Accessibility, security, and accuracy in statistical databases: the case for the multiplicative fixed data perturbation approach

Organizations store data regarding their operations, employees, consumers, and suppliers in their databases. Some of the data are considered confidential, and by law, the organization is required to provide appropriate security measures in order to preserve privacy. Yet a number of companies have little or no security measures. The reason for this lack of security may, at least in part, be attributed to a lack of awareness and empirical evidence about the relative effectiveness of security mechanisms. This study investigates the effectiveness of different security mechanisms for protecting numerical database attributes. The trade-off between security, accessibility, and accuracy are examined. A comparison of different security mechanisms reveals that fixed data perturbation is preferred because it maximizes both security and accessibility. An investigation of the different approaches to fixed data perturbation indicates that multiplicative method best meets these criteria.

[1]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, ACM Comput. Surv..

[2]  Leland L. Beck,et al.  A security machanism for statistical database , 1980, TODS.

[3]  Peter J. Denning,et al.  The tracker: a threat to statistical database security , 1979, TODS.

[4]  Jeffrey S. Simonoff,et al.  The use of regression methodology for the compromise of confidential information in statistical databases , 1987, TODS.

[5]  W. R. Buckland,et al.  Random processes and the growth of firms , 1965 .

[6]  Martin Herbert,et al.  1985 Opinion Survey of MIS Managers: Key Issues , 1986, MIS Q..

[7]  Steven P. Reiss Practical Data-Swapping: The First Steps , 1980, 1980 IEEE Symposium on Security and Privacy.

[8]  SchlöerJan Security of statistical databases , 1980 .

[9]  B. O'Neill,et al.  Some Recent Results in Lognormal Parameter Estimation Using Grouped and Ungrouped Data , 1972 .

[10]  James C. Wetherbe,et al.  Key Information Systems Issues for the 1980's , 1984, MIS Q..

[11]  Abraham Charnes,et al.  A Goal Programming Model for Media Planning , 1968 .

[12]  Z. Meral Ozsoyoglu,et al.  Update handling techniques in statistical databases , 1981 .

[13]  John Neter,et al.  Behavior of major statistical estimators in sampling accounting populations : an empirical study , 1975 .

[14]  Norman S. Matloff Another Look at the Use of Noise Addition for Database Security , 1986, 1986 IEEE Symposium on Security and Privacy.

[15]  Ezio Lefons,et al.  An Analytic Approach to Statistical Databases , 1983, VLDB.

[16]  James C. Wetherbe,et al.  Key issues in information systems management , 1987 .

[17]  A. R. Thatcher The Distribution of Earnings of Employees in Great Britain , 1968 .

[18]  Michael A. Palley Security of statistical databases compromise through attribute correlational modeling , 1986, 1986 IEEE Second International Conference on Data Engineering.

[19]  A. Miller The assault on privacy : computers, data banks, and dossiers , 1972 .

[20]  Nabil R. Adam,et al.  Security of Statistical Databases with an Output Perturbation Technique , 1989, J. Manag. Inf. Syst..

[21]  Robert K. Wysocki,et al.  Information Systems: Management Practices in Action , 1990 .

[22]  Raymond P. Lutz,et al.  Decision rules for inventory management , 1967 .

[23]  James O. Achugbue,et al.  The Effectiveness Of Output Modification By Rounding For Protection Of Statistical Data Bases , 1979 .

[24]  K. Laudon Dossier Society: Value Choices in the Design of National Information Systems , 1988 .

[25]  Dorothy E. Denning,et al.  Secure statistical databases with random sample queries , 1980, TODS.

[26]  Gultekin Özsoyoglu,et al.  Enhancing the Security of Statistical Databases with a Question-Answering System and a Kernel Design , 1982, IEEE Transactions on Software Engineering.

[27]  I. P. Fellegi,et al.  Statistical Confidentiality: Some Theory and Application to Data Dissemination , 1974 .

[28]  Jan Schlörer,et al.  Security of statistical databases: multidimensional transformation , 1980, TODS.

[29]  Detmar W. Straub,et al.  Organizational structuring of the computer security function , 1988, Comput. Secur..

[30]  Henryk Wozniakowski,et al.  The statistical security of a statistical database , 1984, TODS.

[31]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[32]  Dorothy E. Denning,et al.  Inference Controls for Statistical Databases , 1983, Computer.

[33]  D. Parker Computer Security Management , 1981 .

[34]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[35]  Gultekin Özsoyoglu,et al.  Statistical database design , 1981, TODS.

[36]  R. Mason Four ethical issues of the information age , 1986 .

[37]  J. Aitchison,et al.  The Lognormal Distribution. , 1958 .

[38]  Mohammed Inam Ul Haq,et al.  Insuring individual's privacy from statistical data base users , 1975, AFIPS '75.

[39]  Ivan P. Fellegi,et al.  On the Question of Statistical Confidentiality , 1972 .

[40]  G. Easton,et al.  Stochastic models of industrial buying behaviour , 1980 .

[41]  Ken Wong,et al.  Computer crime - Risk management and computer security , 1985, Comput. Secur..

[42]  Chong K. Liew,et al.  A data distortion by probability distribution , 1985, TODS.

[43]  Gultekin Özsoyoglu,et al.  Rounding and Inference Controlin Conceptual Models for Statistical Databases , 1985, 1985 IEEE Symposium on Security and Privacy.

[44]  Richard J. Lipton,et al.  Secure databases: protection against user influence , 1979, TODS.

[45]  Dinesh Batra,et al.  An investigation of the effectiveness of statistical distributions for additive fixed data perturbation , 1995, Comput. Oper. Res..