Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to: 1.  Goal[DEN83]:  Provide frequency, average, other statistics of persons  Challenge:  Preserving privacy[DEN83]  Interaction between.

Published byGyles Cole Modified over 8 years ago

Similar presentations

Presentation on theme: "Introduction to: 1.  Goal[DEN83]:  Provide frequency, average, other statistics of persons  Challenge:  Preserving privacy[DEN83]  Interaction between."— Presentation transcript:

1 Introduction to: 1

2  Goal[DEN83]:  Provide frequency, average, other statistics of persons  Challenge:  Preserving privacy[DEN83]  Interaction between client and database server[JAG07] ▪ Client may not want server to know what information querying. ▪ Server would like to ensure that client does not learn information about database. 2

3  Indirect disclosure of sensitive data  So, what is sensitive data?  Determined by the policies of the system.  Example:  There is only one female professor in department  Salary of female professor can be achieved by subtractions of total salary with total salary of male professors. 3

4  Indirect access takes place via inference.  Partial vs. Full inference  Inference channels:  Database dependencies and integrity  Constraints.  Domain knowledge.  Query correlation. 4

5  Example:  There is only one female professor in department  Salary of female professor can be achieved by subtractions of total salary with total salary of male professors. 5

6  Query Restriction[DEN83]:  Restricting query size.  Control query overlap[JAG07].  Auditing.  Perturbation[DEN83]:  Means data changing ▪ Output perturbation ▪ Data perturbation  Conceptual  Frameworks like conceptual model, lattice, etc 6

7  Statistics release only if the size of query satisfies special condition.  Based on sensitive statistic  Depends on policy of system  C should satisfy the condition:  K< C< L - K ( L is size of the database) 7

8  Query-set-size-control  It is memory-less  Trackers can subvert it: ▪ Pad small query sets with enough extra records to put them in the allowable range ▪ Subtract the effect of the paddings 8

9  Restricting the number of overlapping entities among successive queries of a given user.  Drawbacks:  Ineffective for preventing the cooperation of several users to compromise database.  Statistics for both a set and its subset can not be released.  User profile should be kept for each user 9

10  Keeping up-to-date logs of all queries made by each user.  Constantly checking for possible compromise when ever a new query is issued.  Drawback:  CPU usage.  Storage requirement. 10

11  Query Restriction[DEN83]:  Restricting query size.  Control query overlap[JAG07].  Auditing.  Perturbation[DEN83]:  Means data changing ▪ Output perturbation ▪ Data perturbation  Conceptual  Frameworks like conceptual model, lattice, etc 11

12  Probability distribution:  Replaces database by another sample from the same distribution.  Fixed data perturbation:  Values of attributes in the database are perturbed once and for all.  Bias Problem:  Bias to quantities  Conditional means, frequencies. 12

13  X: Original value of an attribute  Y = X + a ( Perturbed value)  Consider the set of entities that has perturbed value w:  Matloff shows that E(X|Y=w) is not necessarily equal to w. 13

14  Main idea:  Statistical database contains information more than just one population  Security control component should be aware of the relationship between populations and their security issues.  Users knowledge should be taken into account. 14

15  Population definition:  Allowed statistical query for each attribute of query  History of changes  Relationships  User knowledge construct:  Process that keeps track of properties of user  Describe users knowledge from earlier queries as well as any supplementary knowledge. 15

16  Constraint enforcer and checker:  Process enforces security constraints 16

17  No single security-control method satisfies all objectives.  Choosing security-control depends on application 17

18 [DEN83] D.E.Denning, “Inference Controls for Statistical Databases”, SRI International, vol.16, no.7, pp.69-82, 1983. [JAG07] G.Jagannathan, R.N.Wright, “Private Inference Control for Aggregate Database Queries”, Proceedings of 7 th IEEE International Conference on Data Mining Workshops, pp.711-716, 2007. [FAR02] C.Farkas, S.Jajodia, “The Inference Problem: A Survey”, SIGKDD Explor. Newsl, vol.4, no.2, pp.6-11, 2002. [ADA89] N.R.Adam, J.C.Worthmann, “Security-control Methods for Statistical Databases: A Comparative Study”, ACM Computing Survey, vol.21, no.4, pp.515-556, 1989. 18

Download ppt "Introduction to: 1.  Goal[DEN83]:  Provide frequency, average, other statistics of persons  Challenge:  Preserving privacy[DEN83]  Interaction between."

Similar presentations

Alternative Approaches to Data Dissemination and Data Sharing Jerome Reiter Duke University

Alternative Approaches to Data Dissemination and Data Sharing Jerome Reiter Duke University
Introduction to Monitoring and Evaluation

Introduction to Monitoring and Evaluation
Chapter 10: Designing Databases

Chapter 10: Designing Databases
Set 6, Statistical Database Security

Set 6, Statistical Database Security
Issues Relevant To Distributed Security xuhong Zhang.

Issues Relevant To Distributed Security xuhong Zhang.
Access Control Methodologies

Access Control Methodologies
Statistical database security Special purpose: used only for statistical computations. General purpose: used with normal queries (and updates) as well.

Statistical database security Special purpose: used only for statistical computations. General purpose: used with normal queries (and updates) as well.
Database Management System

Database Management System
Chapter 1: Introduction to Accounting Theory

Chapter 1: Introduction to Accounting Theory
Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.

Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.
Lecture Fourteen Methodology - Conceptual Database Design

Lecture Fourteen Methodology - Conceptual Database Design
Privacy Preserving Data Mining: An Overview and Examination of Euclidean Distance Preserving Data Transformation Chris Giannella cgiannel AT acm DOT org.

Privacy Preserving Data Mining: An Overview and Examination of Euclidean Distance Preserving Data Transformation Chris Giannella cgiannel AT acm DOT org.
Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.

Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Chapter 9 Database Design

Chapter 9 Database Design
Methodology Conceptual Database Design

Methodology Conceptual Database Design
Modeling & Designing the Database

Modeling & Designing the Database
Patient Record System Team A DBM/381 February 4, 2013 John Italiano.

Patient Record System Team A DBM/381 February 4, 2013 John Italiano.
Constructing Individual Level Population Data for Social Simulation Models Andy Turner Presentation as part.

Constructing Individual Level Population Data for Social Simulation Models Andy Turner Presentation as part.
1 Chapter Seven Introduction to Sampling Distributions Section 1 Sampling Distribution.

1 Chapter Seven Introduction to Sampling Distributions Section 1 Sampling Distribution.

Similar presentations

Ads by Google