Auditing Inference Based Disclosures in Dynamic Databases

Authors:
Vikram Goyal;S. K. Gupta;Manish Singh;Anand Gupta
Affiliations:
Department of Computer Science and Engineering, IIT Delhi, Hauz Khas;Department of Computer Science and Engineering, IIT Delhi, Hauz Khas;Department of Computer Science and Engineering, IIT Delhi, Hauz Khas;Dept. of Comp. Sci. and Engg. N.S.I.T. Delhi, Sector-3, Dwarka
Venue:
SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
Year:
2008

Citing 13
Cited 0

Principles of database and knowledge-base systems, Vol. I

Principles of database and knowledge-base systems, Vol. I
Design of LDV: A Multilevel Secure Relational Database Management

IEEE Transactions on Knowledge and Data Engineering
Inference in MLS Database Systems

IEEE Transactions on Knowledge and Data Engineering
Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures

IEEE Transactions on Knowledge and Data Engineering
Optimal implementation of conjunctive queries in relational data bases

STOC '77 Proceedings of the ninth annual ACM symposium on Theory of computing
The inference problem and updates in relational databases

Das'01 Proceedings of the fifteenth annual working conference on Database and application security
On the efficiency of checking perfect privacy

Proceedings of the twenty-fifth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
A formal analysis of information disclosure in data exchange

Journal of Computer and System Sciences
Auditing compliance with a Hippocratic database

VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
A Unified Audit Expression Model for Auditing SQL Queries

Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Auditing a Batch of SQL Queries

ICDEW '07 Proceedings of the 2007 IEEE 23rd International Conference on Data Engineering Workshop
Detecting privacy violations in sensitive XML databases

SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management
Malafide intension based detection of privacy violation in information system

ICISS'06 Proceedings of the Second international conference on Information Systems Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

A privacy violation in an information system could take place either through explicit access or inference over already revealed facts using domain knowledge. In a post violation scenario, an auditing framework should consider both these aspects to determine exact set of minimal suspicious queries set. Update operations in database systems add more complexity in case of auditing, as inference rule applications on different data versions may generate erroneous information in addition to the valid information. In this paper, we formalize the problem of auditing inference based disclosures in dynamic databases, and present a sound and complete algorithm to determine a suspicious query set for a given domain knowledge, a database, an audit query, updates in the database. Each element of the output set is a minimal set of past user queries made to the database system such that data revealed to these queries combined with domain knowledge can infer the valid data specified by the audit query.