Article

A formal analysis of information disclosure in data exchange

Authors:

Dan SuciuAuthors Info & Claims

SIGMOD '04: Proceedings of the 2004 ACM SIGMOD international conference on Management of data

Pages 575 - 586

https://doi.org/10.1145/1007568.1007633

Published: 13 June 2004 Publication History

Abstract

We perform a theoretical study of the following query-view security problem: given a view V to be published, does V logically disclose information about a confidential query S? The problem is motivated by the need to manage the risk of unintended information disclosure in today's world of universal data exchange. We present a novel information-theoretic standard for query-view security. This criterion can be used to provide a precise analysis of information disclosure for a host of data exchange scenarios, including multi-party collusion and the use of outside knowledge by an adversary trying to learn privileged facts about the database. We prove a number of theoretical results for deciding security according to this standard. We also generalize our security criterion to account for prior knowledge a user or adversary may possess, and introduce techniques for measuring the magnitude of partical disclosures. We believe these results can be a foundation for practical efforts to secure data exchange frameworks, and also illuminate a nice interaction between logic and probability theory.

References

[1]

N. R. Adam and J. C. Wortman. Security-control methods for statistical databases. ACM Computing Surveys, 21(4):515--556, Dec. 1989.

Digital Library

[2]

F. Bancilhon and N. Spyratos. Protection of information in relational data bases. In VLDB, 1977.

[3]

F. Bancilhon and N. Spyratos. Algebraic versus probabilistic independence in data bases. In PODS, pages 149--153, 1985.

Digital Library

[4]

E. Bertino, S. Jajodia, and P. Samarati. Database security: research and practice. Inf. Syst., 20(7):537--556, 1995.

Digital Library

[5]

J. A. Blakeley, N. Coburn, and P.-V. Larson. Updating derived relations: detecting irrelevant and autonomously computable updates. ACM Trans. Database Syst., 14(3):369--400, 1989.

Digital Library

[6]

D. Denning. Cryptography and Data Security. Addison-Wesley Publishing Co., 1982.

Digital Library

[7]

C. Elkan. Independence of logic database queries and update. In PODS, pages 154--160, 1990.

Digital Library

[8]

R. Fagin. Probabilities on finite models. Notices of the Am. Math. Soc., October: A714, 1972.

[9]

R. Fagin, Probabilities on finite models. Journal of Symbolic Logic, 41(1), 1976.

[10]

C. Fortuin, P. Kasteleyn, and J. Ginibre. Correlation inequalities on some partially ordered sets. Comm. in Math. Physics, 22:89--103, 1971.

[11]

L. Getoor, B. Taskar, and D. Koller, Selectivity estimation using probabilistic models in SIGMOD,2001.

Digital Library

[12]

A. Gupta, Y. Sagiv, J. D. Ullman, and J. Widom. Constraint checking with partial information. In PODS, 1944.

Digital Library

[13]

A., Halevy. Answering queries using views: A survey. VLDB Jorunal, 10(4):270--294, 2001.

Digital Library

[14]

D. Koller and A. Pfeffer. Probabilistic frame-based systems. In Conference on Artificial Intelligence, pages 580--254, 1998.

Digital Library

[15]

A. Y. Levy and Y. Sagiv. Queries independent of updates. In Conference on Very Large Data Bases, pages 171--181, 1993.

Digital Library

[16]

G. Miklau and D. Suciu. A formal analysis of information disclosure in data exchange. University of Washington Technical Report (TR 03-12-02), Dec 2003. www.cs.washington.edu/homes/gerome.

[17]

B. Schneier. Applied Cryptography, Second Edition. John Wiley and Sons, Inc., 1996.

Digital Library

[18]

C. E. Shannon. Communication theory of secrecy systems. In Bell System Technical Journal, 1949.

[19]

L. Sweeney. k-Anonymity: a model for protecting privacy. Int. J. on Uncertainty, Fuzziness and Knowledge-based Systems, 10(5), 2002.

Digital Library

Cited By

Pappachan PZhang SHe XMehrotra S(2024)Preventing Inferences Through Data Dependencies on Sensitive DataIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2023.333663036:10(5308-5327)Online publication date: Oct-2024
https://doi.org/10.1109/TKDE.2023.3336630
Zhang WPanda AShenker SBaumann ACrooks NSchwarzkopf M(2023)Access Control for Database Applications: Beyond Policy EnforcementProceedings of the 19th Workshop on Hot Topics in Operating Systems10.1145/3593856.3595905(223-230)Online publication date: 22-Jun-2023
https://dl.acm.org/doi/10.1145/3593856.3595905
Pappachan PZhang SHe XMehrotra S(2022)Don't be a tattle-taleProceedings of the VLDB Endowment10.14778/3551793.355180515:11(2437-2449)Online publication date: 1-Jul-2022
https://dl.acm.org/doi/10.14778/3551793.3551805
Show More Cited By

