D. Dobkin, A. Jones, R. Lipton "Secure Databases: Protection Against User Influence," ACM TODS, 4, 1, pp. 97--106, 1979.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....against this problem is the scrutiny of the queries by the parties. In addition, query restriction techniques from the statistical database literature [1, 44] can also help. These techniques include restricting the size of query results [17, 23] controlling the overlap among successive queries [19], and keeping audit trails of all answered queries to detect possible compromises [13] Schema Discovery and Heterogeneity We do not address the question of how to find which database contains which tables and what the attribute names are; we assume that the database schemas are known. We also do ....

D. Dobkin, A. Jones, and R. Lipton. Secure databases: Protection against user influence. ACM Transactions on Database Systems, 4(1):97--106, March 1979.

....1, 16] and the proposed methods are usually classified into two categories; restriction based techniques and perturbation based techniques. Restriction based techniques include restricting the size of query sets (i.e. the tuples that satisfy a single query) 22] restricting the size of overlaps [18] between query sets, detecting inferences by auditing all queries asked by a specific user [12, 10, 26, 6] suppressing sensitive data in released statistical tables [13] grouping tuples and treating each group as a single tuple [11, 32] Perturbation based techniques add noise to source data or ....

....Without loss of generality, if then we have that q (0, v) 1) Proposition 1 Given d F , let n t = #. d satisfying n t , we have that q . Overlap Size Control This method prevents users from asking queries with large intersections [18]. Any answerable query must have a cardinality of at least n, and the intersection of any two queries is required to be no larger than r. In order to compromise any tuple t, one must first ask one query q t and subsequently (n 1) r or more queries to form the complement of t with respect to ....

D. Dobkin, A.K. Jones, and R.J. Lipton. Secure databases: protection against user influence. ACM Trans. on Database Systems, 4(1):97--106, 1979.

....methods proposed in statistical databases are usually classified into two main categories; restriction based techniques and perturbation based techniques. Restriction based techniques [20] include restricting the size of a query set (i.e. the entities that satisfy a single query) overlap control [18] in query sets, auditing all queries in order to determine when inferences are possible [12, 9, 24, 27, 6] suppressing sensitive data in released statistical tables [13] partitioning data into mutually exclusive partitions [10, 11] while In the settings of this paper, each variable can have ....

....the (corresponding to queries and sensitive values) to its reduced row echelon form. The transformation has a well known complexity of ##. This is prohibitive for data warehouses and OLAP systems, because can be as large as a million in those systems. Our work shares with [18] the similar motivation of controlling inference with cardinalities of data and queries. Dobkin et al. give an lower bound on the number of arbitrary sum queries that compromise sensitive values [18] Under the assumptions that each query sums exactly sensitive values and no two queries sum ....

[Article contains additional citation context not shown here]

D. Dobkin, A.K. Jones, and R.J. Lipton. Secure databases: protection against user influence. ACM Trans. on Database Systems, 4(1):97--106, 1979.

.... Control Techniques For controlling exact inference, many restric tion based techniques have been studied (in the statistical database literature) which include restricting the size of a qe set (i.e. the entities that satisfy a single query) 17,13] controlling the overlap of query sets [15], suppressing sensitive data cells in a released table of statistics (i.e. query results) 9] partitioning data into mutually exclusive chunks and restricting each query set to some un divided data chunks [6,7] and (closer to our concerns in this paper) auditing all queries in order to ....

D. Dobkin, A.K. Jones, and R.J. Lipton. Secure databases: protection against user influence. ACM 'ans. on Database Systems, 4(1):97-106, 1979. 554

....methods proposed in statistical databases are usually classified into two main categories; restriction based techniques and perturbation based techniques. Restriction based techniques [19] include restricting the size of a query set (i.e. the entities that satisfy a single query) overlap control [17] in query sets, auditing all queries in order to determine when inferences are possible [11, 8, 23, 25] suppressing sensitive data in a released statistical tables [12] partitioning data into mutually exclusive partition [9, 10] and restricting each query set to range over at most one ....

