F. Chin, G. Osoyoglu "Auditing and Inference Control in Statistical Databases," IEEE SE-8, 1, pp. 574--582, 1982.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....techniques and perturbation based techniques. Restriction based techniques include restricting the size of query sets (i.e. the tuples that satisfy a single query) 22] restricting the size of overlaps [18] between query sets, detecting inferences by auditing all queries asked by a specific user [12, 10, 26, 6], suppressing sensitive data in released statistical tables [13] grouping tuples and treating each group as a single tuple [11, 32] Perturbation based techniques add noise to source data or outputs [35, 5, 34] Other aspects of inference problem include the inference caused by arithmetic ....

....ratio of the number of safe queries to that of all queries) of MDR queries in the full core is studied in [6] They mention but do not fully explore the restriction of even MDR queries. However, the general case with known values ( referred to as holes in [6] is thought to be challenging. In [9, 12] Chin gave necessary and sufficient condition for the compromiseability of sum two queries. He also proved that finding the maximal safe subsets of unsafe sum two queries is NP hard. However, sum two queries are rare in practice. In this paper we utilize his results by reducing the ....

[Article contains additional citation context not shown here]

F.Y. Chin and G. Ozsoyoglu. Auditing and inference control in statistical databases. IEEE Trans. on Software Engineering, 8(6):574--582, 1982.

....based techniques and perturbation based techniques. Restriction based techniques [20] include restricting the size of a query set (i.e. the entities that satisfy a single query) overlap control [18] in query sets, auditing all queries in order to determine when inferences are possible [12, 9, 24, 27, 6], suppressing sensitive data in released statistical tables [13] partitioning data into mutually exclusive partitions [10, 11] while In the settings of this paper, each variable can have either one value or infinitely many values. restricting each query set to range over at most one partition. ....

....arbitrary queries. However, this is usually not desirable in OLAP systems where near real time response takes priority over the generality of answerable queries. Hence most of the methods suitable for statistical databases are computationally infeasible in OLAP systems. As an example, Audit Expert [12] models inference problem with a linear system of equations detects the occurrence of inference by transforming the (corresponding to queries and sensitive values) to its reduced row echelon form. The transformation has a well known complexity of ##. This is prohibitive for data ....

[Article contains additional citation context not shown here]

F.Y. Chin and G. Ozsoyoglu. Auditing and inference control in statistical databases. IEEE Trans. on Software Engineering, 8(6):574--582, 1982.

.... in a released table of statistics (i.e. query results) 9] partitioning data into mutually exclusive chunks and restricting each query set to some un divided data chunks [6,7] and (closer to our concerns in this paper) auditing all queries in order to determine whether inference is possible [8,5,20,23]. For controlling statistical inference, some perturbation based techniques have been studied which include adding noise to source data [27,28] changing output resuits [2] altering database structure [25] or sampling data to answer queriesIll] Auditing We study the auditing approach in this ....

....auditing approach in this paper. By auditing, all queries made by each user are logged and checked for possible inference before the results of new queries are released. For auditing exact inference of arbitrary queries with real valued data, one of the best results was given by Chin and 0zsoyoglu [8] in a system called adt ezper. Audit expert uses a binary matrLx to efficiently describe the knowledge about the sensitive attributes (e.g. sale) where each row of the matrLx represents a query; each column, a database record; and each element, whether the record is involved in the query. Audit ....

[Article contains additional citation context not shown here]

F.Y. Chin and G. Ozsoyoglu. Auditing and inference control in statistical databases. IEEE 7'ans. on Software Engineering, 8(6):574-582, 1982. 554, 559

....based techniques and perturbation based techniques. Restriction based techniques [19] include restricting the size of a query set (i.e. the entities that satisfy a single query) overlap control [17] in query sets, auditing all queries in order to determine when inferences are possible [11, 8, 23, 25], suppressing sensitive data in a released statistical tables [12] partitioning data into mutually exclusive partition [9, 10] and restricting each query set to range over at most one partition. Perturbation based technique includes adding noise to source data [30] outputs [5, 26] database ....

....to general databases. However, this sacrifice is not desirable for OLAP systems, because in OLAP systems near real time response takes priority over the generality of answerable queries. Hence most of those methods are computationally infeasible in OLAP systems. As an example, Audit Expert [11] models inference problem with a linear system Ax = b and detects the occurrence of inference by transforming the m by n matrix A (corresponding to m queries on n attribute values) to its reduced row echelon form. The transformation has a well known complexity of O(m n) which is 4 prohibitive ....

