Security problems on inference control for SUM, MAX, and MIN queries
Journal of the ACM (JACM)
Security-control methods for statistical databases: a comparative study
ACM Computing Surveys (CSUR)
Computationally private information retrieval (extended abstract)
STOC '97 Proceedings of the twenty-ninth annual ACM symposium on Theory of computing
Journal of the ACM (JACM)
Oblivious transfer and polynomial evaluation
STOC '99 Proceedings of the thirty-first annual ACM symposium on Theory of computing
Secure databases: protection against user influence
ACM Transactions on Database Systems (TODS)
The tracker: a threat to statistical database security
ACM Transactions on Database Systems (TODS)
Security of statistical databases: multidimensional transformation
ACM Transactions on Database Systems (TODS)
Foundations of Cryptography: Basic Tools
Foundations of Cryptography: Basic Tools
Controlling FD and MVD Inferences in Multilevel Relational Database Systems
IEEE Transactions on Knowledge and Data Engineering
Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures
IEEE Transactions on Knowledge and Data Engineering
ICDT '03 Proceedings of the 9th International Conference on Database Theory
Cardinality-Based Inference Control in Sum-Only Data Cubes
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Priced Oblivious Transfer: How to Sell Digital Goods
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
The inference problem: a survey
ACM SIGKDD Explorations Newsletter
Replication is not needed: single database, computationally-private information retrieval
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Detection and Elimination of Inference Channels in Multilevel Relational Database Systems
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Proceedings of the 11th ACM conference on Computer and communications security
Practical Inference Control for Data Cubes (Extended Abstract)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Auditing and Inference Control in Statistical Databases
IEEE Transactions on Software Engineering
Private Inference Control for Aggregate Database Queries
ICDMW '07 Proceedings of the Seventh IEEE International Conference on Data Mining Workshops
A New Protocol for Conditional Disclosure of Secrets and Its Applications
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
Public-key cryptosystems based on composite degree residuosity classes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Computationally private information retrieval with polylogarithmic communication
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
An oblivious transfer protocol with log-squared communication
ISC'05 Proceedings of the 8th international conference on Information Security
| Hi-index | 0.00 |
Private inference control enables simultaneous enforcement of inference control and protection of users' query privacy. Private inference control is a useful tool for database applications, especially when users are increasingly concerned about individual privacy nowadays. However, protection of query privacy on top of inference control is a double-edged sword: without letting the database server know the content of user queries, users can easily launch DoS attacks. To assuage DoS attacks in private inference control, we propose the concept of self-enforcing private inference control , whose intuition is to force users to only make inference-free queries by enforcing inference control themselves; otherwise, penalty will inflict upon the violating users. Towards instantiating the concept, we formalize a model on self- enforcing private inference control, and propose a concrete provably secure scheme, based on Woodruff and Staddon's work. In our construction, "penalty" is instantiated to be a deprivation of users' access privilege: so long as a user makes an inference-enabling query, his access privilege is forfeited and he is rejected to query the database any further. We also discuss several important issues that complement and enhance the basic scheme.