New Approaches to Disclosure Limitation While Answering Queries to a Database: Protecting Numerical Confidential Data against Insider Threat Based on Data or Algorithms

Confidentiality via Camouflage (CVC) is a practical method for giving unlimited, correct, numerical responses to ad-hoc queries to an on-line database, while not compromising confidential numerical data . Responses are in the form of intervals that are guaranteed to contain the exact answer. Virtually any imaginable query type can be answered and although sharing of query answers among users presents no problem, the threat of insider information is real. In this work we identify two distinct types of insider information, depending on whether the knowledge is of data in the confidential field or of the algorithmic process that is used to answer queries. We show that different realizations of CVC can protect against one type of insider threat or the other, while a combination of realizations can be used if the database administrator is not able to specify the type of threat that is present. Various strategies for dealing with cases where a user poses both types of threats are also presented. Computational experience relates the degradation of answer intervals that can be expected based on the type of threat that is protected against and indicates that, in general, algorithmic threat causes the greatest degradation.

[1]  Richard J. Lipton,et al.  Secure databases: protection against user influence , 1979, TODS.

[2]  Gultekin Özsoyoglu,et al.  Auditing and Inference Control in Statistical Databases , 1982, IEEE Transactions on Software Engineering.

[3]  Steven P. Reiss Practical Data-Swapping: The First Steps , 1980, 1980 IEEE Symposium on Security and Privacy.

[4]  Ernst L. Leiss Randomizing, A Practical Method for Protecting Statistical Databases Against Compromise , 1982, VLDB.

[5]  Ivan P. Fellegi,et al.  On the Question of Statistical Confidentiality , 1972 .

[6]  Chong K. Liew,et al.  A data distortion by probability distribution , 1985, TODS.

[7]  Rathindra Sarathy,et al.  The Security of Confidential Numerical Data in Databases , 2002, Inf. Syst. Res..

[8]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[9]  Paulo B. Góes,et al.  Confidentiality via Camouflage: The CVC Approach to Disclosure Limitation When Answering Queries to Databases , 2002, Oper. Res..

[10]  Paulo B. Góes,et al.  Privacy Protection of Binary Confidential Data Against Deterministic, Stochastic, and Insider Threat , 2002, Manag. Sci..

[11]  John Neter,et al.  Behavior of major statistical estimators in sampling accounting populations : an empirical study , 1975 .

[12]  George T. Duncan,et al.  Optimal Disclosure Limitation Strategy in Statistical Databases: Deterring Tracker Attacks through Additive Noise , 2000 .

[13]  Henryk Wozniakowski,et al.  The statistical security of a statistical database , 1984, TODS.

[14]  Ezio Lefons,et al.  An Analytic Approach to Statistical Databases , 1983, VLDB.

[15]  Paulo B. Góes,et al.  Interval Protection of Confidential Information in a Database , 1998, INFORMS J. Comput..

[16]  Jan Schlörer Disclosure from Statistical Databases: Quantitative Aspects of Trackers , 1980, ACM Trans. Database Syst..

[17]  Dorothy E. Denning,et al.  Secure statistical databases with random sample queries , 1980, TODS.

[18]  Jan Schlörer,et al.  Security of statistical databases: multidimensional transformation , 1980, TODS.

[19]  Leland L. Beck,et al.  A security machanism for statistical database , 1980, TODS.

[20]  Dinesh Batra,et al.  Accessibility, security, and accuracy in statistical databases: the case for the multiplicative fixed data perturbation approach , 1995 .

[21]  Henk Sol,et al.  Proceedings of the 54th Hawaii International Conference on System Sciences , 1997, HICSS 2015.