Statistical Database Security: Some Recent Results

  • Jan Schlörer
Conference paper
Part of the Lecture Notes in Medical Informatics book series (LNMED, volume 5)


Statistical databases containing anonymous personal records are burgeoning in many areas, among them medical research, health services and planning. Statistical database security has turned out to be a difficult topic, centering around two basic problems. The first one may be called the Identification problem: given a set of anonymous records, can some or all of these records be identified, using supplementary knowledge of the persons concerned ? Backstairs identification, as the process has aptly been named /l/, can be a real threat, and not just a theoretical possibility /I,l4,l8/. The second problem may be referred to as the output problem. Given a set of potentially identifiable anonymous records: what statistical output may be produced from this set without making the individual records “visible” (such that these records then can be identified) ? This paper describes some recent research results in statistical database security. For further information the reader may turn, e.g., to /2–5,7,8,13–15,18/.


Statistical Database Individual Record Identification Risk Leftmost Column General Tracker 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. /1/.
    Block, H., Olsson, L.: Bakvägsidentifiering. Statistisk tidskrift 14 (1976), 135–144.Google Scholar
  2. /2/.
    Chin, F.Y.: Security in statistical databases for queries with small counts. ACM Trans.Database Syst. 3 (1978), 92–104.CrossRefGoogle Scholar
  3. /3/.
    Cox, L.H.: Suppression methodology and statistical disclosure control. Confidentiality in Surveys, Report No. 26, Dept.Statist., Univ.Stockholm, Jan. 1978.Google Scholar
  4. /4/.
    Dalenius, T.: Towards a methodology for statistical disclosure control. Statistisk tidskrift 15 (1977), 429–444.Google Scholar
  5. /5/.
    Dalenius, T.: Information privacy and statistics — a topical bibliography. U.S.Bureau of the Census, Bureau of the Census Working Paper No.4l, U.S.Government Printing Office,Washington,D.C. 1978.Google Scholar
  6. /6/.
    Dalenius, T., Reiss, S.P.: Data swapping — a technique for disclosure control. Confidentiality in Surveys, Report No. 31, Dept. Statist., Univ. Stockholm, May 1978.Google Scholar
  7. /7/.
    Demillo, R.A., Dobkin, D.P., Jones, A.K., Lipton, R.J. (Eds.): Foundations of Secure Computation. Acad.Press, New York 1978.Google Scholar
  8. /8/.
    Denning, D.E.: Are statistical data bases secure? Proc.AFIPS Nat. Comput.Conf. 47 (1978), 525–530.Google Scholar
  9. /9/.
    Denning, D.E., Denning, P.J., Schwartz, M.D.: The tracker: a threat to statistical database security. ACM Trans.Database Syst. 4 (1979), 76–96.CrossRefGoogle Scholar
  10. /10/.
    Denning, D.E., Schlörer, J.: A fast procedure for finding a tracker in a statistical database. Dept.Comput.Sei.,Purdue Univ.,W.Lafayette and Inst.Med.Statist.Dok.,Univ.Gießen, Feb. 1979.Google Scholar
  11. /11/.
    Dobkin,D., Jones, A.K., Lipton, R.J.: Secure databases: protection against user influence. ACM Trans.Database Syst.4(1979), 97–106.Google Scholar
  12. /12/.
    Eimeren, W.Van, Selbmann, H.K., Überla, K.: Modell einer allgemeinen Vorsorgeuntersuchung im Jahre 1969/70 - Schlußbericht. W.E. Weinmann Druckerei, Bonlanden b. Stuttgart 1972.Google Scholar
  13. /13/.
    Kam, J.B., Ullman, J.D.: A model of statistical databases and their security. ACM Trans. Database Syst. 2 (1977), 1–10.CrossRefGoogle Scholar
  14. /14/.
    Office Of Federal Statistical Policy And Standards: Statistical policy working paper 2. Report on statistical disclosure and disclo-sure-avoidance techniques, prepared by Subcommittee on Disclosure-Avoidance Techniques, Federal Committee on Statistical Methodology. U.S.Government Printing Office, Washington, D.C. 1978.Google Scholar
  15. /15/.
    Olsson, L.: Protection of output and stored data in statistical data bases. ADB-Information 4 (1975), Statist.CentralbyrSn,Stockholm.Google Scholar
  16. /16/.
    Reiss, S.P.: Statistical database confidentiality. Confidentiality in Surveys, Report No. 25, Dept.Statistics, Univ.Stockholm,Nov. 1977.Google Scholar
  17. /17/.
    Schlörer, J.: Identification and retrieval of personal records from a statistical data bank. Meth.Inform.Med. 14 (1975), 7–13.PubMedGoogle Scholar
  18. /18/.
    Schlörer, J.: Zum Statistikgeheimnis: Risiken und Schutz statistischer Datenbanken. Datenv.Recht (DVR) 5. (1976), 203–248.Google Scholar
  19. /19/.
    Schlörer, J.: Disclosure from statistical databases: quantitative aspects of trackers. Inst.Med.Statist.Dok.,Univ.Gießen, Aug.1978, revised March 1979 (to appear in ACM Trans.Database Syst.).Google Scholar
  20. /20/.
    Schlörer, J.: Security of statistical databases: multidimensional transformation. Report TB-IMSD 2/78, Inst.Med.Statist.Dok.,Univ. Gießen, Aug.1978, revised March 1979.Google Scholar
  21. /21/.
    Schwartz, M.D.: Inference from statistical databases. Ph. D. Thesis, Dept.Comput. Sci., Purdue Univ., West Lafayette, IN. Aug. 1977.Google Scholar
  22. /22/.
    Schwartz, M.D., Denning, D.E., Denning, P.J.: Securing data bases under linear queries. Proc. IFIP Cong. 1977, North-Holland Publ. Co. 1977, 395–398.Google Scholar
  23. /23/.
    Selbmann, H.K.: Bitstring processing for statistical evaluation of large volumes of medicai data. Meth.Inform.Med. 13 (1974), 61–64.PubMedGoogle Scholar

Copyright information

© Online Conferences Ltd., Uxbridge, England 1979

Authors and Affiliations

  • Jan Schlörer
    • 1
  1. 1.Institut für Medizinische Statistik und DokumentationUniversität GießenGießenDeutschland

Personalised recommendations