Abstract
The transmission of own and partly confidential data to another agent comes along with the risk of enabling the receiver to infer information he is not entitled to learn. We consider a specific countermeasure against unwanted inferences about associations between data values whose combination of attributes are declared to be sensitive. This countermeasure fragments a relation instance into attribute-disjoint and duplicate-preserving projections such that no sensitive attribute combination is contained in any projection. Unfortunately, the intended goal of inference-proofness will not always be accomplished. Inferences might be based on combinatorial reasoning, since duplicate-preservation implies that the frequencies of value associations in visible fragments equals those in the original relation instance. In addition, the receiver might exploit entailment reasoning about functional dependencies, numerical dependencies and tuple-generating dependencies, as presumably known from the underlying database schema. We investigate possible interferences of combinatorial reasoning and entailment reasoning and identify basic conditions for a fragmentation to violate inference-proofness. Moreover, we outline a comprehensive method to effectively check the inference-proofness of a given fragmentation and we experimentally evaluate the computational efficiency of a partial prototype implementation.
Similar content being viewed by others
References
Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, Reading (1995)
Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., Xu, Y.: Two can keep a secret: a distributed architecture for secure database services. In: 2nd Biennial Conference on Innovative Data Systems Research, CIDR 2005. Online Proceedings, pp 186–199 (2005)
Armstrong, W.W.: Dependency structures of data base relationships. In: IFIP Congress, pp 580–583 (1974)
Beeri, C., Vardi, M.Y.: Formal systems for tuple and equality generating dependencies. SIAM J. Comput. 13(1), 76–98 (1984). https://doi.org/10.1137/0213006
Benczúr, A., Kiss, A., Márkus, T.: On a general class of data dependencies in the relational model and its implication problem. Comput. Math. Applic. 21(1), 1–11 (1991)
Biskup, J.: Selected results and related issues of confidentiality-preserving controlled interaction execution. In: Gyssens, M., Simari, G.R. (eds.) 9th International Symposium on Foundations of Information and Knowledge Systems, FoIKS 2016, Lecture Notes in Computer Science, vol. 9616, pp 211–234. Springer (2016)
Biskup, J., Bonatti, P.A., Galdi, C., Sauro, L.: Optimality and complexity of inference-proof data filtering and CQE. In: Kutylowski, M., Vaidya, J. (eds.) 19th European Symposium on Research in Computer Security, ESORICS 2014, Part II, Lecture Notes in Computer Science, vol. 8713, pp 165–181. Springer (2014)
Biskup, J., Bonatti, P.A., Galdi, C., Sauro, L.: Inference-proof data filtering for a probabilistic setting. In: Brewster, C., Cheatham, M., d’Aquin, M., Decker, S., Kirrane, S. (eds.) 5th Workshop on Society, Privacy and the Semantic Web – Policy and Technology, PrivOn2017, CEUR Workshop Proceedings. CEUR-WS.org (2017). http://ceur-ws.org/Vol-1951/PrivOn2017_paper_2.pdf (1951)
Biskup, J., Link, S.: Appropriate inferences of data dependencies in relational databases. Ann. Math. Artif. Intell. 63(3-4), 213–255 (2011). https://doi.org/10.1007/s10472-012-9275-0
Biskup, J., Paredaens, J., Schwentick, T., Van den Bussche, J.: Solving equations in the relational algebra. SIAM J. Comput. 33(5), 1052–1066 (2004). https://doi.org/10.1137/S0097539701390859
Biskup, J., Preuß, M.: Database fragmentation with encryption: under which semantic constraints and a priori knowledge can two keep a secret? In: Wang, L., Shafiq, B. (eds.) Data and Applications Security and Privacy XXVII, DBSec 2013, Lecture Notes in Computer Science, vol. 7964, pp 17–32. Springer (2013)
Biskup, J., Preuß, M.: Inference-proof data publishing by minimally weakening a database instance. In: Prakash, A., Shyamasundar, R.K. (eds.) 10th International Conference on Information Systems Security , ICISS 2014, Lecture Notes in Computer Science, vol. 8880, pp 30–49. Springer (2014), https://doi.org/10.1007/978-3-319-13841-1_3
Biskup, J., Preuß, M.: Information control by policy-based relational weakening templates. In: Askoxylakis, I.G., Ioannidis, S., Katsikas, S.K., Meadows, C.A. (eds.) 21st European Symposium on Research in Computer Security, ESORICS 2016, Proceedings, Part II, Lecture Notes in Computer Science, vol. 9879, pp 361–381. Springer (2016), https://doi.org/10.1007/978-3-319-45741-3_19
Biskup, J., Preuß, M.: Inferences from attribute-disjoint and duplicate-preserving relational fragmenatation. In: Woltran, S., Ferrarotti, F. (eds.) 10th International Symposium on Foundations of Information and Knowledge Systems, FoIKS 2018, Lecture Notes in Computer Science, vol. 10833, pp 77–96. Springer (2018)
Biskup, J., Preuß, M., Wiese, L.: On the inference-proofness of database fragmentation satisfying confidentiality constraints. In: Lai, X., Zhou, J., Li, H. (eds.) Information Security, ISC 2011, Lecture Notes in Computer Science, vol. 7001, pp 246–261. Springer (2011)