A formal analysis of information disclosure in data exchange
1. Security and privacy
2. Theory of computation
  1. Theory and algorithms for application domains
    1. Database theory

Recommendations

Online information disclosure: Motivators and measurements

To increase their revenue from electronic commerce, more and more Internet businesses are soliciting personal information from consumers in order to target products and services at the right consumers. But when deciding whether to disclose their ...
A formal analysis of information disclosure in data exchange

We perform a theoretical study of the following query-view security problem: given a view V to be published, does V logically disclose information about a confidential query S? The problem is motivated by the need to manage the risk of unintended ...
Securing the information disclosure process

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGMOD '04: Proceedings of the 2004 ACM SIGMOD international conference on Management of data

June 2004

988 pages

ISBN:1581138598

DOI:10.1145/1007568

Conference Chairs:
Arnd Christian König
Microsoft Research
,
Stefan Dessloch
University of Kaiserslautern, Germany
,
General Chair:
Patrick Valduriez
INRIA, France
,
Program Chair:
Gerhard Weikum
University of the Saarland

Copyright © 2004 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGMOD: ACM Special Interest Group on Management of Data

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 June 2004

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Conference

SIGMOD/PODS04

Sponsor:

SIGMOD

SIGMOD/PODS04: International Conference on Management of Data and Symposium on Principles Database and Systems

June 13 - 18, 2004

Paris, France

Acceptance Rates

Overall Acceptance Rate 785 of 4,003 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

110
Total Citations
View Citations
1,231
Total Downloads

Downloads (Last 12 months)34
Downloads (Last 6 weeks)5

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Pappachan PZhang SHe XMehrotra S(2024)Preventing Inferences Through Data Dependencies on Sensitive DataIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2023.333663036:10(5308-5327)Online publication date: Oct-2024
https://doi.org/10.1109/TKDE.2023.3336630
Zhang WPanda AShenker SBaumann ACrooks NSchwarzkopf M(2023)Access Control for Database Applications: Beyond Policy EnforcementProceedings of the 19th Workshop on Hot Topics in Operating Systems10.1145/3593856.3595905(223-230)Online publication date: 22-Jun-2023
https://dl.acm.org/doi/10.1145/3593856.3595905
Pappachan PZhang SHe XMehrotra S(2022)Don't be a tattle-taleProceedings of the VLDB Endowment10.14778/3551793.355180515:11(2437-2449)Online publication date: 1-Jul-2022
https://dl.acm.org/doi/10.14778/3551793.3551805
Konstantinidis GHolt JChapman A(2022)Enabling personal consent in databasesProceedings of the VLDB Endowment10.14778/3489496.348951615:2(375-387)Online publication date: 4-Feb-2022
https://dl.acm.org/doi/10.14778/3489496.3489516
Kotsogiannis IDoudalis SHaney SMachanavajjhala AMehrotra S(2020)One-sided Differential Privacy2020 IEEE 36th International Conference on Data Engineering (ICDE)10.1109/ICDE48307.2020.00049(493-504)Online publication date: Apr-2020
https://doi.org/10.1109/ICDE48307.2020.00049
Wagner IEckhoff D(2018)Technical Privacy MetricsACM Computing Surveys10.1145/316838951:3(1-38)Online publication date: 12-Jun-2018
https://dl.acm.org/doi/10.1145/3168389
Luo CHe F(2018)SMT-based query tracking for differentially private data analytics systemsFrontiers of Computer Science: Selected Publications from Chinese Universities10.1007/s11704-016-6049-612:6(1192-1207)Online publication date: 1-Dec-2018
https://dl.acm.org/doi/10.1007/s11704-016-6049-6
Liu WWang LLiu WWang L(2016)Related WorkPreserving Privacy Against Side-Channel Leaks10.1007/978-3-319-42644-0_2(7-16)Online publication date: 25-Aug-2016
https://doi.org/10.1007/978-3-319-42644-0_2
Liu WWang LZhang LZhu S(2015)k-jump: A strategy to design publicly-known algorithms for privacy preserving micro-data disclosureJournal of Computer Security10.3233/JCS-14051423:2(131-165)Online publication date: 3-Jun-2015
https://doi.org/10.3233/JCS-140514
Yang BSato INakagawa HSellis TDavidson SIves Z(2015)Bayesian Differential Privacy on Correlated DataProceedings of the 2015 ACM SIGMOD International Conference on Management of Data10.1145/2723372.2747643(747-762)Online publication date: 27-May-2015
https://dl.acm.org/doi/10.1145/2723372.2747643
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten