Preserving Privacy in Data Cubes

Lingyu Wang, Research Assistant
Center for Secure Information Systems at George Mason University


Abstract

Data cube is one of the most popular data models for decision support systems. However, answering data cube queries with insufficient security scrutiny may disclose sensitive information in underlying data and consequently breach an individual's privacy. Such inappropriate disclosures can be caused by not only unauthorized accesses but also inferences using legitimate queries. Existing security countermeasures either ignore the inferences or inflict a prohibitive performance penalty in detecting the inferences. In the first part of this talk, I will extend two existing inference control methods in statistical databases, the cardinality-based method by Dobkin et al. and the auditing method by Chin et al., to data cubes. Although both extensions produce better results, they do not lead to practical solutions due to inherited limitations. In the second part of the talk, I will introduce a novel lattice-based method. The method removes unrealistic assumptions in previous approaches. It prevents both unauthorized accesses and inferences. Moreover, it reduces the complexity of inference control to a practical level. In addition, I will give a brief overview of my research and describe some future work.