....to m queries on n attribute values) to its reduced row echelon form. The transformation has a well known complexity of O(m n) which is 4 prohibitive in the context of data warehouses and OLAP systems since m and n can be as large as a million. Our work shares similar motivation with that of [17], i.e. to efficiently control inference with the cardinality of data and queries, which can be easily obtained, stored and maintained. Dobkin et al. gave sufficient conditions for the non compromiseability of arbitrary sum only queries [17] The conditions are based on the smallest number of ....

[Article contains additional citation context not shown here]

D. Dobkin, A.K. Jones, and R.J. Lipton. Secure databases: protection against user influence. ACM Trans. on Database Systems, 4(1):97--106, 1979.

.... control techniques For controlling exact inference, many restric tion based techniques have been studied (in the statistical database literature) which include restricting the size of a query set (i.e. the entities that satisfy a single query) 17, 13] controlling the overlap of query sets [15], suppressing sensitive data cells in a released table of statistics (i.e. query results) 9] par titioning data into mutually exclusive chunks and restricting each query set to some undivided data chunks [6, 7] and (closer to our concerns in this paper) auditing all queries in order to ....

D. Dobkin, A.K. Jones, and R.J. Lipton. Secure databases: protection against user influence. ACM Trans. on Database Systems, 4(1):97-106, 1979.

....compromising sensitive information about individuals [1] 47] The proposed techniques can be broadly classified into query restriction and data perturbation. The query restriction family includes restricting the size of query results [13] 18] controlling the overlap among successive queries [14], keeping audit trails of all answered queries and constantly checking for possible compromises [8] suppression of data cells of small size [9] and clustering entities into mutually exclusive atomic populations [61] The perturbation family includes swapping values between records [12] ....

D. Dobkin, A. Jones, and R. Lipton. Secure databases: Protection against user influence. ACM Transactions on Database Systems, 4(1):97--106, March 1979.

....see [1] for a survey. The main approaches to this problem involve perturbing the data so as to maintain their statistical characteristics but prevent their compromise [13, 11, 16] to perturb the responses for the same purpose, 2, 8] to restrict the size or overlap of the statistical queries [10, 9], or, finally (and closer to our concerns here) to audit the # Department of Computer Science, Cornell University, Ithaca NY 14853. Email: kleinber cs.cornell.edu. Supported in part by a David and Lucile Packard Foundation Fellowship, an Alfred P. Sloan Research Fellowship, an ONR Young ....

D. Dobkin, A. Jones, R. Lipton "Secure Databases: Protection Against User Influence," ACM TODS, 4, 1, pp. 97--106, 1979.

....that makes a query in a database. A lot of research was devoted to methods that protect the database against a curious user. For example, methods that do not allow a user to ask queries to a statistical database in a way that enables him to reconstruct the value of particular entities (e.g. [2, 9, 10, 11, 18] and [19, Section 10.5] It mayseem surprising at first glance that there are no methods to protect the privacy of the user. For example, an investor that queries the stock market database, for the value of a certain stock, may wish to keep private the identity of the stock he is interested in. ....

....still gives no information as to what is the value of i that the user is interested in. We also remark that some of our schemes are based on exclusive or (linear summations, or sum) queries; this type of queries is very common and is actually implemented in several real world databases (see [9, 11, 19]) Related Work For the case case of k = 2 (i.e. two databases) a first indication that something better than the user asking for a copy of x can be done is given by a recent result of Pudlak and Rodl [16] With a complexity theory motivation in mind they studied the following question. There ....

D. DOBKIN, A. K. JONES, AND R. J. LIPTON. Secure Databases: Protection Against User Influence. ACM Transactions on Database Systems, 4:1, pp. 97---106, 1979.

....(see excellent surveys in [AW89] Sho82] The proposed techniques can be broadly classified into query restriction and data perturbation. The query restriction family includes restricting the size of query result (e.g. Fel72] DDS79] controlling the overlap amongst successive queries (e.g. DJL79] keeping audit trail of all answered queries and constantly checking for possible compromise (e.g. CO82] suppression of data cells of small size (e.g. Cox80] and clustering entities into mutually exclusive atomic populations (e.g. YC77] The perturbation family includes swapping values ....

