A Formal Analysis of Information Disclosure in Data Exchange

13 years 3 hour ago
A Formal Analysis of Information Disclosure in Data Exchange
We perform a theoretical study of the following queryview security problem: given a view V to be published, does V logically disclose information about a confidential query S? The problem is motivated by the need to manage the risk of unintended information disclosure in today's world of universal data exchange. We present a novel information-theoretic standard for query-view security. This criterion can be used to provide a precise analysis of information disclosure for a host of data exchange scenarios, including multi-party collusion and the use of outside knowledge by an adversary trying to learn privileged facts about the database. We prove a number of theoretical results for deciding security according to this standard. We also generalize our security criterion to account for prior knowledge a user or adversary may possess, and introduce techniques for measuring the magnitude of partial disclosures. We believe these results can be a foundation for practical efforts to secur...
Gerome Miklau, Dan Suciu
Added 08 Dec 2009
Updated 08 Dec 2009
Type Conference
Year 2004
Authors Gerome Miklau, Dan Suciu
Comments (0)