Abstract
Disclosure control methods in statistical databases often rely on modifying responses to queries while approximately maintaining values of aggregate statistics. Response modification schemes suggested in the literature have adopted one of two extreme measures; the responses for repeated queries are either independent or they are totally dependent. In the former case the risk of disclosure through repeated queries is extremely high, while the latter approach suffers from the problems of increased risks under tracker attack and the possibility of a consensus on an incorrect inference. Our proposed response modification scheme based on autoregressive noise addresses each of these problems. We have shown that under our scheme the reduction in the variance of an estimator based on repeated queries is significantly less than in the case of disclosure control methods which provide independent responses. Furthermore, the modified responses cross frequently to both sides of the true value, thus preventing a possible consensus on an incorrect inference. Most significantly, the risk of disclosure under tracker attack is significantly less under our method than when a data perturbation method is in place.
| Original language | English |
|---|---|
| Title of host publication | IFIP Transactions A |
| Subtitle of host publication | Computer Science and Technology |
| Publisher | Elsevier Science |
| Pages | 211-224 |
| Number of pages | 14 |
| Edition | A21 |
| ISBN (Print) | 0444898891 |
| State | Published - 1993 |
| Externally published | Yes |
| Event | Proceedings of the IFIP WG11.3 Workshop on Database Security - Vancouver, Can Duration: Aug 19 1992 → Aug 21 1992 |
Conference
| Conference | Proceedings of the IFIP WG11.3 Workshop on Database Security |
|---|---|
| City | Vancouver, Can |
| Period | 8/19/92 → 8/21/92 |
ASJC Scopus Subject Areas
- General Engineering