article

Free access

A security machanism for statistical database

Editor: David K. Hsiao Author:

Leland L. BeckAuthors Info & Claims

ACM Transactions on Database Systems (TODS), Volume 5, Issue 3

Pages 316 - 3338

https://doi.org/10.1145/320613.320617

Published: 01 September 1980 Publication History

Abstract

The problem of user inference in statistical databases is discussed and illustrated with several examples. It is assumed that the database allows “total,” “average,” “count,” and “percentile” queries; a query may refer to any arbitrary subset of the database. Methods for protecting the security of such a database are considered; it is shown that any scheme which gives “statistically correct” answers is vulnerable to penetration. A precise definition of compromisability (in a statistical sense) is given. A general model of user inference is proposed; two special cases of this model appear to contain all previously published strategies for compromising a statistical database. A method for protecting the security of such a statistical database against these types of user inference is presented and discussed. It is shown that the number of queries required to compromise the database can be made arbitrarily large by accepting moderate increases in the variance of responses to queries. A numerical example is presented to illustrate the application of the techniques discussed.

References

[1]

BORUCH, R.F. Maintaining confidentiality in educational research: A systematic analysis. Am. Psychol. 26 (1971), 413-430.

[2]

CAMPBELL, D.T., BORUCH, R.F., SCHWARTZ, R.D., AND STEINBERG, J. Confidentiality-preserving modes of access to files and to interfile exchange for useful statistical analysis. Eval. Quart. 1, 2 (May 1977), 266-269.

[3]

CHIN, F.Y. Security in statistical databases for queries with small counts. ACM Trans. Database Syst. 3, 1 (March 1978), 92-104.

Digital Library

[4]

CONWAY, R., AND STRIP, D. Selective partial access to a database. Proc. 1976 ACM Ann. Conf., pp. 85-89.

Digital Library

[5]

DALENIUS, T. Towards a methodology for statistical disclosure control. Stirtryck ur Statistisk tidskrift 15 (1977}, 429-444.

[6]

DALENIUS, T., AND REINS, S.P. Data-swapping--A technique for disclosure control. Comput. Sci. Tech. Rep. 39, Brown Univ., Providence, R.I., July I978.

[7]

DAVIDA, G.I., AND KAM, J.B. Data security: Theory and practice. Rep. TR-CS-76-2, Coll. Engineering and Applied Science, Univ. Wisconsin, Milwaukee, WIN., 1976.

[8]

DAVIDA, G.I., LINTON, D.J., SZELAG, C.R., AND WELLS, D.L. Data base security. IEEE Trans. Softw. Eng. SE-4, 6 (Nov. 1978), 531-533.

Digital Library

[9]

DEMmLO, R.A., DOBKIN, D., AND LIPTON, R.J. Combinatorial inference. In Foundations of Secure Computation, R. A. DeMiUo et al., Eds. Academic Press, New York, 1978, pp. 27-35.

[10]

DEMILLO, R.A., DOBKIN, D., AND LIPTON, R.J. Even databases that lie can be compromised. IEEE Trans. Softw. Eng. SE-4, 1 (Jan. 1978), 73-75.

Digital Library

[11]

DENNING, D.E. Are statistical data bases secure? Proc. AFIPS 1978 NCC, vol. 47, AFIPS Press, Arlington, Va., pp. 525-530.

[12]

DENNING, D.E. Secure statistical databases with random sample queries. Rep. CSD-TR~302, Dep. Computer Science, Purdue Univ., W. Lafayette, Ind., April 1979.

[13]

DENNING, D.E. Complexity results relating to statistical confidentiality. Computer Science and Statistics: 12th Ann. Symp. Interface, Waterloo, Canada, May 1979.

[14]

DENNING, D.E., DENNING, P.J., AND SCHWARTZ, M.D. The tracker: A threat to statistical database security. ACM Trans. Database Syst. 4, 1 (March 1979), 76-96.

Digital Library

[15]

DOBKIN, D., JONES, A.K., AND LIPTON, R.J. Secure databases: Protection against user influence. ACM Trans. Database Syst. 4, 1 (March 1979), 97-106.

Digital Library

[16]

FELLEGI, I.P., AND PHILLIPS, J.L. Statistical confidentiality: Some theory and applications to data dissemination. Ann. Econ. Soc. MeaN. 3, 2 (April 1974), 399-409.

[17]

HANSEN, M.H. Insuring confidentiality of individual records in data storage and retrieval for statistical purposes. Proc. AFIPS 1971 FJCC, vol. 39, AFIPS Press, Arlington, Va., pp. 579-585.

[18]

HOFFMAN, L.J., AND MILLER, W.F. Getting a personal dossier from a statistical data bank. Datamation 16, 5 (May 1970), 74-75.

[19]

HocG, R.V., AND CRAIG, A.T. introduction to Mathematical Statistics. Macmillan, New York, 1970.

[20]

KAM, J.B., At~D ULLMAN, J.D. A model of statistical databases and their security. ACM Trans. Database Syst. 2, 1 {March 1977), 1-10.

Digital Library

[21]

NARGUNDKAR, M.S., AND SAVELAND, W. Random rounding to prevent statistical disclosure. Proc. Am. Stat. Assoc., Soc. Stat. Sect. (1972), 382-385.

[22]

SC~IL6RER, J. Disclosure from statistical databases: Quantitative aspects of trackers. Inst. Medizinische Statistik und Dokumentation, Univ. Giessen, Giessen, W. Germany, March 1979.

