Statistical Database Auditing Without Query Denial Threat

Author

Haibing LU
Jaideep VAIDYA
Vijay ATLURI
Yingjiu LI, Singapore Management UniversityFollow

Publication Type

Journal Article

Publication Date

9-2014

Abstract

Statistical database auditing is the process of checking aggregate queries that are submitted in a continuous manner, to prevent inference disclosure. Compared to other data protection mechanisms, auditing has the features of flexibility and maximum information. Auditing is typically accomplished by examining responses to past queries to determine whether a new query can be answered. It has been recognized that query denials release information and can cause data disclosure. This paper proposes an auditing mechanism that is free of query denial threat and applicable to mixed types of aggregate queries, including sum, max, min, deviation, etc. The core ideas are (i) deriving the complete information leakage from each query denial and (ii) carrying the complete leaked information derived from past answered and denied queries to audit each new query. The information leakage deriving problem can be formulated as a set of parametric optimization programs, and the whole auditing process can be modeled as a series of convex optimization problems.

Keywords

statistical database, privacy, auditing, query denial, optimization

Discipline

Computer Sciences | Numerical Analysis and Scientific Computing

Research Areas

Cybersecurity

Publication

INFORMS Journal of Computing

Volume

27

Issue

1

First Page

20

Last Page

34

ISSN

1091-9856

Identifier

10.1287/ijoc.2014.0607

Publisher

INFORMS

Citation

LU, Haibing; VAIDYA, Jaideep; ATLURI, Vijay; and LI, Yingjiu. Statistical Database Auditing Without Query Denial Threat. (2014). INFORMS Journal of Computing. 27, (1), 20-34.
Available at: https://ink.library.smu.edu.sg/sis_research/2550

Additional URL

http://dx.doi.org/10.1287/ijoc.2014.0607