Security problems on inference control for SUM, MAX, and MIN queries
Journal of the ACM (JACM)
Security-control methods for statistical databases: a comparative study
ACM Computing Surveys (CSUR)
Secure databases: protection against user influence
ACM Transactions on Database Systems (TODS)
A model of statistical database their security
ACM Transactions on Database Systems (TODS)
Security in Databases: A Combinatorial Study
Journal of the ACM (JACM)
Privacy-preserving data mining
SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
Auditing Interval-Based Inference
CAiSE '02 Proceedings of the 14th International Conference on Advanced Information Systems Engineering
Revealing information while preserving privacy
Proceedings of the twenty-second ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Limiting privacy breaches in privacy preserving data mining
Proceedings of the twenty-second ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Auditing for secure statistical databases
ACM '81 Proceedings of the ACM '81 conference
Journal of Computer and System Sciences - Special issue on PODS 2000
Controlled Query Evaluation for Known Policies by Combining Lying and Refusal
Annals of Mathematics and Artificial Intelligence
Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Practical privacy: the SuLQ framework
Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Proceedings of the 2005 ACM SIGMOD international conference on Management of data
Privacy via pseudorandom sketches
Proceedings of the twenty-fifth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Towards robustness in query auditing
VLDB '06 Proceedings of the 32nd international conference on Very large data bases
Auditing compliance with a Hippocratic database
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Theoretical Computer Science
| Hi-index | 0.00 |
A fundamental problem in online query auditingis that an outside attacker may compromise database privacy by exploiting the sequence of query responses and the information flow from the database state to the auditing decision. Kenthapadi et al. [14] proposed the simulatable auditingmodel to solve this problem in a way that completely blocks the aforementioned information flow. However, the security does not come for free. The simulatable auditing model actually suffers from unnecessary data utility loss.We assert that in order to guarantee database privacy, blocking the information flow from the true database state to the auditing decision is sufficient but far from necessary. To limit the loss in data utility, we suggest an alternative approach that controls, instead of blocks, such information flow. To this end, we introduce a new model, called simulatable binding, in which the information flow from the true database state to the auditing decision is provably controlled by a selected safe binding. We prove that the proposed simulatable binding model provides a sufficient and necessary condition to guarantee database privacy, and therefore, algorithms based on our model will provide better data utility than algorithms based on the simulatable auditing model. To demonstrate the strength and practicality of our model, we provide two efficient algorithms for the max query and sum query auditing, respectively. For the ease of comparison, each algorithm is built by applying our simulatable binding model, and is compared to an algorithm applying the simulatable auditing model. Clear improvements are shown through experiments.