Johannes Gehrke, Privacy preserving mining of association rules, Information Systems, v.29 n.4, p.343-364, June 2004
Murat Kantarcioǧlu , Jiashun Jin , Chris Clifton, When do data mining results violate privacy?, Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining, August 22-25, 2004, Seattle, WA, USA
Xintao Wu , Yongge Wang , Yuliang Zheng, Privacy preserving database application testing, Proceedings of the 2003 ACM workshop on Privacy in the electronic society, October 30, 2003, Washington, DC
Traian Marius Truta , Farshad Fotouhi , Daniel Barth-Jones, Privacy and confidentiality management for the microaggregation disclosure control method: disclosure risk and information loss measures, Proceedings of the 2003 ACM workshop on Privacy in the electronic society, October 30, 2003, Washington, DC
Boštjan Brumen , Tatjana Welzer , Marjan Družovec , Izidor Golob , Hannu Jaakkola , Ivan Rozman , Jiři Kubalik, Protecting medical data for decision-making analyses, Journal of Medical Systems, v.29 n.1, p.65-80, February 2005
Pramote Luenam , Peng Liu, ODAR: an on-the-fly damage assessment and repair system for commercial database applications, Proceedings of the fifteenth annual working conference on Database and application security, p.239-252, July 15-18, 2001, Niagara, Ontario, Canada
J. Domingo-Ferrer , J. M. Mateo-Sanz, Practical Data-Oriented Microaggregation for Statistical Disclosure Control, IEEE Transactions on Knowledge and Data Engineering, v.14 n.1, p.189-201, January 2002
Vassilios S. Verykios , Elisa Bertino , Igor Nai Fovino , Loredana Parasiliti Provenza , Yucel Saygin , Yannis Theodoridis, State-of-the-art in privacy preserving data mining, ACM SIGMOD Record, v.33 n.1, March 2004
Md. Zahidul Islam , Ljiljana Brankovic, A framework for privacy preserving classification in data mining, Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation, p.163-168, January 01, 2004, Dunedin, New Zealand
Vassilios S. Verykios , Ahmed K. Elmagarmid , Elisa Bertino , Yucel Saygin , Elena Dasseni, Association Rule Hiding, IEEE Transactions on Knowledge and Data Engineering, v.16 n.4, p.434-447, April 2004
Michael Laszlo , Sumitra Mukherjee, Minimum Spanning Tree Partitioning Algorithm for Microaggregation, IEEE Transactions on Knowledge and Data Engineering, v.17 n.7, p.902-911, July 2005
Peter Jonsson , Andrei Krokhin, Recognizing frozen variables in constraint satisfaction problems, Theoretical Computer Science, v.329 n.1-3, p.93-113, 13 December 2004
Josep Domingo-Ferrer , Vicenç Torra, Disclosure risk assessment in statistical data protection, Journal of Computational and Applied Mathematics, v.164-165 n.1, p.285-293, 1 March 2004
Krishnaram Kenthapadi , Nina Mishra , Kobbi Nissim, Simulatable auditing, Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 13-15, 2005, Baltimore, Maryland
Avrim Blum , Cynthia Dwork , Frank McSherry , Kobbi Nissim, Practical privacy: the SuLQ framework, Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 13-15, 2005, Baltimore, Maryland
Sheng Zhong , Zhiqiang Yang , Rebecca N. Wright, Privacy-enhancing k-anonymization of customer data, Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 13-15, 2005, Baltimore, Maryland
Laks V. S. Lakshmanan , Raymond T. Ng , Ganesh Ramesh, To do or not to do: the dilemma of disclosing anonymized data, Proceedings of the 2005 ACM SIGMOD international conference on Management of data, June 14-16, 2005, Baltimore, Maryland
Jaideep Vaidya , Chris Clifton, Privacy-Preserving Data Mining: Why, How, and When, IEEE Security and Privacy, v.2 n.6, p.19-27, November 2004
Rakesh Agrawal , Ramakrishnan Srikant , Dilys Thomas, Privacy preserving OLAP, Proceedings of the 2005 ACM SIGMOD international conference on Management of data, June 14-16, 2005, Baltimore, Maryland
Lingyu Wang , Duminda Wijesekera , Sushil Jajodia, Cardinality-based inference control in data cubes, Journal of Computer Security, v.12 n.5, p.655-692, September 2004
Nicola Zannone , Sushil Jajodia , Fabio Massacci , Duminda Wijesekera, Maintaining privacy on derived objects, Proceedings of the 2005 ACM workshop on Privacy in the electronic society, November 07-07, 2005, Alexandria, VA, USA
Ji-Won Byun , Elisa Bertino, Micro-views, or on how to protect privacy while enhancing data usability: concepts and challenges, ACM SIGMOD Record, v.35 n.1, p.9-13, March 2006
Alexandre Evfimievski , Ramakrishnan Srikant , Rakesh Agrawal , Johannes Gehrke, Privacy preserving mining of association rules, Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, July 23-26, 2002, Edmonton, Alberta, Canada
Daniel Stamate , Henri Luchian , Ben Paechter, A general model for the answer-perturbation techniques, Proceedings of the 7th international conference on Scientific and Statistical Database Management, p.90-96, September 28-30, 1994, Charlottesville, Virginia
Daniel Kifer , Johannes Gehrke, Injecting utility into anonymized datasets, Proceedings of the 2006 ACM SIGMOD international conference on Management of data, June 27-29, 2006, Chicago, IL, USA
Xintao Wu , Songtao Guo , Yingjiu Li, Towards value disclosure analysis in modeling general databases, Proceedings of the 2006 ACM symposium on Applied computing, April 23-27, 2006, Dijon, France
Peng Liu , Hai Wang , Lunquan Li, Real-time data attack isolation for commercial database applications, Journal of Network and Computer Applications, v.29 n.4, p.294-320, November 2006
Bhavani Thuraisingham , Murat Kantarcioglu , Srinivasan Iyer, Extended RBAC-based design and implementation for a secure data warehouse, International Journal of Business Intelligence and Data Mining, v.2 n.4, p.367-382, December 2007
Ross Sparks , Chris Carter , John B. Donnelly , Christine M. O'Keefe , Jodie Duncan , Tim Keighley , Damien McAullay, Remote access methods for exploratory data analysis and statistical modelling: Privacy-Preserving Analytics®, Computer Methods and Programs in Biomedicine, v.91 n.3, p.208-222, September, 2008
Xiaoxun Sun , Min Li , Hua Wang , Ashley Plank, An efficient hash-based algorithm for minimal k-anonymity, Proceedings of the thirty-first Australasian conference on Computer science, January 01-01, 2008, Wollongong, Australia
Peter Jonsson , Andrei Krokhin, Computational complexity of auditing finite attributes in statistical databases, Journal of Computer and System Sciences, v.74 n.5, p.898-909, August, 2008
Ulf Mattsson, A real-time intrusion prevention system for commercial enterprise databases, Proceedings of the 4th WSEAS International Conference on Software Engineering, Parallel & Distributed Systems, p.1-35, February 13-15, 2005, Salzburg, Austria
Anant Jhingran, Moving up the food chain: supporting e-commerce applications on databases, ACM SIGMOD Record, v.29 n.4, p.50-54, Dec. 2000
Ulf Mattsson, A real-time intrusion prevention system for commercial enterprise databases and file systems, Proceedings of the 4th WSEAS International Conference on Artificial Intelligence, Knowledge Engineering Data Bases, p.1-10, February 13-15, 2005, Salzburg, Austria
Ashwin Machanavajjhala , Johannes Gehrke, On the efficiency of checking perfect privacy, Proceedings of the twenty-fifth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 26-28, 2006, Chicago, IL, USA
Patrick Tendick , Norman Matloff, A modified random perturbation method for database security, ACM Transactions on Database Systems (TODS), v.19 n.1, p.47-63, March 1994
Francesco M. Malvestuto , Mauro Mezzini , Marina Moscarini, Auditing sum-queries to make a statistical database secure, ACM Transactions on Information and System Security (TISSEC), v.9 n.1, p.31-60, February 2006
Rathindra Sarathy , Krishnamurty Muralidhar, Secure and useful data sharing, Decision Support Systems, v.42 n.1, p.204-220, October 2006
Shubha U. Nabar , Bhaskara Marthi , Krishnaram Kenthapadi , Nina Mishra , Rajeev Motwani, Towards robustness in query auditing, Proceedings of the 32nd international conference on Very large data bases, September 12-15, 2006, Seoul, Korea
Andrew Simpson , David Power , Mark Slaymaker, On tracker attacks in health grids, Proceedings of the 2006 ACM symposium on Applied computing, April 23-27, 2006, Dijon, France
Xiaokui Xiao , Yufei Tao, Personalized privacy preservation, Proceedings of the 2006 ACM SIGMOD international conference on Management of data, June 27-29, 2006, Chicago, IL, USA
Bikram Sengupta , Satish Chandra , Vibha Sinha, A research agenda for distributed software development, Proceeding of the 28th international conference on Software engineering, May 20-28, 2006, Shanghai, China
Ashwin Machanavajjhala , Daniel Kifer , Johannes Gehrke , Muthuramakrishnan Venkitasubramaniam, L-diversity: Privacy beyond k-anonymity, ACM Transactions on Knowledge Discovery from Data (TKDD), v.1 n.1, p.3-es, March 2007
Gerome Miklau , Dan Suciu, A formal analysis of information disclosure in data exchange, Journal of Computer and System Sciences, v.73 n.3, p.507-534, May, 2007
G. Aggarwal , M. Bawa , P. Ganesan , H. Garcia-Molina , K. Kenthapadi , N. Mishra , R. Motwani , U. Srivastava , D. Thomas , J. Widom , Y. Xu, Vision paper: enabling privacy for the paranoids, Proceedings of the Thirtieth international conference on Very large data bases, p.708-719, August 31-September 03, 2004, Toronto, Canada
Kristen LeFevre , Rakesh Agrawal , Vuk Ercegovac , Raghu Ramakrishnan , Yirong Xu , David DeWitt, Limiting disclosure in hippocratic databases, Proceedings of the Thirtieth international conference on Very large data bases, p.108-119, August 31-September 03, 2004, Toronto, Canada
Gerome Miklau , Dan Suciu, Controlling access to published data using cryptography, Proceedings of the 29th international conference on Very large data bases, p.898-909, September 09-12, 2003, Berlin, Germany
Mayank Bawa , Roberto J. Bayardo, Jr. , Rakesh Agrawal, Privacy-preserving indexing of documents on the network, Proceedings of the 29th international conference on Very large data bases, p.922-933, September 09-12, 2003, Berlin, Germany
Rakesh Agrawal , Roberto Bayardo , Christos Faloutsos , Jerry Kiernan , Ralf Rantzau , Ramakrishnan Srikant, Auditing compliance with a Hippocratic database, Proceedings of the Thirtieth international conference on Very large data bases, p.516-527, August 31-September 03, 2004, Toronto, Canada
Rakesh Agrawal , Jerry Kiernan , Ramakrishnan Srikant , Yirong Xu, Hippocratic databases, Proceedings of the 28th international conference on Very Large Data Bases, p.143-154, August 20-23, 2002, Hong Kong, China
Kobbi Nissim , Sofya Raskhodnikova , Adam Smith, Smooth sensitivity and sampling in private data analysis, Proceedings of the thirty-ninth annual ACM symposium on Theory of computing, June 11-13, 2007, San Diego, California, USA
Gerardo Canfora , Bice Cavallo, A Bayesian approach for on-line max and min auditing, Proceedings of the 2008 international workshop on Privacy and anonymity in information society, March 29-29, 2008, Nantes, France
Jaideep Vaidya , Chris Clifton, Secure set intersection cardinality with application to association rule mining, Journal of Computer Security, v.13 n.4, p.593-622, July 2005
Marco Gruteser , Dirk Grunwald, Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking, Proceedings of the 1st international conference on Mobile systems, applications and services, p.31-42, May 05-08, 2003, San Francisco, California
Rhys Smith , Jianhua Shao, Privacy and e-commerce: a consumer-centric perspective, Electronic Commerce Research, v.7 n.2, p.89-116, June 2007
Dawn N. Jutla , Dimitri Kanevsky, Adding User-Level SPACe: Security, Privacy, and Context to Intelligent Multimedia Information Architectures, Proceedings of the 2006 IEEE/WIC/ACM international conference on Web Intelligence and Intelligent Agent Technology, p.77-84, December 18-22, 2006
Xu Huang , Allan C. Madoc , Dharmendra Sharma, On-line data protecting via pseudo random binary sequences, Proceedings of the 2007 annual Conference on International Conference on Computer Engineering and Applications, p.193-199, January 17-19, 2007, Gold Coast, Queensland, Australia
Barry Schouten , Marc Cigrang, Remote access systems for statistical analysis of microdata, Statistics and Computing, v.13 n.4, p.381-389, October 2003
Steven C. Hansen, Hybrid inferential security methods for statistical databases, ACM SIGAPP Applied Computing Review, v.3 n.1, p.14-18, Summer 1995
F. M. Malvestuto , M. Moscarini, Suppressing marginal totals from a two-dimensional table to protect sensitive information, Statistics and Computing, v.7 n.2, p.101-114, 1997
Jordi Nin , Javier Herranz , Vicenç Torra, On the disclosure risk of multivariate microaggregation, Data & Knowledge Engineering, v.67 n.3, p.399-412, December, 2008
Xiao-Bai Li , Sumit Sarkar, A Tree-Based Data Perturbation Approach for Privacy-Preserving Data Mining, IEEE Transactions on Knowledge and Data Engineering, v.18 n.9, p.1278-1283, September 2006
Shipra Agrawal , Jayant R. Haritsa , B. Aditya Prakash, FRAPP: a framework for high-accuracy privacy-preserving mining, Data Mining and Knowledge Discovery, v.18 n.1, p.101-139, February 2009
Jordi Nin , Javier Herranz , Vicenç Torra, Attribute selection in multivariate microaggregation, Proceedings of the 2008 international workshop on Privacy and anonymity in information society, March 29-29, 2008, Nantes, France
Xiaokui Xiao , Yufei Tao, Dynamic anonymization: accurate statistical analysis with privacy preservation, Proceedings of the 2008 ACM SIGMOD international conference on Management of data, June 09-12, 2008, Vancouver, Canada
Martín Abadi , Bogdan Warinschi, Security analysis of cryptographically controlled access to XML documents, Journal of the ACM (JACM), v.55 n.2, p.1-29, May 2008
Lei Zhang , Sushil Jajodia , Alexander Brodsky, Information disclosure under realistic assumptions: privacy versus optimality, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA
Chin-Chen Chang , Yu-Chiang Li , Wen-Hung Huang, TFRP: An efficient microaggregation algorithm for statistical disclosure control, Journal of Systems and Software, v.80 n.11, p.1866-1878, November, 2007
Jordi Nin , Javier Herranz , Vicenç Torra, Rethinking rank swapping to decrease disclosure risk, Data & Knowledge Engineering, v.64 n.1, p.346-364, January, 2008
Stanley R. M. Oliveira , Osmar R. Zaiane, A unified framework for protecting sensitive association rules in business collaboration, International Journal of Business Intelligence and Data Mining, v.1 n.3, p.247-287, March 2006
Jie Wang , Jun Zhang , Shuting Xu , Weijun Zhong, A novel data distortion approach via selective SSVD for privacy protection, International Journal of Information and Computer Security, v.2 n.1, p.48-70, January 2008
Xintao Wu , Yongge Wang , Songtao Guo , Yuliang Zheng, Privacy Preserving Database Generation for Database Application Testing, Fundamenta Informaticae, v.78 n.4, p.595-612, December 2007
Ulf T. Mattsson, A real-time intrusion prevention system for commercial enterprise databases and file systems, Proceedings of the 10th WSEAS International Conference on Mathematical Methods and Computational Techniques in Electrical Engineering, p.236-244, May 02-04, 2008, Sofia, Bulgaria
Lingyu Wang , Yingjiu Li , Sushil Jajodia , Duminda Wijesekera, Parity-based inference control for multi-dimensional range sum queries, Journal of Computer Security, v.15 n.4, p.417-445, September 2007
Aris Gkoulalas-Divanis , Vassilios S. Verykios, A privacy-aware trajectory tracking query engine, ACM SIGKDD Explorations Newsletter, v.10 n.1, June 2008
Jelena Mirkovic, Privacy-safe network trace sharing via secure queries, Proceedings of the 1st ACM workshop on Network data anonymization, October 31-31, 2008, Alexandria, Virginia, USA
Boštjan Brumen , Izidor Golob , Tatjana Welzer , Marjan Družovec , Ivan Rozman , Hannu Jaakkola, An Algorithm for Protecting Knowledge Discovery Data, Informatica, v.14 n.3, p.277-288, August 2003
LAKS V. S. Lakshmanan , Raymond T. Ng , Ganesh Ramesh, On disclosure risk analysis of anonymized itemsets in the presence of prior knowledge, ACM Transactions on Knowledge Discovery from Data (TKDD), v.2 n.3, p.1-44, October 2008
Kristen LeFevre , David J. DeWitt , Raghu Ramakrishnan, Workload-aware anonymization techniques for large-scale datasets, ACM Transactions on Database Systems (TODS), v.33 n.3, p.1-47, August 2008
Panos Kalnis , Gabriel Ghinita , Kyriakos Mouratidis , Dimitris Papadias, Preventing Location-Based Identity Inference in Anonymous Spatial Queries, IEEE Transactions on Knowledge and Data Engineering, v.19 n.12, p.1719-1733, December 2007
Xiaokui Xiao , Yufei Tao, Output perturbation with query relaxation, Proceedings of the VLDB Endowment, v.1 n.1, August 2008
Justin Brickell , Vitaly Shmatikov, The cost of privacy: destruction of data-mining utility in anonymized data publishing, Proceeding of the 14th ACM SIGKDD international conference on Knowledge discovery and data mining, August 24-27, 2008, Las Vegas, Nevada, USA
Nicolas Anciaux , Mehdi Benzine , Luc Bouganim , Philippe Pucheral , Dennis Shasha, Revelation on demand, Distributed and Parallel Databases, v.25 n.1-2, p.5-28, April 2009
G. Kokolakis , D. Fouskakis, Importance partitioning in micro-aggregation, Computational Statistics & Data Analysis, v.53 n.7, p.2439-2445, May, 2009
Chao Yao , Lingyu Wang , X. Sean Wang , Claudio Bettini , Sushil Jajodia, Evaluating privacy threats in released database views by symmetric indistinguishability, Journal of Computer Security, v.17 n.1, p.5-42, January 2009
Haibing Lu , Yingjiu Li , Vijayalakshmi Atluri , Jaideep Vaidya, An efficient online auditing approach to limit private data disclosure, Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology, March 24-26, 2009, Saint Petersburg, Russia
Jordi Nin , Vicenç Torra, Towards the evaluation of time series protection methods, Information Sciences: an International Journal, v.179 n.11, p.1663-1677, May, 2009
Millist W. Vincent , Mukesh Mohania , Mizuho Iwaihara, Detecting privacy violations in database publishing using disjoint queries, Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology, March 24-26, 2009, Saint Petersburg, Russia
Krishnamurty Muralidhar , Rathindra Sarathy, Data ShufflingA New Masking Approach for Numerical Data, Management Science, v.52 n.5, p.658-670, May 2006
Lisa Singh , Mehmet Sayal, Privately detecting bursts in streaming, distributed time series data, Data & Knowledge Engineering, v.68 n.6, p.509-530, June, 2009
Songtao Guo , Xintao Wu , Yingjiu Li, Determining error bounds for spectral filtering based reconstruction methods in privacy preserving data mining, Knowledge and Information Systems, v.17 n.2, p.217-240, November 2008
Zhang Kun , Pan De-fen, Security deciding in publishing views based on entropy, Proceedings of the 5th International ICST Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness, July 28-31, 2008, Hong Kong
Xiao-Bai Li , Sumit Sarkar, Privacy Protection in Data Mining: A Perturbation Approach for Categorical Data, Information Systems Research, v.17 n.3, p.254-270, September 2006
Sheng Zhong, On Distributed k-Anonymization, Fundamenta Informaticae, v.92 n.4, p.411-431, December 2009
Gautam Das , Nan Zhang, Privacy risks in health databases from aggregate disclosure, Proceedings of the 2nd International Conference on PErvsive Technologies Related to Assistive Environments, p.1-4, June 09-13, 2009, Corfu, Greece
Yashasvi Appilla Chakravarthi , Christof Lutteroth , Gerald Weber, AIMHelp: generating help for GUI applications automatically, Proceedings of the 10th International Conference NZ Chapter of the ACM's Special Interest Group on Human-Computer Interaction, p.21-28, July 06-07, 2009, Auckland, New Zealand
Ebaa Fayyoumi , B. John Oommen, Achieving microaggregation for secure statistical databases using fixed-structure partitioning-based learning automata, IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics, v.39 n.5, p.1192-1205, October 2009
Gerardo Canfora , Bice Cavallo, A Bayesian model for disclosure control in statistical databases, Data & Knowledge Engineering, v.68 n.11, p.1187-1205, November, 2009
Mayank Bawa , Roberto J. Bayardo, Jr , Rakesh Agrawal , Jaideep Vaidya, Privacy-preserving indexing of documents on the network, The VLDB Journal — The International Journal on Very Large Data Bases, v.18 n.4, p.837-856, August 2009
Frank D. McSherry, Privacy integrated queries: an extensible platform for privacy-preserving data analysis, Proceedings of the 35th SIGMOD international conference on Management of data, June 29-July 02, 2009, Providence, Rhode Island, USA
G. Kokolakis , Ph. Nanopoulos , D. Fouskakis, Bregman divergences in the (m×k)-partitioning problem, Computational Statistics & Data Analysis, v.51 n.2, p.668-678, November, 2006
Dan Zhu , Xiao-Bai Li , Shuning Wu, Identity disclosure protection: A data reconstruction approach for privacy-preserving data mining, Decision Support Systems, v.48 n.1, p.133-140, December, 2009
Emmanouil Magkos , Manolis Maragoudakis , Vassilis Chrissikopoulos , Stefanos Gritzalis, Accurate and large-scale privacy-preserving data mining using the election paradigm, Data & Knowledge Engineering, v.68 n.11, p.1224-1236, November, 2009

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.0 General
          Subjects: Security, integrity, and protection**

Additional Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.4 Systems
          Subjects: Query processing


General Terms:
Design, Performance, Security


REVIEW

"Mary McLeish : Reviewer"

A statistical database (SDB) is any traditional database system in which queries are restricted to statistical aggregates (such as sample mean and count); an example is the US Census Bureau database. It is often required that the system be sec  more...

Collaborative Colleagues:
Nabil R. Adam: colleagues
John C. Worthmann: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2010 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player