D. Dobkin, A.K. Jones, and R.J. Lipton. Secure databases: Protection against user influence. ACM TODS, 4(1):97--106, March 1979.

....This linear algebra is exactly the same used in our solution in order to determine the correct 11 read accesses from the memory modules of one DMM. So, we do not need a more sophisticated technology than that commonly adopted by such protocols and in several real world databases (see [Chin 86, Dobkin et al. 79, Ullman 82] A further motivation in designing parallel systems for PIR arises from a recent work by Gertner et al. [Gertner et al. 98] They indeed introduced a new method to achieve both user and database privacy without making copies of the original database. Their method relies on the use of ....

Dobkin D., Jones A. K., Lipton R.J. (1979), Secure Databases: Protection Against User Influence, ACM Trans. on Database Systems, 4(1), pp. 97--106.

....techniques we show in this paper and the mechanisms proposed in those researches is also an interesting issue. In this paper, we do not discuss properties of aggregate functions on sets. Interesting studies on that topic has been shown in the context of statistical databases [KU77, Chi78, DDS79, DJL79, Bec80, C O82] The result of these researches say, in short, that aggregate functions on a set of data almost always reveal the information on the individual elements of the set. Acknowledgments I would like to thank Atsushi Ohori for his valuable suggestions and discussions through the ....

David Dobkin, Anita K. Jones, and Richard J. Lipton. Secure databases: Protection against user influence. ACM TODS, 4(1):97--106, Mar. 1979.

....that makes a query in a database. A lot of research was devoted to methods that protect the database against a curious user. For example, methods that do not allow a user to ask queries to a statistical database in a way that enables him to reconstruct the value of particular entities (e.g. [2, 9, 10, 11, 18] and [19, Section 10.5] It may seem surprising at first glance that there are no methods to protect the privacy of the user. For example, an investor that queries the stock market database, for the value of a certain stock, may wish to keep private the identity of the stock he is interested in. ....

....still gives no information as to what is the value of i that the user is interested in. We also remark that some of our schemes are based on exclusive or (linear summations, or sum) queries; this type of queries is very common and is actually implemented in several real world databases (see [9, 11, 19]) 1.1 Related Work For the case of k = 2 (i.e. two databases) a first indication that something better than the user asking for a copy of x can be done is given by a recent result of Pudl ak and Rodl [16] With a complexity theory motivation in mind they studied the following question. There ....

D. Dobkin, A. K. Jones, and R. J. Lipton. Secure Databases: Protection Against User Influence. ACM Transactions on Database Systems, 4:1, pp. 97---106, 1979.

No context found.

D. Dobkin, A. Jones, R. Lipton "Secure Databases: Protection Against User Influence," ACM TODS, 4, 1, pp. 97--106, 1979.

No context found.

D. Dobkin, A. K. Jones, and R. J. Lipton. Secure databases: Protection against user influence. ACM Transactions on Database Systems, 4(1), 1979.

No context found.

D. Dobkin, A. Jones, and R. Lipton. Secure databases: Protection against user influence. ACM Transactions on Database Systems, 4(1):97--106, March 1979.

No context found.

D. Dobkin, A. K. Jones, and R. J. Lipton, "Secure databases: Protection against user influence," ACM Transactions on Database Systems, vol. 4, no. 1, pp. 97--106, Mar. 1979.

No context found.

D. Dobkin, A. Jones, and R. Lipton. Secure databases: Protection against user influence. ACM TODS, 4(1), 1979.

No context found.

D. Dobkin, A. K. Jones, and R. J. Lipton. Secure databases: Protection against user influence. ACM Transactions on Database Systems, 4(1), 1979.

No context found.

David Dobkin, Anita K. Jones, and Richard J. Lipton. Secure databases: Protection against user influence. ACM Transactions on Database Systems, 4(1):97--106, March 1979.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC