Article

Disclosure Analysis and Control in Statistical Databases

Authors:

Haibing LuAuthors Info & Claims

ESORICS '08: Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security

Pages 146 - 160

https://doi.org/10.1007/978-3-540-88313-5_10

Published: 06 October 2008 Publication History

Abstract

Disclosure analysis and control are critical to protect sensitive information in statistical databases when some statistical moments are released. A generic question in disclosure analysis is whether a data snooper can deduce any sensitive information from available statistical moments. To address this question, we consider various types of possible disclosure based on the exact bounds that a snooper can infer about any protected moments from available statistical moments. We focus on protecting static moments in two-dimensional tables and obtain the following results. For each type of disclosure, we reveal the distribution patterns of protected moments that are subject to disclosure. Based on the disclosure patterns, we design efficient algorithms to discover all protected moments that are subject to disclosure. Also based on the disclosure patterns, we propose efficient algorithms to eliminate all possible disclosures by combining a minimum number of available moments. We also discuss the difficulties of executing disclosure analysis and control in high-dimensional tables.

References

[1]

Adam, N.R., Wortmann, J.C.: Security-control methods for statistical databases: a comparative study. ACM Computing Surveys 21(4), 515-556 (1989).

[2]

Agrawal, R., Srikant, R.: Privacy-preserving data mining. In: SIGMOD Conference, pp. 439-450 (2000).

[3]

Beck, L.L.: A security mechanism for statistical databases. ACM Trans. Database Syst. 5(3), 316-338 (1980).

[4]

Brodsky, A., Farkas, C., Jajodia, S.: Secure databases: Constraints, inference channels, and monitoring disclosures. IEEE Trans. Knowl. Data Eng. 12(6), 900-919 (2000).

[5]

Buzzigoli, L., Giusti, A.: An algorithm to calculate the lower and upper bounds of the elements of an array given its marginals. In: Proceedings of the conference for statistical data protection, pp. 131-147 (1999).

[6]

Causey, B.D., Cox, L.H., Ernst, L.R.: Applications of transportation theory to statistical problems. Journal of the American Statistical Association 80, 903-909 (1985).

[7]

Chen, K., Liu, L.: Privacy preserving data classification with rotation perturbation. In: ICDM, pp. 589-592 (2005).

[8]

Chin, F.Y.L., Özsoyoglu, G.: Auditing and inference control in statistical databases. IEEE Trans. Software Eng. 8(6), 574-582 (1982).

[9]

Chowdhury, S., Duncan, G., Krishnan, R., Roehrig, S., Mukherjee, S.: Disclosure detection in multivariate categorical databases: Auditing confidentiality protection through two new matrix operators. Management Sciences 45, 1710-1723 (1999).

[10]

Cox, L.H.: On properties of multi-dimensional statistical tables. Journal of Statistical Planning and Inference 117(2), 251-273 (2003).

[11]

Cox, L.H.: Suppression methodology and statistical disclosure control. Journal of American Statistical Association 75, 377-385 (1980).

[12]

Cox, L.H.: A constructive procedure for unbiased controlled rounding. Journal of the American Statistical Association 82, 520-524 (1987).

[13]

Cox, L.H., George, J.A.: Controlled rounding for tables with subtotals. Annuals of operations research 20(1-4), 141-157 (1989).

[14]

Cox, L.H.: Network models for complementary cell suppression. Journal of the American Statistical Association 90, 1453-1462 (1995).

[15]

Dandekar, R.A., Cox, L.H.: Synthetic tabular data: An alternative to complementary cell suppression (manuscript, 2002), http://mysite.verizon.net/ vze7w8vk/syn_tab.pdf

[16]

Denning, D.E., Schlorer, J.: Inference controls for statistical databases. IEEE Computer 16(7), 69-82 (1983).

[17]

Denning, D.E., Schlörer, J.,Wehrle, E.: Memoryless inference controls for statistical databases. In: IEEE Symposium on Security and Privacy, pp. 38-45 (1982).

[18]

Dobkin, D.P., Jones, A.K., Lipton, R.J.: Secure databases: Protection against user influence. ACM Trans. Database Syst. 4(1), 97-106 (1979).

[19]

Dobra, A., Fienberg, S.E.: Bounds for cell entries in contingency tables given fixed marginal totals and decomposable graphs. Proceedings of the National Academy of Sciences of the United States of America 97(22), 11885-11892 (2000).

[20]

Domingo-Ferrer, J.: Advances in inference control in statistical databases: An overview. In: Inference Control in Statistical Databases, pp. 1-7 (2002).

[21]

Domingo-Ferrer, J., Mateo-Sanz, J.M.: Practical data-oriented microaggregation for statistical disclosure control. IEEE Trans. Knowl. Data Eng. 14(1), 189-201 (2002).

[22]

Farkas, C., Jajodia, S.: The inference problem: A survey. SIGKDD Explorations 4(2), 6-11 (2002).

[23]

Fischetti, M., Salazar, J.J.: Solving the cell suppression problem on tabular data with linear constraints. Management sciences 47(7), 1008-1027 (2001).

[24]

Fischetti, M., Salazar, J.J.: Solving the cell suppression problem on tabular data with linear constraints. Management Sciences 47, 1008-1026 (2000).

[25]

Fischetti, M., Salazar, J.J.: Partial cell suppression: a new methodology for statistical disclosure control. Statistics and Computing 13, 13-21 (2003).

[26]

Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness, p. 226. W.H. Freeman, New York (1979).

[27]

Huang, Z., Du, W., Chen, B.: Deriving private information from randomized data. In: SIGMOD Conference, pp. 37-48 (2005).

[28]

Iyengar, V.S.: Transforming data to satisfy privacy constraints. In: KDD, pp. 279- 288 (2002).

[29]

Kargupta, H., Datta, S., Wang, Q., Sivakumar, K.: On the privacy preserving properties of random data perturbation techniques. In: ICDM, pp. 99-106 (2003).

[30]

Li, N., Li, T., Venkatasubramanian, S.: t-closeness: Privacy beyond k-anonymity and l-diversity. In: ICDE, pp. 106-115 (2007).

[31]

Li, Y., Lu, H., Deng, R.H.: Practical inference control for data cubes (extended abstract). In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 115-120 (2006).

[32]

Liu, K., Kargupta, H., Ryan, J.: Random projection-based multiplicative data perturbation for privacy preserving distributed data mining. IEEE Trans. Knowl. Data Eng. 18(1), 92-106 (2006).

[33]

Machanavajjhala, A., Gehrke, J., Kifer, D., Venkitasubramaniam, M.: l-diversity: Privacy beyond k-anonymity. In: ICDE, p. 24 (2006).

[34]

Muralidhar, K., Sarathy, R.: A general aditive data perturbation method for database security. Management Sciences 45, 1399-1415 (2002).

[35]

Samarati, P., Sweeney, L.: Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. Technical report, SRI International (1998).

[36]

Schlörer, J.: Security of statistical databases: Multidimensional transformation. ACM Trans. Database Syst. 6(1), 95-112 (1981).

[37]

Schlörer, J.: Information loss in partitioned statistical databases. Comput. J. 26(3), 218-223 (1983).

[38]

Wang, K., Yu, P.S., Chakraborty, S.: Bottom-up generalization: A data mining solution to privacy protection. In: ICDM, pp. 249-256 (2004).

[39]

Wang, L., Jajodia, S., Wijesekera, D.: Securing OLAP data cubes against privacy breaches. In: IEEE Symposium on Security and Privacy, pp. 161-175 (2004).

[40]

Wang, L., Li, Y., Wijesekera, D., Jajodia, S.: Precisely answering multi-dimensional range queries without privacy breaches. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 100-115. Springer, Heidelberg (2003).

[41]

Willenborg, L., de Waal, T.: Statistical Disclosure Control in Practice. Springer, Heidelberg (1996).

Cited By

He XLu HVaidya JAdam N(2018)Secure construction and publication of contingency tables from distributed dataJournal of Computer Security10.5555/2011016.201101819:3(453-484)Online publication date: 24-Dec-2018
https://dl.acm.org/doi/10.5555/2011016.2011018
Liang BChiew KLi YYang Y(2010)Privacy disclosure analysis and control for 2D contingency tables containing inaccurate dataProceedings of the 2010 international conference on Privacy in statistical databases10.5555/1888848.1888850(1-16)Online publication date: 22-Sep-2010
https://dl.acm.org/doi/10.5555/1888848.1888850

Recommendations

Density-based microaggregation for statistical disclosure control

Protection of personal data in statistical databases has recently become a major societal concern. Statistical disclosure control (SDC) is often applied to statistical databases before they are released for public use. Microaggregation for SDC is a ...
Distributed privacy-preserving methods for statistical disclosure control
DPM'09/SETOP'09: Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security

Statistical disclosure control (SDC) methods aim to protect privacy of the confidential information included in some databases, for example by perturbing the non-confidential parts of the original databases. Such methods are commonly used by statistical ...
Disclosure risk assessment in statistical data protection
Special Issue: Proceedings of the 10th international congress on computational and applied mathematics (ICCAM-2002)

Statistical data protection, also known as statistical disclosure control, is about methods that try to prevent published statistical information (tables, individual information) from disclosing the contribution of specific respondents, who may be ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

ESORICS '08: Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security

October 2008

599 pages

ISBN:9783540883128

Editors:
Sushil Jajodia
Center for Secure Information Systems, George Mason University, Fairfax, USA VA 22030
,
Javier Lopez
Department of Computer Science, University of Malaga, Málaga, Spain 29071

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 06 October 2008

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 25 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

He XLu HVaidya JAdam N(2018)Secure construction and publication of contingency tables from distributed dataJournal of Computer Security10.5555/2011016.201101819:3(453-484)Online publication date: 24-Dec-2018
https://dl.acm.org/doi/10.5555/2011016.2011018
Liang BChiew KLi YYang Y(2010)Privacy disclosure analysis and control for 2D contingency tables containing inaccurate dataProceedings of the 2010 international conference on Privacy in statistical databases10.5555/1888848.1888850(1-16)Online publication date: 22-Sep-2010
https://dl.acm.org/doi/10.5555/1888848.1888850

View Options

View options

Media

Figures

Other

Tables

View Table of Contents