Abstract
The transmission of own and partly confidential data to another agent, e.g., for cloud computing, comes along with the risk of enabling the receiver to infer information he is not entitled to learn. We consider a specific countermeasure against unwanted inferences about associations between data values whose combination of attributes are declared to be sensitive. This countermeasure fragments a relation instance into attribute-disjoint and duplicate-preserving projections such that no sensitive attribute combination is contained in any projection. Though attribute-disjointness is intended to make a reconstruction of original data impossible for the receiver, the goal of inference-proofness will not always be accomplished. In particular, inferences might be based on combinatorial effects, since duplicate-preservation implies that the frequencies of value associations in visible projections equals those in the original relation instance. Moreover, the receiver might exploit functional dependencies, numerical dependencies and tuple-generating dependencies, as presumably known from the underlying database schema. We identify several conditions for a fragmentation to violate inference-proofness. Besides complementing classical results about lossless decompositions, our results could be employed for designing better countermeasures.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Where appropriate and convenient, we distinguish between a tuple and a tuple instance: we call an assignment of values to some attributes a tuple, whereas we refer to an occurrence of a tuple as a tuple instance having in mind that a relation instance allowing duplicates might contain multiple instances of the same tuple.
- 2.
As discussed above, if we allowed duplicates in original relation instances, the condition would also be necessary.
References
Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, Reading (1995)
Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., Xu, Y.: Two can keep a secret: a distributed architecture for secure database services. In: 2nd Biennial Conference on Innovative Data Systems Research, CIDR 2005, pp. 186–199 (2005). Online Proceedings
Armstrong, W.W.: Dependency structures of data base relationships. In: IFIP Congress, pp. 580–583 (1974)
Beeri, C., Vardi, M.Y.: Formal systems for tuple and equality generating dependencies. SIAM J. Comput. 13(1), 76–98 (1984). https://doi.org/10.1137/0213006
Benczúr, A., Kiss, A., Márkus, T.: On a general class of data dependencies in the relational model and its implication problem. Comput. Math. Appl. 21(1), 1–11 (1991)
Biskup, J.: Selected results and related issues of confidentiality-preserving controlled interaction execution. In: Gyssens, M., Simari, G. (eds.) FoIKS 2016. LNCS, vol. 9616, pp. 211–234. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30024-5_12
Biskup, J., Bonatti, P.A., Galdi, C., Sauro, L.: Optimality and complexity of inference-proof data filtering and CQE. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 165–181. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_10
Biskup, J., Link, S.: Appropriate inferences of data dependencies in relational databases. Ann. Math. Artif. Intell. 63(3–4), 213–255 (2011). https://doi.org/10.1007/s10472-012-9275-0
Biskup, J., Paredaens, J., Schwentick, T., Van den Bussche, J.: Solving equations in the relational algebra. SIAM J. Comput. 33(5), 1052–1066 (2004). https://doi.org/10.1137/S0097539701390859
Biskup, J., Preuß, M.: Database fragmentation with encryption: under which semantic constraints and a priori knowledge can two keep a secret? In: Wang, L., Shafiq, B. (eds.) DBSec 2013. LNCS, vol. 7964, pp. 17–32. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39256-6_2
Biskup, J., Preuß, M., Wiese, L.: On the inference-proofness of database fragmentation satisfying confidentiality constraints. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 246–261. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24861-0_17
Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Enforcing confidentiality constraints on sensitive databases with lightweight trusted clients. In: Gudes, E., Vaidya, J. (eds.) DBSec 2009. LNCS, vol. 5645, pp. 225–239. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03007-9_15
Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Keep a few: outsourcing data while maintaining confidentiality. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 440–455. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04444-1_27
Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Combining fragmentation and encryption to protect privacy in data storage. ACM Trans. Inf. Syst. Secur. 13(3), 22:1–22:33 (2010). Article no. 22
De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Livraga, G., Paraboschi, S., Samarati, P.: Fragmentation in presence of data dependencies. IEEE Trans. Dependable Secur. Comput. 11(6), 510–523 (2014)
Demetrovics, J., Katona, G.O.H., Sali, A.: The characterization of branching dependencies. Discrete Appl. Math. 40(2), 139–153 (1992). https://doi.org/10.1016/0166-218X(92)90027–8
Denning, D.E.: Cryptography and Data Security. Addison-Wesley, Reading (1982)
Fung, B.C.M., Wang, K., Fu, A.W.C., Yu, P.S.: Introduction to Privacy-Preserving Data Publishing - Concepts and Techniques. Chapman & Hall/CRC, Boca Raton (2011)
Ganapathy, V., Thomas, D., Feder, T., Garcia-Molina, H., Motwani, R.: Distributing data for secure database services. Trans. Data Privacy 5(1), 253–272 (2012)
Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness. Freeman, New York (1979)
Grant, J., Minker, J.: Inferences for numerical dependencies. Theor. Comput. Sci. 41, 271–287 (1985). https://doi.org/10.1016/0304-3975(85)90075–1
Hartmann, S.: On the implication problem for cardinality constraints and functional dependencies. Ann. Math. Artif. Intell. 33(2–4), 253–307 (2001). https://doi.org/10.1023/A:1013133428451
Kolahi, S., Libkin, L.: An information-theoretic analysis of worst-case redundancy in database design. ACM Trans. Database Syst. 35(1), 5:1–5:32 (2010). https://doi.org/10.1145/1670243.1670248
Libkin, L.: Certain answers as objects and knowledge. Artif. Intell. 232, 1–19 (2016). https://doi.org/10.1016/j.artint.2015.11.004
Sagiv, Y., Delobel, C., Parker Jr., D.S., Fagin, R.: An equivalence between relational database dependencies and a fragment of propositional logic. J. ACM 28(3), 435–453 (1981). https://doi.org/10.1145/322261.322263
Sali Sr., A., Sali, A.: Generalized dependencies in relational databases. Acta Cybern. 13(4), 431–438 (1998)
Thalheim, B.: Entity-Relationship Modeling - Foundations of Database Technology. Springer, Heidelberg (2000). https://doi.org/10.1007/978-3-662-04058-4
Xu, X., Xiong, L., Liu, J.: Database fragmentation with confidentiality constraints: a graph search approach. In: Park, J., Squicciarini, A.C. (eds.) 5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015, pp. 263–270. ACM (2015)
Acknowledgment
We would like to thank Manh Linh Nguyen for stimulating discussions while he has prepared his master thesis on a partial analysis of the approach of fragmentation with encryption to protect privacy in data storage.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Biskup, J., Preuß, M. (2018). Inferences from Attribute-Disjoint and Duplicate-Preserving Relational Fragmentations. In: Ferrarotti, F., Woltran, S. (eds) Foundations of Information and Knowledge Systems. FoIKS 2018. Lecture Notes in Computer Science(), vol 10833. Springer, Cham. https://doi.org/10.1007/978-3-319-90050-6_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-90050-6_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-90049-0
Online ISBN: 978-3-319-90050-6
eBook Packages: Computer ScienceComputer Science (R0)