Auditing Interval-Based Inference

  • Yingjiu Li
  • Lingyu Wang
  • X. Sean Wang
  • Sushil Jajodia
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2348)


In this paper we study the feasibility of auditing interval-based inference. Sensitive information about individuals is said to be compromised if an accurate enough interval, called inference interval, is obtained into which the value of the sensitive information must fall. Compared with auditing exact inference that is traditionally studied, auditing interval-based inference is more complicated. Existing auditing methods such as audit expert do not apply to this case. Our result shows that it is intractable to audit interval-based inference for bounded integer values; while for bounded real values, the auditing problem is polynomial yet involves complicated computation of mathematical programming. To further examine the practicability of auditing interval-based inference, we classify various auditing methods into three categories: exact auditing, optimistic auditing, and pessimistic auditing. We analyze the trade-offs that can be achieved by these methods among various auditing objectives: inference security, database usability, and auditing complexity.


Audit System Statistical Database Database Usability Exact Inference Inference Control 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    N.R. Adam and J.C. Wortmann. Security-control methods for statistical databases: a comparative study. ACM Computing Surveys, 21(4):515–556, 1989.CrossRefGoogle Scholar
  2. 2.
    L.L. Beck. A security mechanism for statistical databases. ACM Trans. on Database Systems, 5(3):316–338, 1980.zbMATHCrossRefGoogle Scholar
  3. 3.
    A. Brodsky, C. Farkas, and S. Jajodia. Secure databases: Constraints, inference channels, and monitoring disclosures. IEEE Trans. Knowledge and Data Engineering, 12(6):900–919, 2000.CrossRefGoogle Scholar
  4. 4.
    A. Brodsky, C. Farkas, D. Wijesekera, and X.S. Wang. Constraints, inference channels and secure databases. In the 6th International Conference on Principles and Practice of Constraint Programming, pages 98–113, 2000.Google Scholar
  5. 5.
    F.Y. Chin, P. Kossowski, and S.C. Loh. Efficient inference control for range sum queries. Theoretical Computer Science, 32:77–86, 1984.MathSciNetzbMATHCrossRefGoogle Scholar
  6. 6.
    F.Y. Chin and G. Özsoyoglu. Security in partitioned dynamic statistical databases. In Proc. of IEEE COMPSAC, pages 594–601, 1979.Google Scholar
  7. 7.
    F.Y. Chin and G. Özsoyoglu. Statistical database design. ACM Trans. on Database Systems, 6(1):113–139, 1981.CrossRefGoogle Scholar
  8. 8.
    F.Y. Chin and G. Özsoyoglu. Auditing and inference control in statistical databases. IEEE Trans. on Software Engineering, 8(6):574–582, 1982.zbMATHCrossRefGoogle Scholar
  9. 9.
    L.H. Cox. Suppression methodology and statistical disclosure control. Journal of American Statistic Association, 75(370):377–385, 1980.zbMATHCrossRefGoogle Scholar
  10. 10.
    D.E. Denning. Are statistical data bases secure? In AFIPS conference proceedings, volume 47, pages 199–204, 1978.Google Scholar
  11. 11.
    D.E. Denning. Secure statistical databases with random sample queries. ACM Trans. on Database Systems, 5(3):291–315, 1980.zbMATHCrossRefGoogle Scholar
  12. 12.
    D.E. Denning and P.J. Denning. Data security. ACM computing surveys, 11(3):227–249, 1979.CrossRefGoogle Scholar
  13. 13.
    D.E. Denning, P.J. Denning, and M.D. Schwartz. The tracker: A threat to statistical database security. ACM Trans. on Database Systems, 4(1):76–96, 1979.CrossRefGoogle Scholar
  14. 14.
    D.E. Denning and J. Schlörer. Inference controls for statistical databases. IEEE Computer, 16(7):69–82, 1983.CrossRefGoogle Scholar
  15. 15.
    D. Dobkin, A.K. Jones, and R.J. Lipton. Secure databases: protection against user influence. ACM Trans. on Database Systems, 4(1):97–106, 1979.CrossRefGoogle Scholar
  16. 16.
    J. Domingo-Ferrer and J. M. Mateo-Sanz. Practical data-oriented microaggregation for statistical disclosure control. IEEE Trans. Knowledge and Data Engineering (to appear).Google Scholar
  17. 17.
    L.P. Fellegi. On the qestion of statistical confidentiality. Journal of American Statistic Association, 67(337):7–18, 1972.zbMATHCrossRefGoogle Scholar
  18. 18.
    R. Fourer. Linear programming frequently asked questions. Optimization Technology Center of Northwestern University and Argonne National Laboratory, 2001.
  19. 19.
    J.P. Ignizio and T.M. Cavalier. Linear Programming. Prentice Hall, 1994.Google Scholar
  20. 20.
    J. Kleinberg, C. Papadimitriou, and P. Raghavan. Auditing boolean attributes. In Proc. of the 9th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, pages 86–91, 2000.Google Scholar
  21. 21.
    Y. Li, L. Wang, and S. Jajodia. Preventing interval-based inference by random data perturbation. In Workshop on Privacy Enhancing Technologies (to appear).Google Scholar
  22. 22.
    Y. Li, S. Zhu, L. Wang, and S. Jajodia. A privacy-enhanced microaggregation method. In Proc. of the 2nd International Symposium on Foundations of Information and Knowledge Systems, pages 148–159, 2002.Google Scholar
  23. 23.
    F.M. Malvestuto and M. Moscarini. Computational issues connected with the protection of sensetive statistics by auditing sum-queries. In Proc. of IEEE Scientific and Statistical Database Management, pages 134–144, 1998.Google Scholar
  24. 24.
    M.A. Palley. Security of statistical databases compromise through attribute correlational modeling. In Proc. of IEEE Conference on Data Engineering, pages 67–74, 1986.Google Scholar
  25. 25.
    J. Schlörer. Security of statistical databases: multidimensional transformation. ACM Trans. on Database Systems, 6(1):95–112, 1981.zbMATHCrossRefGoogle Scholar
  26. 26.
    A. Schrijver. Theory of Linear and Integer Programming. Wiley, 1986.Google Scholar
  27. 27.
    J.F. Traub, Y. Yemini, and H. Woźnaikowski. The statistical security of a statistical database. ACM Trans. on Database Systems, 9(4):672–679, 1984.CrossRefGoogle Scholar
  28. 28.
    S.L. Warner. A survey technique for eliminating evasive answer bias. Journal of American Statistic Association, 60(309):63–69, 1965.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Yingjiu Li
    • 1
  • Lingyu Wang
    • 1
  • X. Sean Wang
    • 1
  • Sushil Jajodia
    • 1
  1. 1.Center for Secure Information SystemsGeorge Mason UniversityFairfaxUSA

Personalised recommendations