A formal analysis of information disclosure in data exchange

Authors:
Gerome Miklau;Dan Suciu
Affiliations:
Department of Computer Science, University of Massachusetts at Amherst, 140 Governors Drive, Amherst, MA 01003, USA;Department of Computer Science and Engineering, University of Washington, Box 352350, Seattle, WA 98195, USA
Venue:
Journal of Computer and System Sciences
Year:
2007

Citing 20
Cited 22

Updating derived relations: detecting irrelevant and autonomously computable updates

ACM Transactions on Database Systems (TODS)
Security-control methods for statistical databases: a comparative study

ACM Computing Surveys (CSUR)
Constraint checking with partial information

PODS '94 Proceedings of the thirteenth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
Database security: research and practice

Information Systems
Probabilistic frame-based systems

AAAI '98/IAAI '98 Proceedings of the fifteenth national/tenth conference on Artificial intelligence/Innovative applications of artificial intelligence
Independence of logic database queries and update

PODS '90 Proceedings of the ninth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
Algebraic versus probabilstic independence in data bases

PODS '85 Proceedings of the fourth ACM SIGACT-SIGMOD symposium on Principles of database systems
Selectivity estimation using probabilistic models

SIGMOD '01 Proceedings of the 2001 ACM SIGMOD international conference on Management of data
Cryptography and data security

Cryptography and data security
Executing SQL over encrypted data in the database-service-provider model

Proceedings of the 2002 ACM SIGMOD international conference on Management of data
Queries Independent of Updates

VLDB '93 Proceedings of the 19th International Conference on Very Large Data Bases
Answering queries using views: A survey

The VLDB Journal — The International Journal on Very Large Data Bases
Limiting privacy breaches in privacy preserving data mining

Proceedings of the twenty-second ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
k-anonymity: a model for protecting privacy

International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems
Information sharing across private databases

Proceedings of the 2003 ACM SIGMOD international conference on Management of data
A formal analysis of information disclosure in data exchange

SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Controlling access to published data using cryptography

VLDB '03 Proceedings of the 29th international conference on Very large data bases - Volume 29
Secure XML publishing without information leakage in the presence of data inference

VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Privacy in database publishing

ICDT'05 Proceedings of the 10th international conference on Database Theory
Asymptotic conditional probabilities for conjunctive queries

ICDT'05 Proceedings of the 10th international conference on Database Theory

A Unified Audit Expression Model for Auditing SQL Queries

Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Auditing Inference Based Disclosures in Dynamic Databases

SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
Approximate lineage for probabilistic databases

Proceedings of the VLDB Endowment
Detecting privacy violations in database publishing using disjoint queries

Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology
An efficient online auditing approach to limit private data disclosure

Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology
Privacy-Preserving Query Answering in Logic-based Information Systems

Proceedings of the 2008 conference on ECAI 2008: 18th European Conference on Artificial Intelligence
Empirical evidence for the usefulness of Armstrong relations in the acquisition of meaningful functional dependencies

Information Systems
Verification of the security against inference attacks on XML databases

APWeb'08 Proceedings of the 10th Asia-Pacific web conference on Progress in WWW research and development
Requirements and protocols for inference-proof interactions in information systems

ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Turning privacy leaks into floods: surreptitious discovery of social network friendships and other sensitive binary attribute vectors

Proceedings of the 9th annual ACM workshop on Privacy in the electronic society
Queries and materialized views on probabilistic databases

Journal of Computer and System Sciences
Determining relevance of accesses at runtime

Proceedings of the thirtieth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Efficient auditing for complex SQL queries

Proceedings of the 2011 ACM SIGMOD International Conference on Management of data
A sound and complete model-generation procedure for consistent and confidentiality-preserving databases

Theoretical Computer Science
Design by example for SQL table definitions with functional dependencies

The VLDB Journal — The International Journal on Very Large Data Bases
Competitive privacy: secure analysis on integrated sequence data

DASFAA'10 Proceedings of the 15th international conference on Database Systems for Advanced Applications - Volume Part II
Usability confinement of server reactions: maintaining inference-proof client views by controlled interaction execution

DNIS'10 Proceedings of the 6th international conference on Databases in Networked Information Systems
Characterisations of multivalued dependency implication over undetermined universes

Journal of Computer and System Sciences
Inference-usability confinement by maintaining inference-proof views of an information system

International Journal of Computational Science and Engineering
Fine-grained disclosure control for app ecosystems

Proceedings of the 2013 ACM SIGMOD International Conference on Management of Data
Denials leak information: Simulatable auditing

Journal of Computer and System Sciences
Dynamic policy adaptation for inference control of queries to a propositional information system

Journal of Computer Security - DBSec 2011

Quantified Score

Hi-index	0.00

Visualization

Abstract

We perform a theoretical study of the following query-view security problem: given a view V to be published, does V logically disclose information about a confidential query S? The problem is motivated by the need to manage the risk of unintended information disclosure in today's world of universal data exchange. We present a novel information-theoretic standard for query-view security. This criterion can be used to provide a precise analysis of information disclosure for a host of data exchange scenarios, including multi-party collusion and the use of outside knowledge by an adversary trying to learn privileged facts about the database. We prove a number of theoretical results for deciding security according to this standard. We also generalize our security criterion to account for prior knowledge a user or adversary may possess, and introduce techniques for measuring the magnitude of partial disclosures. We believe these results can be a foundation for practical efforts to secure data exchange frameworks, and also illuminate a nice interaction between logic and probability theory.