A formal analysis of information disclosure in data exchange

We perform a theoretical study of the following query-view security problem: given a view V to be published, does V logically disclose information about a confidential query S? The problem is motivated by the need to manage the risk of unintended information disclosure in today's world of universal data exchange. We present a novel information-theoretic standard for query-view security. This criterion can be used to provide a precise analysis of information disclosure for a host of data exchange scenarios, including multi-party collusion and the use of outside knowledge by an adversary trying to learn privileged facts about the database. We prove a number of theoretical results for deciding security according to this standard. We also generalize our security criterion to account for prior knowledge a user or adversary may possess, and introduce techniques for measuring the magnitude of partial disclosures. We believe these results can be a foundation for practical efforts to secure data exchange frameworks, and also illuminate a nice interaction between logic and probability theory.

[1]  Elisa Bertino,et al.  Database Security: Research and Practice , 1995, Inf. Syst..

[2]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[3]  Alon Y. Halevy,et al.  Queries Independent of Updates , 1993, VLDB.

[4]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, ACM Comput. Surv..

[5]  Alexandre V. Evfimievski,et al.  Limiting privacy breaches in privacy preserving data mining , 2003, PODS.

[6]  Nicolas Spyratos,et al.  Protection of Information in Relational Data Bases , 1977, VLDB.

[7]  Dan Suciu,et al.  Asymptotic Conditional Probabilities for Conjunctive Queries , 2005, ICDT.

[8]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[9]  Per-Åke Larson,et al.  Updating derived relations: detecting irrelevant and autonomously computable updates , 1986, VLDB.

[10]  Alexandre V. Evfimievski,et al.  Information sharing across private databases , 2003, SIGMOD '03.

[11]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[12]  Alin Deutsch,et al.  Privacy in Database Publishing , 2005, ICDT.

[13]  Jennifer Widom,et al.  Constraint checking with partial information , 1994, PODS.

[14]  C. E. SHANNON,et al.  A mathematical theory of communication , 1948, MOCO.

[15]  Chen Li,et al.  Secure XML Publishing without Information Leakage in the Presence of Data Inference , 2004, VLDB.

[16]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[17]  Charles Elkan,et al.  Independence of logic database queries and update , 1990, PODS '90.

[18]  Jeffrey D. Ullman,et al.  Principles of Database Systems , 1980 .

[19]  Dan Suciu,et al.  Controlling Access to Published Data Using Cryptography , 2003, VLDB.

[20]  C. Fortuin,et al.  Correlation inequalities on some partially ordered sets , 1971 .

[21]  Avi Pfeffer,et al.  Probabilistic Frame-Based Systems , 1998, AAAI/IAAI.

[22]  Ben Taskar,et al.  Selectivity estimation using probabilistic models , 2001, SIGMOD '01.

[23]  Alon Y. Halevy,et al.  Answering queries using views: A survey , 2001, The VLDB Journal.

[24]  Dan Suciu,et al.  A formal analysis of information disclosure in data exchange , 2004, SIGMOD '04.

[25]  Ronald Fagin,et al.  Probabilities on finite models , 1976, Journal of Symbolic Logic.

[26]  Nicolas Spyratos,et al.  Algebraic versus probabilstic independence in data bases , 1985, PODS.