Advertisement

A Survey of Query Auditing Techniques for Data Privacy

  • Shubha U. Nabar
  • Krishnaram Kenthapadi
  • Nina Mishra
  • Rajeev Motwani
Part of the Advances in Database Systems book series (ADBS, volume 34)

This chapter is a survey of query auditing techniques for detecting and preventing disclosures in a database containing private data. Informally, auditing is the process of examining past actions to check whether they were in conformance with official policies. In the context of database systems with specific data disclosure policies, auditing is the process of examining queries that were answered in the past to determine whether answers to these queries could have been used by an individual to ascertain confidential information forbidden by the disclosure policies. Techniques used for detecting disclosures could potentially also be used or extended to prevent disclosures, and so in addition to the retroactive auditing mentioned above, researchers have also studied an online variant of the auditing problem wherein the task of an online auditor is to deny queries that could potentially cause a breach of privacy.

Keywords

Query auditing offline auditing online auditing 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    N. Adam and J. Wortmann. Security-control methods for statistical databases: a comparative study. ACM Computing Surveys, 21(4):515–556, 1989.CrossRefGoogle Scholar
  2. 2.
    R. Agrawal, R. Bayardo, C. Faloutsos, J. Kieman, R. Rantzau, and R. Srikant. Auditing Compliance with a Hippocratic Database. In Proceedings of the International Conference on Very Large Databases (VLDB), 2004.Google Scholar
  3. 3.
    D. Applegate and R. Kannan. Sampling and integration of near log-concave functions. In Proceedings of the ACM Symposium on Theory of Computing (STOC), pages 156–163, 1991.Google Scholar
  4. 4.
    F. Chin. Security Problems on Inference Control for SUM, MAX, and MIN Queries. J. ACM, 33(3):451–464, 1986.CrossRefMathSciNetGoogle Scholar
  5. 5.
    N. Dalvi, G. Miklau, and D. Suciu. Asymptotic Conditional Probabilities for Conjunctive Queries. In Proceedings of the International Conference on Database Theory (ICDT), 2007.Google Scholar
  6. 6.
    D. Dobkin, A. Jones, and R. Lipton. Secure Databases: Protection against User Influence. ACM Transactions on Database Systems (TODS), 4(1):97–106, 1979.CrossRefGoogle Scholar
  7. 7.
    A. Frieze and R. Kannan. Log-sobolev inequalities and sampling from log-concave distributions. Annals of Applied Probability, 9(1):14–26, February 1999.zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    J. Kam and J. Ullman. A model of statistical databases and their security. ACM Transactions on Database Systems (TODS), 2(1):1–10, 1977.CrossRefGoogle Scholar
  9. 9.
    R. Kannan, L. Lovasz, and M. Simonovits. Random walks and an O (n 5) volume algorithm for convex bodies. Random Structures and Algorithms, 11, 1997.Google Scholar
  10. 10.
    K. Kenthapadi. Models and Algorithms for Data Privacy. Ph.D. Thesis, Computer Science Department, Stanford University, 2006.Google Scholar
  11. 11.
    K. Kenthapadi, N. Mishra, and K. Nissim. Simulatable Auditing. In Proceedings of the ACM Symposium on Principles of Database Systems (PODS), pages 118–127, 2005.Google Scholar
  12. 12.
    J. Kleinberg, C. Papadimitriou, and P. Raghavan. Auditing Boolean Attributes. Journal of Computer and System Sciences, 6:244–253, 2003.CrossRefMathSciNetGoogle Scholar
  13. 13.
    L. Lovasz and S. Vempala. Logconcave functions: Geometry and efficient sampling algorithms. In Proceedings of the IEEE Symposium on Foundations of Computer Science (FOCS), 2003.Google Scholar
  14. 14.
    L. Lovasz and S. Vempala. Simulated annealing in convex bodies and an O (n 4) volume algorithm. In Proceedings of the IEEE Symposium on Foundations of Computer Science (FOCS), pages 650–659, 2003.Google Scholar
  15. 15.
    A. Machanavajjhala and J. Gehrke. On the Efficiency of Checking Perfect Privacy. In Proceedings of the ACM Symposium on Principles of Database Systems (PODS), 2006.Google Scholar
  16. 16.
    G. Miklau and D. Suciu. A Formal Analysis of Information Disclosure in Data Exchange. Journal of Computer and System Sciences, 2006.Google Scholar
  17. 17.
    R. Motwani, S. U. Nabar, and D. Thomas. Auditing SQL Queries. In Proceedings of the International Conference on Data Engineering (ICDE), 2008.Google Scholar
  18. 18.
    S. U. Nabar, B. Marthi, K. Kenthapadi, N. Mishra, and R. Motwani. Towards Robustness in Query Auditing. In Proceedings of the International Conference on Very Large Databases (VLDB), 2006.Google Scholar
  19. 19.
    S. Reiss. Security in Databases: A Combinatorial Study. J. ACM, 26(1):45–57, 1979.zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • Shubha U. Nabar
    • 1
  • Krishnaram Kenthapadi
    • 2
  • Nina Mishra
    • 3
  • Rajeev Motwani
    • 1
  1. 1.Centre for Advanced Information SystemsStanford UniversityUSA
  2. 2.Centre for Advanced Information SystemsMicrosoft Search LabsUSA
  3. 3.Centre for Advanced Information SystemsUniversity of VirginiaUSA

Personalised recommendations