A Probabilistic Approach for On-Line Sum-Auditing

In this paper we consider the problem of auditing databases which support statistical sum-queries to protect the security of sensitive information. We study the special case in which the domain of the sensitive information is a discrete set; in particular, we focus on a boolean domain. Principles and techniques developed for the security of statistical databases in the case of continuous attributes do not apply here. We provide a probabilistic framework for the on-line sum-auditing and we show that sum-queries can be audited by means of a Bayesian network. Finally, we provide a preliminary analysis of the usefulness of the probabilistic approach.

[1]  Nina Mishra,et al.  Simulatable auditing , 2005, PODS.

[2]  Jon M. Kleinberg,et al.  Auditing Boolean attributes , 2000, PODS.

[3]  Marina Moscarini,et al.  Auditing sum-queries to make a statistical database secure , 2006, TSEC.

[4]  Judea Pearl,et al.  Probabilistic reasoning in intelligent systems - networks of plausible inference , 1991, Morgan Kaufmann series in representation and reasoning.

[5]  Steven P. Reiss Security in Databases: A Combinatorial Study , 1979, JACM.

[6]  Gultekin Özsoyoglu,et al.  Auditing and Inference Control in Statistical Databases , 1982, IEEE Transactions on Software Engineering.

[7]  Francis Y. L. Chin,et al.  Security problems on inference control for SUM, MAX, and MIN queries , 1986, JACM.

[8]  Gerardo Canfora,et al.  A Bayesian model for disclosure control in statistical databases , 2009, Data Knowl. Eng..

[9]  Gerardo Canfora,et al.  A Bayesian approach for on-line max and min auditing , 2008, PAIS '08.

[10]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, ACM Comput. Surv..

[11]  Gerardo Canfora,et al.  A Bayesian Approach for on-Line Max Auditing , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[12]  Gerardo Canfora,et al.  Reasoning under Uncertainty in On-Line Auditing , 2008, Privacy in Statistical Databases.