Inference-Proof Updating of a Weakened View Under the Modification of Input Parameters

  • Joachim BiskupEmail author
  • Marcel PreußEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10493)


We treat a challenging problem of confidentiality-preserving data publishing: how to repeatedly update a released weakened view under a modification of the input parameter values, while continuously enforcing the confidentiality policy, i.e., without revealing a prohibited piece of information, neither for the updated view nor retrospectively for the previous versions of the view. In our semantically ambitious approach, a weakened view is determined by a two-stage procedure that takes three input parameters: (i) a confidentiality policy consisting of prohibitions in the form of pieces of information that the pertinent receiver of the view should not be able to learn, (ii) the assumed background knowledge of that receiver, and (iii) the actually stored relation instance, or the respective modification requests. Assuming that the receiver is aware of the specification of both the underlying view generation procedure and the proposed updating procedure and additionally of the declared confidentiality policy, the main challenge has been to block all meta-inferences that the receiver could make by relating subsequent views.


Background knowledge Inference-proofness History-awareness Meta-inference Policy of prohibitions Relational database Semantic confidentiality Update View generation Weakened information 


  1. 1.
    Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, Reading (1995)zbMATHGoogle Scholar
  2. 2.
    Anjum, A., Raschia, G., Gelgon, M., Khan, A., Malik, S.U.R., Ahmad, N., Ahmed, M., Suhail, S., Alam, M.M.: \(\tau \)-safety: a privacy model for sequential publication with arbitrary updates. Comput. Secur. 66, 20–39 (2017)CrossRefGoogle Scholar
  3. 3.
    Biskup, J., Gogolin, C., Seiler, J., Weibert, T.: Inference-proof view update transactions with forwarded refreshments. J. Comput. Secur. 19, 487–529 (2011)CrossRefGoogle Scholar
  4. 4.
    Biskup, J., Preuß, M.: Information control by policy-based relational weakening templates. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 361–381. Springer, Cham (2016). doi: 10.1007/978-3-319-45741-3_19CrossRefGoogle Scholar
  5. 5.
    Biskup, J., Tadros, C.: Inference-proof view update transactions with minimal refusals. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM/SETOP -2011. LNCS, vol. 7122, pp. 104–121. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-28879-1_8CrossRefGoogle Scholar
  6. 6.
    Biskup, J., Tadros, C.: Preserving confidentiality while reacting on iterated queries and belief revisions. Ann. Math. Artif. Intell. 73(1–2), 75–123 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Byun, J., Li, T., Bertino, E., Li, N., Sohn, Y.: Privacy-preserving incremental data dissemination. J. Comput. Secur. 17(1), 43–68 (2009)CrossRefGoogle Scholar
  8. 8.
    Fung, B.C.M., Wang, K., Chen, R., Yu, P.S.: Privacy-preserving data publishing: a survey of recent developments. ACM Comput. Surv. 42(4), 14:1–14:53 (2010)CrossRefGoogle Scholar
  9. 9.
    Halpern, J.Y., O’Neill, K.R.: Secrecy in multiagent systems. ACM Trans. Inf. Syst. Secur. 12(1), 5.1–5.47 (2008)CrossRefGoogle Scholar
  10. 10.
    Levesque, H.J., Lakemeyer, G.: The Logic of Knowledge Bases. MIT Press, Cambridge (2000)zbMATHGoogle Scholar
  11. 11.
    Li, J., Baig, M.M., Sattar, A.H.M.S., Ding, X., Liu, J., Vincent, M.W.: A hybrid approach to prevent composition attacks for independent data releases. Inf. Sci. 367–368, 324–336 (2016)CrossRefGoogle Scholar
  12. 12.
    A. Machanavajjhala, D. Kifer, J. Gehrke, and M. Venkitasubramaniam. \(\ell \)-diversity: privacy beyond \(k\)-anonymity. ACM Trans. Knowl. Discov. Data 1(1) (2007). Article 3Google Scholar
  13. 13.
    Nerode, A., Shore, R.: Logic for Applications, 2nd edn. Springer, Heidelberg (1997)CrossRefzbMATHGoogle Scholar
  14. 14.
    Preuß, M.: Inference-proof materialized views. Ph.D. thesis, Dortmund University of Technology, Germany (2016)Google Scholar
  15. 15.
    Samarati, P.: Protecting respondents’ identities in microdata release. IEEE Trans. Knowl. Data Eng. 13(6), 1010–1027 (2001)CrossRefGoogle Scholar
  16. 16.
    Shmueli, E., Tassa, T.: Privacy by diversity in sequential releases of databases. Inf. Sci. 298, 344–372 (2015)CrossRefzbMATHGoogle Scholar
  17. 17.
    Sweeney, L.: \(k\)-anonymity: a model for protecting privacy. Int. J. Uncertainty Fuzziness Knowl.-Based Syst. 10(5), 557–570 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Wang, K., Fung, B.C.M.: Anonymizing sequential releases. In: Eliassi-Rad, T., Ungar, L.H., Craven, M., Gunopulos, D. (eds.) Knowledge Discovery and Data Mining, KDD 2006, pp. 414–423. ACM (2006)Google Scholar
  19. 19.
    Xiao, X., Tao, Y.: M-invariance: towards privacy preserving re-publication of dynamic datasets. In: Chan, C.Y., Ooi, B.C., Zhou, A. (eds.) Management of Data, SIGMOD 2007, pp. 689–700. ACM (2007)Google Scholar
  20. 20.
    Yao, C., Wang, X.S., Jajodia, S.: Checking for k-anonymity violation by views. In: Böhm, K., Jensen, C.S., Haas, L.M., Kersten, M.L., Larson, P.-Å., Ooi, B.C. (eds.) Very Large Data Bases, VLDB 2005, pp. 910–921. ACM (2005)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Technische Universität DortmundDortmundGermany

Personalised recommendations