Fourth European Symposium on Research in Computer Security (ESORICS 96)
Enhancing the Controlled Disclosure of Sensitive Information
Donald S. Marks, Amihai Motro, Sushil Jajodia
Keywords :
Abstract : The so-called "aggregation problem" is addressed, where the issue is how to release only a limitedpart of an information resource, and foil any attacks by users trying to aggregate information beyond the preset limits. The framework is that of relational databases, where sensitive information can be defined flexibly using view definitions. For each such view, the tuples that have already been disclosed are recorded intensionally rather than extensionally; that is, at each point, sub-view definitions are maintained that describe all the sensitive tuples that have been releaced to each individual. While our previous work foiled sequences of single-query attacks attempted by individual users, it did not consider multi-query attacks, where a combination of queries is used to invade the sensitive information. In this study we enhance our previous solutions to guard the sensitive information against two kinds of multi-query attacks: join attacks, and complement attacks: We then argue that the enhanced algorithm renders the sensitive information immune to attacks.
(Pages 290-303)