Classification of Statistical Database System (sdb) Security Measures
نویسنده
چکیده
This paper outlines statistical database system (SDB) security from a viewpoint of the protection against the threat of statistical inference. The SDB security techniques discussed are classified into nonperturbative, perturbative, camouflaging, and hybrid approaches based on protection requirements. This paper represents a first step in the development of a comprehensive classification system based on the key characteristics of each SDB security measure. This research intends to increase the understanding of SDB security methods and the associated trade-off between data utility and data confidentiality. INTRODUCTION Information security in statistical database systems (SDB) refers to the SDB’s ability to reliably and securely handle sensitive information and protect against the threat of an attacker who is attempting to gain access to sensitive information such as health information or salary or an organizations’ private information such as financial information [3]. The SDB security requirement leads to a problem of the "conflict between the individual's right to privacy and the society's need to know and process information" [24]. Accessibility to today’s networked SDBs increases the system’s value to the users but also increases SDB vulnerability. However, accessibility is not the only factor that increases an SDB’s vulnerability. Other factors, such as the typical practice of simultaneously storing sensitive and non-sensitive relational data together in the database, also increase SDB vulnerability. Additionally, there is often the need to provide information on sensitive data in aggregate formats. Both of these factors increase the SDBs vulnerability to statistical inference where the data revealed as aggregate information is combined with other pieces of information to deduce individual confidential data on the records in the database [8]. SDB Concepts A SDB is a special kind of database (DB). SDBs are designed to answer statistical queries such as count, mean, standard deviation, minimum and maximum, and correlation queries [6]. Most SDBs are designed as relational DBs consisting of two dimensional tables storing information about real life entities and are composed of records (the rows of the table) and attributes (the columns). Each record, or instance, contains one group of related data including the attributes. Each field represents an elementary unit of data. A typical relational DB model consists of multiple tables. The DB schema contains information about the logical structure of database, more specifically how the DB tables are related. Types of SDBs SDBs take on many different configurations based on their intended use and application [29] [30]. Some important factors influencing SDB design include (1) stand alone version or networked, (2) data
منابع مشابه
A Comparative Study of Query-Set Size and Fixed-Data Perturbation as Two Techniques to Secure Statistical Databases
A statistical database (SDB) is a database that contains a large number of individual sensitive records, but is intended to supply only statistical summary information to its users. A SDB suffers from the inference problem, a way to infer or derive sensitive data from non-sensitive data. In this study, two security techniques of SDBs, Query-Set Size and FixedData Perturbation are selected to re...
متن کاملInformation Protection in Dynamic Statistical Databases
A statistical database (SDB) is a database that contains sensitive records describing individuals but only statistical information is available. There are many inference control methods proposed to protect SDBs. In this article, we will briefly introduce three general approaches: conception, perturbation, and query restriction approaches. In addition, six criteria are also introduced to evaluat...
متن کاملSDB: A Secure Query Processing System with Data Interoperability
We address security issues in a cloud database system which employs the DBaaS model — a data owner (DO) exports data to a cloud database service provider (SP). To provide data security, sensitive data is encrypted by the DO before it is uploaded to the SP. Compared to existing secure query processing systems like CryptDB [7] and MONOMI [8], in which data operations (e.g., comparison or addition...
متن کاملExtending Geographic Databases for a Query Language to Support Queries Involving Statistical Data
The concepts abstracted from reality and represented through the dimensions in a Statistical Database (SDB) support the user to use them in query formulation and processing. Instead, all those useful properties involved in a query that cannot be obtained through dimension/s in a SDB (for example, the concept of adjacency) can be presented in a Geographical Database (GDB). This paper presents a ...
متن کاملNecessary Condition for Maximum Usability of Sdb
A statistical database is a database in which only queries of statistical type are allowed, such as SUM, COUNT, MAX, MIN, MEAN. The security problem for a statistical database is to nd suitable control mechanisms so that while statistical information is provided, no sequence of queries is suucient to infer the values of protected elds of individual records. If such an inference is possible we s...
متن کامل