Abstract
A fundamental problem in online query auditing is that an outside attacker may compromise database privacy by exploiting the sequence of query responses and the information flow from the database state to the auditing decision. Kenthapadi et al. [14] proposed the simulatable auditing model to solve this problem in a way that completely blocks the aforementioned information flow. However, the security does not come for free. The simulatable auditing model actually suffers from unnecessary data utility loss.
We assert that in order to guarantee database privacy, blocking the information flow from the true database state to the auditing decision is sufficient but far from necessary. To limit the loss in data utility, we suggest an alternative approach that controls, instead of blocks, such information flow. To this end, we introduce a new model, called simulatable binding, in which the information flow from the true database state to the auditing decision is provably controlled by a selected safe binding. We prove that the proposed simulatable binding model provides a sufficient and necessary condition to guarantee database privacy, and therefore, algorithms based on our model will provide better data utility than algorithms based on the simulatable auditing model. To demonstrate the strength and practicality of our model, we provide two efficient algorithms for the max query and sum query auditing, respectively. For the ease of comparison, each algorithm is built by applying our simulatable binding model, and is compared to an algorithm applying the simulatable auditing model. Clear improvements are shown through experiments.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adam, N., Wortmann, J.: Security-control methods for statistical databases: a comparative study. ACM Computing Surveys 21(4), 515–556 (1989)
Agrawal, R., Bayardo, R., Faloutsos, C., Kiernan, J., Rantzau, R., Srikant, R.: Auditing compliance with a hippocratic database. In: Proceedings of ACM VLDB, pp. 516–527 (2004)
Agrawal, R., Srikant, R.: Privacy-preserving data mining. In: Proceedings of ACM SIGMOD, pp. 439–450 (2000)
Agrawal, R., Srikant, R., Thomas, D.: Privacy-preserving olap. In: Proceedings of ACM SIGMOD, pp. 251–262 (2005)
Biskup, J., Bonatti, P.A.: Controlled query evaluation for known policies by combining lying and refusal. Annals of Mathematics and Artificial Intelligence 40(1-2), 37–62 (2004)
Blum, A., Dwork, C., McSherry, F., Nissim, K.: Practical privacy: the sulq framework. In: Proceedings of ACM PODS, pp. 128–138 (2005)
Chin, F.: Security problems on inference control for sum, max, and min queries. Journal of ACM 33(3), 451–464 (1986)
Chin, F., Ozsoyoglu, G.: Auditing for secure statistical databases. In: Proceedings of ACM 1981 conference, pp. 53–59 (1981)
Dinur, I., Nissim, K.: Revealing information while preserving privacy. In: Proceedings of ACM PODS, pp. 202–210 (2003)
Dobkin, D., Jones, A.K., Lipton, R.J.: Secure databases: protection against user influence. ACM Transactions on Database Systems 4(1), 97–106 (1979)
Dwork, C., Nissim, K.: Privacy-preserving data mining on vertically partitioned databases. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 528–544. Springer, Heidelberg (2004)
Evfimievski, A., Gehrke, J., Srikant, R.: Limiting privacy breaches in privacy preserving data mining. In: Proceedings of ACM PODS, pp. 211–222 (2003)
Kam, J.B., Ullman, J.D.: A model of statistical database and their security. ACM Transactions on Database Systems 2(1), 1–10 (1977)
Kenthapadi, K., Mishra, N., Nissim, K.: Simulatable auditing. In: Proceedings of ACM PODS, pp. 118–127 (2005)
Kleinberg, J., Papadimitriou, C., Raghavan, P.: Auditing boolean attributes. Journal of Computer and System Sciences 66(1), 244–253 (2003)
Li, Y., Wang, L., Wang, X., Jajodia, S.: Auditing interval-based inference. In: Pidduck, A.B., Mylopoulos, J., Woo, C.C., Ozsu, M.T. (eds.) CAiSE 2002. LNCS, vol. 2348, pp. 553–568. Springer, Heidelberg (2002)
Mishra, N., Sandler, M.: Privacy via pseudorandom sketches. In: Proceedings of ACM PODS, pp. 143–152 (2006)
Nabar, S.U., Marthi, B., Kenthapadi, K., Mishra, N., Motwani, R.: Towards robustness in query auditing. In: Proceedings of ACM VLDB, pp. 151–162 (2006)
Reiss, S.P.: Security in databases: A combinatorial study. Journal of ACM 26(1), 45–57 (1979)
Warner, S.: Randomized response: A survey technique for eliminating error answer bias. Journal of American Statistical Association 60(309), 63–69 (1965)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, L., Jajodia, S., Brodsky, A. (2008). Simulatable Binding: Beyond Simulatable Auditing. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2008. Lecture Notes in Computer Science, vol 5159. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85259-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-540-85259-9_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85258-2
Online ISBN: 978-3-540-85259-9
eBook Packages: Computer ScienceComputer Science (R0)