[Article contains additional citation context not shown here]

F.Y. Chin and G. Ozsoyoglu. Auditing and inference control in statistical databases. IEEE Trans. on Software Engineering, 8(6):574--582, 1982. 13

.... in a released table of statistics (i.e. query results) 9] par titioning data into mutually exclusive chunks and restricting each query set to some undivided data chunks [6, 7] and (closer to our concerns in this paper) auditing all queries in order to determine whether inference is possible [8, 5, 20, 23]. For controlling statistical inference, some perturbation based techniques have been studied which include adding noise to source data [27, 28] changing output results [2] altering database structure [25] or sampling data to answer queries[ill. Auditing We study the auditing approach in this ....

....approach in this paper. By auditing, all queries made by each user are logged and checked for possible inference before the results of new queries are released. For auditing exact inference of arbitrary . queries with real valued data, one of the best results was given by Chin and Ozsoyoglu [8] in a system called audit expert. Audit expert uses a binary matrix to efficiently describe the knowledge about the sensitive attributes (e.g. sale) where each row of the matrix represents a query; each column, a database record; and each element, whether the record is involved in the query. ....

[Article contains additional citation context not shown here]

F.Y. Chin and G. Ozsoyoglu. Auditing and inference control in statistical databases. IEEE Trans. on Software Engineering, 8(6):574-582, 1982.

....UC Berkeley, CA 94720. christos cs.berkeley.edu. Research supported by an NSF grant. # IBM Almaden Research Center, 650 Harry Road, San Jose CA 95120. pragh almaden.ibm.com 1 statistical queries in order to determine when enough information has been given out so that compromise becomes possible [3, 4, 5, 12]. Most of the work in this area assumes that the confidential data are real valued and essentially unbounded. In certain important applications, however, data may attain discrete values, or have maximum or minimum values that are fixed a priori and frequently attainable. In these cases, ....

F. Chin, G. Osoyoglu "Auditing and Inference Control in Statistical Databases," IEEE SE-8, 1, pp. 574--582, 1982.

....dimensions or to more general target sets. We introduce two new models of database compromise that lead to new subset sum problems meriting future study. The origin of the topic is the analysis of the statistical database control mechanism called the AUDIT EXPERT devised by Chin and Ozsoyoglu [6]. Using it, one can ask for numerical information from a database by making a series of queries. An example that is particularly helpful is to imagine a mathematics department with n members such that for each member is recorded the name, date of birth, sex, rank, salary, and so on. Let us suppose ....

F. Y. Chin and G. Ozsoyoglu, Auditing and inference control in statistical databases, IEEE Trans. Software Engin. SE-8 (1982), 574--582.

....that if there are no elementary sets of size 1 then the usability is 1 and the system is obviously precise, since there are no sensitive statistics. 2. Consider a database M and a given set P of posable queries, where P does not necessarily contain all queries. It was shown by Chin and Ozsoyoglu [9] that determining Dmax is an NP complete problem, which remains NPcomplete even if each query from P contains exactly 2 records in its query set. Chee and Lim [7] developed a polynomial time heuristics, based on Tabu search, for determining Dmax . This heuristics was subsequently implemented by ....

....illustration, consider a database of 12 records in the case of 3 compromise. A poset of range queries in Q 12;3 is shown in Fig. 1. The segments [a; b] 2 B 12;3 are marked by black dots, and each of them has its neighbourhood (the set Q [a;b] enclosed in a hexagon. 8 [1,4] 3,6] 5,8] 7,10] [9,12] [1,8] 3,10] 5,12] 1,12] Figure 1: Poset of range queries in Q 12;3 Lemma 1 The set system fQ [a;b] a; b] 2 B n;k g forms a partition of Q n;k . Proof. We have to show that each query [c; d] such that 1 c d n and d Gamma c 2 Gamma 1 belongs to exactly one segment of the form [i ....

F. Y. Chin and G. Ozsoyoglu. Auditing and inference control in statistical databases. IEEE Transactions on Software Engineering, Volume SE-8, Number 6, pages 574--582, 1982.

....a query that (possibly combined with some of the previously answered queries) leads to a compromise. For SUM type queries (that is, when the answer to a query targeting a subset of records is the sum of the individual records in the subset) one possible prevention mechanism is the Audit Expert [4, 13, 3]. The second interesting source of problems comes from a simple extremal question: For a given database, what is the maximum possible number of queries that can be answered without exposing the database to a compromise How difficult it is to recognize if, after posing an initial set of queries in ....

....in such a case the user has actually revealed the value of the corresponding individual record, and thus compromised the database. It is clear that this situation occurs if and only if the normalized matrix corresponding to C has a row containing exactly one non zero entry (as it was noted in [4]) Moreover, this does not depend on the entries r i at all it is just a property of the query matrix. Therefore, we formally define a k Theta n query matrix C (together with the corresponding query set C) to be compromised if the normalized form of C contains a row with exactly one non zero ....

F. Y. Chin and G. Ozsoyoglu. Auditing and inference control in statistical databases. IEEE Transactions on Software Engineering, Volume SE-8, Number 6, pages 574--582, 1982.

....database has been suggested by various authors (see [1] for references) Such techniques have the advantage of restricting no more and no less than the queries which would lead to a compromise. 3 Audit Expert One auditing mechanism is the Audit Expert proposed by Chin and Ozsoyoglu in 1982 [4] for the prevention of database compromise due to SUM queries. Considering a database of n records, a SUM query can be thought of as a linear equation, 1 x 1 2 x 2 : n x n = q where i = 1 if the record i is in the query set and i = 0 if the record i is not in the query set; x i is ....

....have been obtained prior to any statistical queries of the database. For now, we shall assume that the user has no preknowledge of the X value of any individual record. We shall return to the question of supplementary knowledge in Section 4. Assuming no supplementary knowledge, Chin and Ozsoyoglu [4] proved that a statistical database is compromised if and only if there is a row vector in the normalized query matrix B k which contains exactly one nonzero element. A set of queries is answerable if it does not lead to a database compromise. It has been shown that the number of answerable ....

[Article contains additional citation context not shown here]

F. Y. Chin and G. Ozsoyoglu. Auditing and inference control in statistical databases. IEEE Transactions on Software Engineering, Volume SE-8, Number 6, pages 574--582, 1982.

....show in this paper and the mechanisms proposed in those researches is also an interesting issue. In this paper, we do not discuss properties of aggregate functions on sets. Interesting studies on that topic has been shown in the context of statistical databases [KU77, Chi78, DDS79, DJL79, Bec80, C O82] The result of these researches say, in short, that aggregate functions on a set of data almost always reveal the information on the individual elements of the set. Acknowledgments I would like to thank Atsushi Ohori for his valuable suggestions and discussions through the research. This work ....

Francis Y. Chin and Gultekin Ozsoyoglu. Auditing and inference control in statistical database. IEEE Trans. on Soft. Eng., 8(6):574--582, Nov. 1982.

....in a statistical database has been suggested by various authors (see [1] for references) Such techniques have the advantage of restricting no more and no less than the queries which would lead to a compromise. One auditing mechanism is the Audit Expert proposed by Chin and Ozsoyoglu in 1982 [5] for the prevention of database compromise due to SUM queries. Considering a database of n records, a SUM query can be thought of as a linear equation, 1 x 1 2 x 2 : n x n = q where i = 1 if the record i is in the query set and i = 0 if the record i is not in the query set; x i is ....

....k form a basis of the space of all the queries that have been answered as well as those queries whose responses could be derived from the answered queries. The column vectors correspond to the records r 1 ; r 2 ; r n in the database. Assuming no supplementary knowledge, Chin and Ozsoyoglu [5] proved that a statistical database is compromised if and only if there is a row vector in the normalized query matrix B k which contains exactly one nonzero element. 3 Usability of Statistical Databases In this section a posable query is any query that can be expressed by means of a ....

[Article contains additional citation context not shown here]

F. Y. Chin and G. Ozsoyoglu. Auditing and inference control in statistical databases. IEEE Transactions on Software Engineering, Volume SE-8, Number 6, pages 574--582, 1982.

No context found.

F. Chin, G. Osoyoglu "Auditing and Inference Control in Statistical Databases," IEEE SE-8, 1, pp. 574--582, 1982.

No context found.

F. Chin and G. Ozsoyoglu. Auditing and Inference Control in Statistical Databases. IEEE Transactions on Software Engineering, 8(6), 1982.

No context found.

F. Y. Chin and G. Ozsoyoglu. Auditing and inference control in statistical databases. IEEE Transactions on Software Engineering, SE-8:574--582, 1982.

No context found.

F. Y. Chin and G. Ozsoyoglu. Auditing and inference control in statistical databases. IEEE Transactions on Software Engineering, 8(6), 1982.

No context found.

F. Chin and G. Ozsoyoglu. Auditing and inference control in statistical databases. IEEE TSE, 8(6), 1982.

No context found.

F. Chin and G. Ozsoyoglu. Auditing and inference control in statistical databases. IEEE TSE, 8(6), 1982.

No context found.

F. Y. Chin and G. Ozsoyoglu. Auditing and inference control in statistical databases. IEEE Transactions on Software Engineering, 8(6), 1982.

No context found.

CHIN, F.Y. and OZSOYOGLU, G.(1982) Auditing and inference control in statistical databases, IEEE Transactions on Software Engineering, Vol.SE-8, No.6, 16 pp.574-582

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC