A Survey of Query Auditing Techniques for Data Privacy
This chapter is a survey of query auditing techniques for detecting and preventing disclosures in a database containing private data. Informally, auditing is the process of examining past actions to check whether they were in conformance with official policies. In the context of database systems with specific data disclosure policies, auditing is the process of examining queries that were answered in the past to determine whether answers to these queries could have been used by an individual to ascertain confidential information forbidden by the disclosure policies. Techniques used for detecting disclosures could potentially also be used or extended to prevent disclosures, and so in addition to the retroactive auditing mentioned above, researchers have also studied an online variant of the auditing problem wherein the task of an online auditor is to deny queries that could potentially cause a breach of privacy.
KeywordsQuery auditing offline auditing online auditing
Unable to display preview. Download preview PDF.
- 2.R. Agrawal, R. Bayardo, C. Faloutsos, J. Kieman, R. Rantzau, and R. Srikant. Auditing Compliance with a Hippocratic Database. In Proceedings of the International Conference on Very Large Databases (VLDB), 2004.Google Scholar
- 3.D. Applegate and R. Kannan. Sampling and integration of near log-concave functions. In Proceedings of the ACM Symposium on Theory of Computing (STOC), pages 156–163, 1991.Google Scholar
- 5.N. Dalvi, G. Miklau, and D. Suciu. Asymptotic Conditional Probabilities for Conjunctive Queries. In Proceedings of the International Conference on Database Theory (ICDT), 2007.Google Scholar
- 9.R. Kannan, L. Lovasz, and M. Simonovits. Random walks and an O ∗(n 5) volume algorithm for convex bodies. Random Structures and Algorithms, 11, 1997.Google Scholar
- 10.K. Kenthapadi. Models and Algorithms for Data Privacy. Ph.D. Thesis, Computer Science Department, Stanford University, 2006.Google Scholar
- 11.K. Kenthapadi, N. Mishra, and K. Nissim. Simulatable Auditing. In Proceedings of the ACM Symposium on Principles of Database Systems (PODS), pages 118–127, 2005.Google Scholar
- 13.L. Lovasz and S. Vempala. Logconcave functions: Geometry and efficient sampling algorithms. In Proceedings of the IEEE Symposium on Foundations of Computer Science (FOCS), 2003.Google Scholar
- 14.L. Lovasz and S. Vempala. Simulated annealing in convex bodies and an O ∗(n 4) volume algorithm. In Proceedings of the IEEE Symposium on Foundations of Computer Science (FOCS), pages 650–659, 2003.Google Scholar
- 15.A. Machanavajjhala and J. Gehrke. On the Efficiency of Checking Perfect Privacy. In Proceedings of the ACM Symposium on Principles of Database Systems (PODS), 2006.Google Scholar
- 16.G. Miklau and D. Suciu. A Formal Analysis of Information Disclosure in Data Exchange. Journal of Computer and System Sciences, 2006.Google Scholar
- 17.R. Motwani, S. U. Nabar, and D. Thomas. Auditing SQL Queries. In Proceedings of the International Conference on Data Engineering (ICDE), 2008.Google Scholar
- 18.S. U. Nabar, B. Marthi, K. Kenthapadi, N. Mishra, and R. Motwani. Towards Robustness in Query Auditing. In Proceedings of the International Conference on Very Large Databases (VLDB), 2006.Google Scholar