Self-Enforcing Private Inference Control

Publication Type

Conference Proceeding Article

Publication Date

11-2009

Abstract

Private inference control enables simultaneous enforcement of inference control and protection of users’ query privacy. Private inference control is a useful tool for database applications, especially when users are increasingly concerned about individual privacy nowadays. However, protection of query privacy on top of inference control is a double-edged sword: without letting the database server know the content of user queries, users can easily launch DoS attacks. To assuage DoS attacks in private inference control, we propose the concept of self-enforcing private inference control, whose intuition is to force users to only make inference-free queries by enforcing inference control themselves; otherwise, penalty will inflict upon the violating users. Towards instantiating the concept, we formalize a model on self- enforcing private inference control, and propose a concrete provably secure scheme, based on Woodruff and Staddon’s work. In our construction, “penalty” is instantiated to be a deprivation of users’ access privilege: so long as a user makes an inference-enabling query, his access privilege is forfeited and he is rejected to query the database any further. We also discuss several important issues that complement and enhance the basic scheme.

Discipline

Information Security

Research Areas

Information Security and Trust

Publication

Provable Security, Third International Conference (ProvSec 2009)

First Page

260

Last Page

274

ISBN

9783642046414

Identifier

10.1007/978-3-642-04642-1_21

Publisher

Springer Verlag

City or Country

China

Comments

5848/2009

Additional URL

http://dx.doi.org/10.1007/978-3-642-04642-1_21

Link to Full Text

Share

COinS