CASTLE: Enhancing the Utility of Inequality Query Auditing Without Denial Threats

We consider a private data set composed of a set of individuals, and the data are outsourced to a remote cloud server. We revisit the classic <italic>query auditing</italic> problem in this outsourcing scenario; the cloud audits each newly arrived query on a single attribute, and the query is rejected if answering it compromises any individual’s privacy. Various query auditing issues have been studied and addressed before. However, previous auditing schemes either have the difficulty of removing denial threats, or lack the analysis of utility (which is defined as the number of answered queries). In this paper, we study the auditing of a sequence of polynomial-time computable queries. Each query is of format <inline-formula> <tex-math notation="LaTeX">$\mathit {f}(\tilde {X}) \leq \!\!\!\!? \;\; a$ </tex-math></inline-formula>, where <inline-formula> <tex-math notation="LaTeX">$\mathit {f}$ </tex-math></inline-formula> is any polynomial function, <inline-formula> <tex-math notation="LaTeX">$\tilde {X}$ </tex-math></inline-formula> is a subset of the private data set, and the answer is either “yes” or “no”. Existing methods cannot be applied directly to audit such a query, because it intermingles several types of functions (e.g., sum and max/min). Hence, we propose CASTLE, which is an inequality query auditing scheme that evaluates the risk of answering a query based on the query history and determines whether a newly arrived query should be answered correctly against a <italic>denial threat</italic>. Furthermore, to overcome the limitations of the existing query auditing mechanisms, which are of low utility, we relax CASTLE to increase the utility by returning answers with slight perturbations. We show that our method can be applied to audit intermingled equality queries with an extension. Experiments are conducted to evaluate the efficiency and effectiveness of our methods.

[1]  A. C. Berry The accuracy of the Gaussian approximation to the sum of independent variates , 1941 .

[2]  Irit Dinur,et al.  Revealing information while preserving privacy , 2003, PODS.

[3]  Richard J. Lipton,et al.  Secure databases: protection against user influence , 1979, TODS.

[4]  Rathindra Sarathy,et al.  A General Additive Data Perturbation Method for Database Security , 1999 .

[5]  Martin E. Dyer,et al.  On the Complexity of Computing the Volume of a Polyhedron , 1988, SIAM J. Comput..

[6]  Dan Suciu,et al.  Stop That Query! The Need for Managing Data Use , 2013, CIDR.

[7]  Rajeev Motwani,et al.  Towards robustness in query auditing , 2006, VLDB.

[8]  Sushil Jajodia,et al.  Preventing Interval-Based Inference by Random Data Perturbation , 2002, Privacy Enhancing Technologies.

[9]  Vijayalakshmi Atluri,et al.  Statistical Database Auditing Without Query Denial Threat , 2015, INFORMS J. Comput..

[10]  Francis Y. L. Chin,et al.  Security problems on inference control for SUM, MAX, and MIN queries , 1986, JACM.

[11]  Nina Mishra,et al.  Simulatable auditing , 2005, PODS.

[12]  Xiang-Yang Li,et al.  AccountTrade: Accountable protocols for big data trading against dishonest consumers , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[13]  Nina Mishra,et al.  Denials leak information: Simulatable auditing , 2013, J. Comput. Syst. Sci..

[14]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, ACM Comput. Surv..

[15]  Gultekin Özsoyoglu,et al.  Statistical database design , 1981, TODS.

[16]  Kelly Edwards,et al.  Building a chain of trust: using policy and practice to enhance trustworthy clinical data discovery and sharing , 2010, GTIP '10.

[17]  C. Robert Simulation of truncated normal variables , 2009, 0907.4010.

[18]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[19]  Jamol Pender The truncated normal distribution: Applications to queues with impatient customers , 2015, Oper. Res. Lett..

[20]  Saoussen Krichen,et al.  Online Knapsack Problem with Items Delay , 2014, ICORES.

[21]  Steven P. Reiss Security in Databases: A Combinatorial Study , 1979, JACM.

[22]  Feifei Ma,et al.  A Fast and Practical Method to Estimate Volumes of Convex Polytopes , 2015, FAW.

[23]  Santosh S. Vempala,et al.  A practical volume algorithm , 2016, Math. Program. Comput..

[24]  Norman S. Matloff Another Look at the Use of Noise Addition for Database Security , 1986, 1986 IEEE Symposium on Security and Privacy.

[25]  J. Papastavrou,et al.  The Dynamic and Stochastic Knapsack Problem with Deadlines , 1996 .

[26]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[27]  Linlin Chen,et al.  Social Network De-Anonymization and Privacy Inference with Knowledge Graph Model , 2019, IEEE Transactions on Dependable and Secure Computing.