Auditing Interval-Based Inference
In this paper we study the feasibility of auditing interval-based inference. Sensitive information about individuals is said to be compromised if an accurate enough interval, called inference interval, is obtained into which the value of the sensitive information must fall. Compared with auditing exact inference that is traditionally studied, auditing interval-based inference is more complicated. Existing auditing methods such as audit expert do not apply to this case. Our result shows that it is intractable to audit interval-based inference for bounded integer values; while for bounded real values, the auditing problem is polynomial yet involves complicated computation of mathematical programming. To further examine the practicability of auditing interval-based inference, we classify various auditing methods into three categories: exact auditing, optimistic auditing, and pessimistic auditing. We analyze the trade-offs that can be achieved by these methods among various auditing objectives: inference security, database usability, and auditing complexity.
KeywordsAudit System Statistical Database Database Usability Exact Inference Inference Control
- 4.A. Brodsky, C. Farkas, D. Wijesekera, and X.S. Wang. Constraints, inference channels and secure databases. In the 6th International Conference on Principles and Practice of Constraint Programming, pages 98–113, 2000.Google Scholar
- 6.F.Y. Chin and G. Özsoyoglu. Security in partitioned dynamic statistical databases. In Proc. of IEEE COMPSAC, pages 594–601, 1979.Google Scholar
- 10.D.E. Denning. Are statistical data bases secure? In AFIPS conference proceedings, volume 47, pages 199–204, 1978.Google Scholar
- 16.J. Domingo-Ferrer and J. M. Mateo-Sanz. Practical data-oriented microaggregation for statistical disclosure control. IEEE Trans. Knowledge and Data Engineering (to appear).Google Scholar
- 18.R. Fourer. Linear programming frequently asked questions. Optimization Technology Center of Northwestern University and Argonne National Laboratory, 2001. http://www-unix.mcs.anl.gov/otc/Guide/faq/linear-programming-faq.html.
- 19.J.P. Ignizio and T.M. Cavalier. Linear Programming. Prentice Hall, 1994.Google Scholar
- 20.J. Kleinberg, C. Papadimitriou, and P. Raghavan. Auditing boolean attributes. In Proc. of the 9th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, pages 86–91, 2000.Google Scholar
- 21.Y. Li, L. Wang, and S. Jajodia. Preventing interval-based inference by random data perturbation. In Workshop on Privacy Enhancing Technologies (to appear).Google Scholar
- 22.Y. Li, S. Zhu, L. Wang, and S. Jajodia. A privacy-enhanced microaggregation method. In Proc. of the 2nd International Symposium on Foundations of Information and Knowledge Systems, pages 148–159, 2002.Google Scholar
- 23.F.M. Malvestuto and M. Moscarini. Computational issues connected with the protection of sensetive statistics by auditing sum-queries. In Proc. of IEEE Scientific and Statistical Database Management, pages 134–144, 1998.Google Scholar
- 24.M.A. Palley. Security of statistical databases compromise through attribute correlational modeling. In Proc. of IEEE Conference on Data Engineering, pages 67–74, 1986.Google Scholar
- 26.A. Schrijver. Theory of Linear and Integer Programming. Wiley, 1986.Google Scholar