Skip to main content
SpringerLink
Log in

Simulatable Binding: Beyond Simulatable Auditing

  • Conference paper
Secure Data Management (SDM 2008)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5159))

Included in the following conference series:

Abstract

A fundamental problem in online query auditing is that an outside attacker may compromise database privacy by exploiting the sequence of query responses and the information flow from the database state to the auditing decision. Kenthapadi et al. [14] proposed the simulatable auditing model to solve this problem in a way that completely blocks the aforementioned information flow. However, the security does not come for free. The simulatable auditing model actually suffers from unnecessary data utility loss.

We assert that in order to guarantee database privacy, blocking the information flow from the true database state to the auditing decision is sufficient but far from necessary. To limit the loss in data utility, we suggest an alternative approach that controls, instead of blocks, such information flow. To this end, we introduce a new model, called simulatable binding, in which the information flow from the true database state to the auditing decision is provably controlled by a selected safe binding. We prove that the proposed simulatable binding model provides a sufficient and necessary condition to guarantee database privacy, and therefore, algorithms based on our model will provide better data utility than algorithms based on the simulatable auditing model. To demonstrate the strength and practicality of our model, we provide two efficient algorithms for the max query and sum query auditing, respectively. For the ease of comparison, each algorithm is built by applying our simulatable binding model, and is compared to an algorithm applying the simulatable auditing model. Clear improvements are shown through experiments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Adam, N., Wortmann, J.: Security-control methods for statistical databases: a comparative study. ACM Computing Surveys 21(4), 515–556 (1989)

    Article  Google Scholar 

  2. Agrawal, R., Bayardo, R., Faloutsos, C., Kiernan, J., Rantzau, R., Srikant, R.: Auditing compliance with a hippocratic database. In: Proceedings of ACM VLDB, pp. 516–527 (2004)

    Google Scholar 

  3. Agrawal, R., Srikant, R.: Privacy-preserving data mining. In: Proceedings of ACM SIGMOD, pp. 439–450 (2000)

    Google Scholar 

  4. Agrawal, R., Srikant, R., Thomas, D.: Privacy-preserving olap. In: Proceedings of ACM SIGMOD, pp. 251–262 (2005)

    Google Scholar 

  5. Biskup, J., Bonatti, P.A.: Controlled query evaluation for known policies by combining lying and refusal. Annals of Mathematics and Artificial Intelligence 40(1-2), 37–62 (2004)

    Article  MATH  MathSciNet  Google Scholar 

  6. Blum, A., Dwork, C., McSherry, F., Nissim, K.: Practical privacy: the sulq framework. In: Proceedings of ACM PODS, pp. 128–138 (2005)

    Google Scholar 

  7. Chin, F.: Security problems on inference control for sum, max, and min queries. Journal of ACM 33(3), 451–464 (1986)

    Article  MathSciNet  Google Scholar 

  8. Chin, F., Ozsoyoglu, G.: Auditing for secure statistical databases. In: Proceedings of ACM 1981 conference, pp. 53–59 (1981)

    Google Scholar 

  9. Dinur, I., Nissim, K.: Revealing information while preserving privacy. In: Proceedings of ACM PODS, pp. 202–210 (2003)

    Google Scholar 

  10. Dobkin, D., Jones, A.K., Lipton, R.J.: Secure databases: protection against user influence. ACM Transactions on Database Systems 4(1), 97–106 (1979)

    Article  Google Scholar 

  11. Dwork, C., Nissim, K.: Privacy-preserving data mining on vertically partitioned databases. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 528–544. Springer, Heidelberg (2004)

    Google Scholar 

  12. Evfimievski, A., Gehrke, J., Srikant, R.: Limiting privacy breaches in privacy preserving data mining. In: Proceedings of ACM PODS, pp. 211–222 (2003)

    Google Scholar 

  13. Kam, J.B., Ullman, J.D.: A model of statistical database and their security. ACM Transactions on Database Systems 2(1), 1–10 (1977)

    Article  Google Scholar 

  14. Kenthapadi, K., Mishra, N., Nissim, K.: Simulatable auditing. In: Proceedings of ACM PODS, pp. 118–127 (2005)

    Google Scholar 

  15. Kleinberg, J., Papadimitriou, C., Raghavan, P.: Auditing boolean attributes. Journal of Computer and System Sciences 66(1), 244–253 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  16. Li, Y., Wang, L., Wang, X., Jajodia, S.: Auditing interval-based inference. In: Pidduck, A.B., Mylopoulos, J., Woo, C.C., Ozsu, M.T. (eds.) CAiSE 2002. LNCS, vol. 2348, pp. 553–568. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  17. Mishra, N., Sandler, M.: Privacy via pseudorandom sketches. In: Proceedings of ACM PODS, pp. 143–152 (2006)

    Google Scholar 

  18. Nabar, S.U., Marthi, B., Kenthapadi, K., Mishra, N., Motwani, R.: Towards robustness in query auditing. In: Proceedings of ACM VLDB, pp. 151–162 (2006)

    Google Scholar 

  19. Reiss, S.P.: Security in databases: A combinatorial study. Journal of ACM 26(1), 45–57 (1979)

    Article  MATH  MathSciNet  Google Scholar 

  20. Warner, S.: Randomized response: A survey technique for eliminating error answer bias. Journal of American Statistical Association 60(309), 63–69 (1965)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center for Secure Information Systems, George Mason University, Fairfax, VA, U.S.A.

    Lei Zhang, Sushil Jajodia & Alexander Brodsky

Authors
  1. Lei Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sushil Jajodia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alexander Brodsky
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Willem Jonker Milan Petković

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zhang, L., Jajodia, S., Brodsky, A. (2008). Simulatable Binding: Beyond Simulatable Auditing. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2008. Lecture Notes in Computer Science, vol 5159. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85259-9_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-85259-9_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-85258-2

  • Online ISBN: 978-3-540-85259-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation