It has been observed that often the release of a limited part of an information resource poses no security risks, but the relase of a sufficiently large part of that resource might pose such risks. This problem of controlled disclosure of sensitive information is an example of what is known as the aggregation problem. In this paper we argue that it should be possible to articulate specific secrets within a database that should be protected against overdisclosure, and we provide a general framework in which such controlled disclosure can be achieved. Our methods foil any attempt to attack these predefined secrets by disguising queries as queries whose definitions do not resemble secrets, but whose answers nevertheless “nibble” at secrets. Our methods also foil attempts to attack secrets by breaking queries into sequences of smaller requests that extract information less conspicuously. The accounting methods we employ to thwart such attempts are shown to be both accurate and economical.
[1]
Dorothy E. Denning,et al.
Cryptography and Data Security
,
1982
.
[2]
Sushil Jajodia,et al.
Database Security: Status and Prospects: Proceedings of the IFIP Tc11 4th Working Conference, Halifax, U. K., 18-21 Sept., 1990
,
1991
.
[3]
Teresa F. Lunt.
Aggregation and inference: facts and fallacies
,
1989,
Proceedings. 1989 IEEE Symposium on Security and Privacy.
[4]
Amihai Motro,et al.
Integrity = validity + completeness
,
1989,
TODS.
[5]
S. Sudarshan,et al.
Data models
,
1996,
CSUR.
[6]
Amihai Motro,et al.
Intensional Answers to Database Queries
,
1994,
IEEE Trans. Knowl. Data Eng..
[7]
Thomas H. Hinke,et al.
Inference aggregation detection in database management systems
,
1988,
Proceedings. 1988 IEEE Symposium on Security and Privacy.