Ciriani, V., De Capitani Di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Enforcing confidentiality constraints on sensitive databases with lightweight trusted clients. In: Data and Applications Security XXIII, DBSec 2009, Lecture Notes in Computer Science, vol. 5645, pp 225–239. Springer (2009)
Ciriani, V., De Capitani Di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Keep a few: outsourcing data while maintaining confidentiality. In: 14th European Symposium on Research in Computer Security, ESORICS 2009, Lecture Notes in Computer Science, vol. 5789, pp 440–455. Springer (2009)
Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Combining fragmentation and encryption to protect privacy in data storage. ACM Trans. Inf. Syst. Secur. 13(3), 22:1–22:33 (2010)
De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Livraga, G., Paraboschi, S., Samarati, P.: Fragmentation in presence of data dependencies. IEEE 11(6), 510–523 (2014)
Demetrovics, J., Katona, G.O.H., Sali, A.: The characterization of branching dependencies. Discret. Appl. Math. 40(2), 139–153 (1992). https://doi.org/10.1016/0166-218X(92)90027-8
Denning, D.E.: Cryptography and Data Security. Addison-Wesley, Reading (1982)
Fung, B.C.M., Wang, K., Fu, A.W.C., Yu, P.S.: Introduction to Privacy-Preserving Data Publishing – Concepts and Techniques. Chapman & Hall/CRC, Boca Raton (2011)
Ganapathy, V., Thomas, D., Feder, T., Garcia-Molina, H., Motwani, R.: Distributing data for secure database services. Trans. Data Privacy 5(1), 253–272 (2012)
Garey, M.R., Johnson, D.S.: Computers and Intractability: a Guide to the Theory of NP-Completeness. Freeman, New York (1979)
Grant, J., Minker, J.: Inferences for numerical dependencies. Theor. Comput. Sci. 41, 271–287 (1985). https://doi.org/10.1016/0304-3975(85)90075-1
Halpern, J.Y., O’Neill, K.R.: Secrecy in multiagent systems. ACM Trans. Inf. Syst. Secur. 12(1), 5.1–5.47 (2008)
Hartmann, S.: On the implication problem for cardinality constraints and functional dependencies. Ann. Math. Artif. Intell. 33(2-4), 253–307 (2001). https://doi.org/10.1023/A:1013133428451
Knuth, D.E.: The Art of Computer Programming, Volume I: Fundamental Algorithms, 2nd edn. Addison-Wesley, Reading (1973)
Kolahi, S., Libkin, L.: An information-theoretic analysis of worst-case redundancy in database design. ACM Trans. Database Syst. 35(1), 5:1–5:32 (2010). https://doi.org/10.1145/1670243.1670248
Korte, B., Vygen, J.: Combinatorial Optimization: Theory and Algorithms, 5th edn. Algorithms and Combinatorics. Springer, Heidelberg (2012)
Libkin, L.: Certain answers as objects and knowledge. Artif. Intell. 232, 1–19 (2016). https://doi.org/10.1016/j.artint.2015.11.004
Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: ℓ-diversity: privacy beyond k-anonymity. ACM Trans. Knowl. Discovery Data 1(1) (2007)
Sagiv, Y., Delobel, C., Parker, D.S. Jr, Fagin, R.: An equivalence between relational database dependencies and a fragment of propositional logic. J. ACM 28(3), 435–453 (1981). https://doi.org/10.1145/322261.322263
Sali, A. Sr, Sali, A.: Generalized dependencies in relational databases. Acta Cybern. 13(4), 431–438 (1998)
Samarati, P.: Protecting respondents’ identities in microdata release. IEEE Trans. Knowl. Data Eng. 13(6), 1010–1027 (2001). https://doi.org/10.1109/69.971193
Sweeney, L.: k-anonymity: a model for protecting privacy. Int. J. Uncertainty Fuzziness Knowledge Based Syst. 10(5), 557–570 (2002)
Thalheim, B.: Entity-Relationship Modeling – Foundations of Database Technology. Springer, Heidelberg (2000)
Thalheim, B.: Integrity Constraints in (conceptual) database models. In: The Evolution of Conceptual Modeling - From a Historical Perspective Towards the Future of Conceptual Modeling [Outcome of a Dagstuhl Seminar Held 2008], Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-642-17505-3_3, vol. 6520, pp 42–67. Springer (2011)
Xu, X., Xiong, L., Liu, J.: Database Fragmentation with confidentiality constraints: a graph search approach. In: Park, J., Squicciarini, A.C. (eds.) 5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015, pp 263–270. ACM (2015)
Acknowledgments
We would like to sincerely thank our student assistant Anna-Sophie Picker for supporting us to implement the partial prototype and to perform the experiments. Moreover, we are very thankful to the anonymous reviewers for carefully examining our original submission and providing helpful comments and constructive suggestions for improvements.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix
Appendix
Rights and permissions
About this article
Cite this article
Biskup, J., Preuß, M. Checking inference-proofness of attribute-disjoint and duplicate-preserving fragmentations. Ann Math Artif Intell 87, 43–82 (2019). https://doi.org/10.1007/s10472-019-09655-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10472-019-09655-5
Keywords
- Attribute-disjointness
- Confidentiality
- Database dependency
- Duplicate-preservation
- Fragmentation
- Reasoning