[23]

SC~II~6RER, J. Security of statistical databases: Multidimensional transformation. Rep. TB- IMSD 2/78, Inst. Medizinische Statistik und Dokumentation, Univ. Giessen, Giessen, W. Germany, March 1979.

[24]

SCHL6RER J. Union tracker and open statistical databases. Rep. TB-IMSD 1/78, Inst. Medizinische Statistik und Dokumentation, Univ. Giessen, Giessen, W. Germany, June 1978.

[25]

Yu, C.T., AND CHIN, F.Y. A study on the protection of statistical databases. Proc. A CM SIGMOD Int. Conf. Management of Data, 1977, pp. 169-181.

Digital Library

Cited By

Kröger J(2023)Technology Cannot Fix the Privacy CrisisSSRN Electronic Journal10.2139/ssrn.4326794Online publication date: 2023
https://doi.org/10.2139/ssrn.4326794
Noury AAmini M(2022)An access and inference control model for time series databasesFuture Generation Computer Systems10.1016/j.future.2018.09.05792:C(93-108)Online publication date: 15-Apr-2022
https://dl.acm.org/doi/10.1016/j.future.2018.09.057
Gadotti AHoussiau FRocher LLivshits BDe Montjoye YHeninger NTraynor P(2019)When the signal is in the noiseProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361413(1081-1098)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361413
Show More Cited By

Index Terms

A security machanism for statistical database

Recommendations

Statistical database design

The security problem of a statistical database is to limit the use of the database so that no sequence of statistical queries is sufficient to deduce confidential or private information. In this paper it is suggested that the problem be investigated at ...
Security in statistical databases for queries with small counts

The security problem of statistical databases containing anonymous but individual records which may be evaluated by queries about sums and averages is considered. A model, more realistic than the previous ones, is proposed, in which nonexisting records ...
Statistical Database Query Languages

Databases that are mainly used for statistical analysis are called statistical databases (SDB). A statistical database management system (SDBMS) may be defined as a database management system that provides capabilities 1) to model, store, and manipulate ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Database Systems

ACM Transactions on Database Systems Volume 5, Issue 3

Sept. 1980

142 pages

ISSN:0362-5915

EISSN:1557-4644

DOI:10.1145/320613

Editor:
David K. Hsiao
Ohio State Univ., Columbus

Issue’s Table of Contents

Copyright © 1980 ACM.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 September 1980

Published in TODS Volume 5, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

115
Total Citations
View Citations
1,542
Total Downloads

Downloads (Last 12 months)104
Downloads (Last 6 weeks)9

Reflects downloads up to 16 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kröger J(2023)Technology Cannot Fix the Privacy CrisisSSRN Electronic Journal10.2139/ssrn.4326794Online publication date: 2023
https://doi.org/10.2139/ssrn.4326794
Noury AAmini M(2022)An access and inference control model for time series databasesFuture Generation Computer Systems10.1016/j.future.2018.09.05792:C(93-108)Online publication date: 15-Apr-2022
https://dl.acm.org/doi/10.1016/j.future.2018.09.057
Gadotti AHoussiau FRocher LLivshits BDe Montjoye YHeninger NTraynor P(2019)When the signal is in the noiseProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361413(1081-1098)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361413
Oehmichen AJain SGadotti AMontjoye Y(2019)OPAL: High performance platform for large-scale privacy-preserving location data analytics2019 IEEE International Conference on Big Data (Big Data)10.1109/BigData47090.2019.9006389(1332-1342)Online publication date: Dec-2019
https://doi.org/10.1109/BigData47090.2019.9006389
Kundalwal MSingh AChatterjee K(2018)A Privacy Framework in Cloud Computing for Healthcare Data2018 International Conference on Advances in Computing, Communication Control and Networking (ICACCCN)10.1109/ICACCCN.2018.8748480(58-63)Online publication date: Oct-2018
https://doi.org/10.1109/ICACCCN.2018.8748480
Sellami MHacid MGammoudi M(2018)A FCA framework for inference control in data integration systemsDistributed and Parallel Databases10.1007/s10619-018-7241-537:4(543-586)Online publication date: 1-Aug-2018
https://doi.org/10.1007/s10619-018-7241-5
Wigderson AYehudayoff A(2016)Population recovery and partial identificationMachine Language10.1007/s10994-015-5489-9102:1(29-56)Online publication date: 1-Jan-2016
https://dl.acm.org/doi/10.1007/s10994-015-5489-9
Kenthapadi KMishra NNissim K(2013)Denials leak informationJournal of Computer and System Sciences10.1016/j.jcss.2013.06.00479:8(1322-1340)Online publication date: 1-Dec-2013
https://dl.acm.org/doi/10.1016/j.jcss.2013.06.004
Cavallo BCanfora GD’Apuzzo LSquillante M(2013)Reasoning under uncertainty and multi-criteria decision making in data privacyQuality & Quantity10.1007/s11135-013-9859-848:4(1957-1972)Online publication date: 12-May-2013
https://doi.org/10.1007/s11135-013-9859-8
Wigderson AYehudayoff A(2012)Population Recovery and Partial IdentificationProceedings of the 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science10.1109/FOCS.2012.14(390-399)Online publication date: 20-Oct-2012
https://dl.acm.org/doi/10.1109/FOCS.2012.14
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents