Self-Enforcing Private Inference Control
Conference Proceeding Article
Private inference control enables simultaneous enforcement of inference control and protection of users’ query privacy. Private inference control is a useful tool for database applications, especially when users are increasingly concerned about individual privacy nowadays. However, protection of query privacy on top of inference control is a double-edged sword: without letting the database server know the content of user queries, users can easily launch DoS attacks. To assuage DoS attacks in private inference control, we propose the concept of self-enforcing private inference control, whose intuition is to force users to only make inference-free queries by enforcing inference control themselves; otherwise, penalty will inflict upon the violating users. Towards instantiating the concept, we formalize a model on self- enforcing private inference control, and propose a concrete provably secure scheme, based on Woodruff and Staddon’s work. In our construction, “penalty” is instantiated to be a deprivation of users’ access privilege: so long as a user makes an inference-enabling query, his access privilege is forfeited and he is rejected to query the database any further. We also discuss several important issues that complement and enhance the basic scheme.
Information Security and Trust
Provable Security, Third International Conference (ProvSec 2009)
City or Country
YANG, Yanjiang; LI, Yingjiu; Weng, Jian; ZHOU, Jianying; and Bao, Feng.
Self-Enforcing Private Inference Control. (2009). Provable Security, Third International Conference (ProvSec 2009). 260-274. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/493