Abstract
This paper studies the privacy breaches caused by multi-dimensional range (MDR) sum queries in online analytical processing (OLAP) systems. We show that existing inference control methods are generally infeasible for controlling MDR queries. We then consider restricting users to even MDR queries (that is, the MDR queries involving even numbers of data values). We show that the collection of such even MDR queries is safe if and only if a special set of sum-two queries (that is, queries involving exactly two values) is safe. On the basis of this result, we give an efficient method to decide the safety of even MDR queries. Besides safe even MDR queries we show that any odd MDR query is unsafe. Moreover, any such odd MDR query is different from the union of some even MDR queries by only one tuple. We also extend those results to the safe subsets of unsafe even MDR queries.
This work was partially supported by the National Science Foundation under grant CCR-0113515.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Adam, N.R., Wortmann, J.C.: Security-control methods for statistical databases: a comparative study. ACM Computing Surveys 21(4), 515–556 (1989)
Agrawal, R., Srikant, R.: Privacy-preserving data mining. In: Proceedings of the 2000 IEEE Symposium on Security and Privacy, pp. 439–450 (2000)
Beck, J., Sós, V.T.: Discrepancy theory. In: Graham, R.L., Grötschel, M., Lovász, L. (eds.) Handbook of combinatorics, pp. 1405–1446. Elsevier Science, Amsterdam (1995)
Beck, L.L.: A security mechanism for statistical databases. ACM Trans. on Database Systems 5(3), 316–338 (1980)
Brankovic, L., Miller, M., Horak, P., Wrightson, G.: Usability of compromise-free statistical databases. In: Proceedings of ninth International Conference on Scientific and Statistical Database Management (SSDBM 1997), pp. 144–154 (1997)
Brodsky, A., Farkas, C., Wijesekera, D., Wang, X.S.: Constraints, inference channels and secure databases. In: the 6th International Conference on Principles and Practice of Constraint Programming, pp. 98–113 (2000)
Chin, F.Y.: Security in statistical databases for queries with small counts. ACM Transaction on Database Systems 3(1), 92–104 (1978)
Chin, F.Y., Kossowski, P., Loh, S.C.: Efficient inference control for range sum queries. Theoretical Computer Science 32, 77–86 (1984)
Chin, F.Y., Özsoyoglu, G.: Security in partitioned dynamic statistical databases. In: Proc. of IEEE COMPSAC, pp. 594–601 (1979)
Chin, F.Y., Özsoyoglu, G.: Auditing and inference control in statistical databases. IEEE Trans. on Software Engineering 8(6), 574–582 (1982)
Cox, L.H.: Suppression methodology and statistical disclosure control. Journal of American Statistical Association 75(370), 377–385 (1980)
Denning, D.E., Denning, P.J.: Data security. ACM computing surveys 11(3), 227–249 (1979)
Denning, D.E., Denning, P.J., Schwartz, M.D.: The tracker: A threat to statistical database security. ACM Trans. on Database Systems 4(1), 76–96 (1979)
Denning, D.E., Schlörer, J.: Inference controls for statistical databases. IEEE Computer 16(7), 69–82 (1983)
Dobkin, D., Jones, A.K., Lipton, R.J.: Secure databases: protection against user influence. ACM Trans. on Database Systems 4(1), 97–106 (1979)
Erdös, P.: On some extremal problems in graph theory. Isarel Journal of Math. 3, 113–116 (1965)
Fellegi, L.P.: On the qestion of statistical confidentiality. Journal of American Statistic Association 67(337), 7–18 (1972)
Gray, J., Bosworth, A., Layman, A., Pirahesh, H.: Data cube:A relational operator generalizing group-by, crosstab and sub-totals. In: Proceedings of the 12th International Conference on Data Engineering, pp. 152–159 (1996)
Ho, D.T., Agrawal, R., Megiddo, N., Srikant, R.: Range queries in olap data cubes. In: Proceedings 1997 ACM SIGMOD International Conference on Management of Data, pp. 73–88 (1997)
Kleinberg, J., Papadimitriou, C., Raghavan, P.: Auditing boolean attributes. In: Proc. of the 9th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, pp. 86–91 (2000)
Li, Y., Wang, L., Jajodia, S.: Preventing interval based inferece by random data perturbation. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 160–170. Springer, Heidelberg (2003)
Li, Y., Wang, L., Wang, X.S., Jajodia, S.: Auditing interval-based inference. In: Pidduck, A.B., Mylopoulos, J., Woo, C.C., Ozsu, M.T. (eds.) CAiSE 2002. LNCS, vol. 2348, pp. 553–568. Springer, Heidelberg (2002)
Li, Y., Wang, L., Zhu, S.C., Jajodia, S.: A privacy enhanced microaggregation method. In: Eiter, T., Schewe, K.-D. (eds.) FoIKS 2002. LNCS, vol. 2284, pp. 148–159. Springer, Heidelberg (2002)
Malvestuto, F.M., Mezzini, M.: Auditing sum queries. In: Calvanese, D., Lenzerini, M., Motwani, R. (eds.) ICDT 2003. LNCS, vol. 2572, pp. 126–146. Springer, Heidelberg (2002)
Mateo-Sanz, J.M., Domingo-Ferrer, J.: A method for data-oriented multivariate microaggregation. In: Proceedings of the Conference on Statistical Data Protection 1998, pp. 89–99 (1998)
Rizvi, S., Haritsa, J.R.: Maintaining data privacy in association rule mining. In: Proceedings of the 28th Conference on Very Large Data Base, VLDB 2002 (2002)
Schlörer, J.: Security of statistical databases: multidimensional transformation. ACM Trans. on Database Systems 6(1), 95–112 (1981)
Traub, J.F., Yemini, Y., Woźniakowski, H.: The statistical security of a statistical database. ACM Trans. on Database Systems 9(4), 672–679 (1984)
Wang, L., Wijesekera, D., Jajodia, S.: Cardinality-based inference control in sum-only data cubes. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 55–71. Springer, Heidelberg (2002)
Wang, L., Wijesekera, D., Jajodia, S.: Olap means on-line anti-privacy. Technical Report (2003), Available at http://ise.gmu.edu/techrep/2003/
Wang, L., Wijesekera, D., Jajodia, S.: Precisely answering multi-dimensional range queries without privacy breaches. Technical Report (2003), Available at http://ise.gmu.edu/techrep/2003/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wang, L., Li, Y., Wijesekera, D., Jajodia, S. (2003). Precisely Answering Multi-dimensional Range Queries without Privacy Breaches. In: Snekkenes, E., Gollmann, D. (eds) Computer Security – ESORICS 2003. ESORICS 2003. Lecture Notes in Computer Science, vol 2808. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39650-5_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-39650-5_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20300-1
Online ISBN: 978-3-540-39650-5
eBook Packages: Springer Book Archive