A data distortion by probability distribution
ACM Transactions on Database Systems (TODS)
Protecting statistical databases: a matter of privacy
ACM SIGCAS Computers and Society
A modified random perturbation method for database security
ACM Transactions on Database Systems (TODS)
A security machanism for statistical database
ACM Transactions on Database Systems (TODS)
Privacy-preserving data mining
SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
The statistical security of a statistical database
ACM Transactions on Database Systems (TODS)
Non-reversible privacy transformations
PODS '82 Proceedings of the 1st ACM SIGACT-SIGMOD symposium on Principles of database systems
Privacy preserving mining of association rules
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Privacy preserving mining of association rules
Information Systems - Knowledge discovery and data mining (KDD 2002)
A privacy preserving mining algorithm on distributed dataset
FSKD'06 Proceedings of the Third international conference on Fuzzy Systems and Knowledge Discovery
Incorporating privacy concerns in data mining on distributed data
AIMSA'06 Proceedings of the 12th international conference on Artificial Intelligence: methodology, Systems, and Applications
Uniform obfuscation for location privacy
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
An overview of recent data base research
ACM SIGMIS Database
Hi-index | 0.00 |
A system to support a multi-function, shared-access database requires the capability of defining for each user an arbitrary subset of the fields of a logical record to which access is allowed. The feasibility of such a capability has already been demonstrated by several operational systems. This paper is concerned with the possibility of granting something less than complete access to a specified field of a record. The purpose would be to allow a user to perform various summary and statistical tasks over controlled fields without allowing identification of the exact value of a field in a particular record. Three different strategies are examined: 1. An arbitrary partition of values is defined for each restricted field. A user granted this type of access can determine only which class of the partition contains the field value. 2. The actual field value is distorted by a random perturbation. 3. Access to actual field values is allowed—but values are dissociated from the actual record in which they occur. The third strategy—dissociation—appears to be the most interesting, potentially useful, but potentially vulnerable. In each case, the utility of incomplete access is examined and various implementation alternatives are explored. The degree of protection against persistent assault is determined.