Advertisement

Inferences from Attribute-Disjoint and Duplicate-Preserving Relational Fragmentations

  • Joachim Biskup
  • Marcel Preuß
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10833)

Abstract

The transmission of own and partly confidential data to another agent, e.g., for cloud computing, comes along with the risk of enabling the receiver to infer information he is not entitled to learn. We consider a specific countermeasure against unwanted inferences about associations between data values whose combination of attributes are declared to be sensitive. This countermeasure fragments a relation instance into attribute-disjoint and duplicate-preserving projections such that no sensitive attribute combination is contained in any projection. Though attribute-disjointness is intended to make a reconstruction of original data impossible for the receiver, the goal of inference-proofness will not always be accomplished. In particular, inferences might be based on combinatorial effects, since duplicate-preservation implies that the frequencies of value associations in visible projections equals those in the original relation instance. Moreover, the receiver might exploit functional dependencies, numerical dependencies and tuple-generating dependencies, as presumably known from the underlying database schema. We identify several conditions for a fragmentation to violate inference-proofness. Besides complementing classical results about lossless decompositions, our results could be employed for designing better countermeasures.

Keywords

Attribute-disjointness Cloud computing Database relation Confidentiality Duplicate-preservation Fragmentation Frequencies Functional dependency Inference-proofness Numerical dependency Projection Sensitive association Tuple-generating dependency 

Notes

Acknowledgment

We would like to thank Manh Linh Nguyen for stimulating discussions while he has prepared his master thesis on a partial analysis of the approach of fragmentation with encryption to protect privacy in data storage.

References

  1. 1.
    Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, Reading (1995)zbMATHGoogle Scholar
  2. 2.
    Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., Xu, Y.: Two can keep a secret: a distributed architecture for secure database services. In: 2nd Biennial Conference on Innovative Data Systems Research, CIDR 2005, pp. 186–199 (2005). Online ProceedingsGoogle Scholar
  3. 3.
    Armstrong, W.W.: Dependency structures of data base relationships. In: IFIP Congress, pp. 580–583 (1974)Google Scholar
  4. 4.
    Beeri, C., Vardi, M.Y.: Formal systems for tuple and equality generating dependencies. SIAM J. Comput. 13(1), 76–98 (1984).  https://doi.org/10.1137/0213006MathSciNetCrossRefGoogle Scholar
  5. 5.
    Benczúr, A., Kiss, A., Márkus, T.: On a general class of data dependencies in the relational model and its implication problem. Comput. Math. Appl. 21(1), 1–11 (1991)CrossRefGoogle Scholar
  6. 6.
    Biskup, J.: Selected results and related issues of confidentiality-preserving controlled interaction execution. In: Gyssens, M., Simari, G. (eds.) FoIKS 2016. LNCS, vol. 9616, pp. 211–234. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-30024-5_12CrossRefzbMATHGoogle Scholar
  7. 7.
    Biskup, J., Bonatti, P.A., Galdi, C., Sauro, L.: Optimality and complexity of inference-proof data filtering and CQE. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 165–181. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-11212-1_10CrossRefGoogle Scholar
  8. 8.
    Biskup, J., Link, S.: Appropriate inferences of data dependencies in relational databases. Ann. Math. Artif. Intell. 63(3–4), 213–255 (2011).  https://doi.org/10.1007/s10472-012-9275-0MathSciNetCrossRefGoogle Scholar
  9. 9.
    Biskup, J., Paredaens, J., Schwentick, T., Van den Bussche, J.: Solving equations in the relational algebra. SIAM J. Comput. 33(5), 1052–1066 (2004).  https://doi.org/10.1137/S0097539701390859
  10. 10.
    Biskup, J., Preuß, M.: Database fragmentation with encryption: under which semantic constraints and a priori knowledge can two keep a secret? In: Wang, L., Shafiq, B. (eds.) DBSec 2013. LNCS, vol. 7964, pp. 17–32. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-39256-6_2CrossRefGoogle Scholar
  11. 11.
    Biskup, J., Preuß, M., Wiese, L.: On the inference-proofness of database fragmentation satisfying confidentiality constraints. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 246–261. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-24861-0_17CrossRefGoogle Scholar
  12. 12.
    Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Enforcing confidentiality constraints on sensitive databases with lightweight trusted clients. In: Gudes, E., Vaidya, J. (eds.) DBSec 2009. LNCS, vol. 5645, pp. 225–239. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03007-9_15CrossRefGoogle Scholar
  13. 13.
    Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Keep a few: outsourcing data while maintaining confidentiality. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 440–455. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-04444-1_27CrossRefGoogle Scholar
  14. 14.
    Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Combining fragmentation and encryption to protect privacy in data storage. ACM Trans. Inf. Syst. Secur. 13(3), 22:1–22:33 (2010). Article no. 22CrossRefGoogle Scholar
  15. 15.
    De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Livraga, G., Paraboschi, S., Samarati, P.: Fragmentation in presence of data dependencies. IEEE Trans. Dependable Secur. Comput. 11(6), 510–523 (2014)CrossRefGoogle Scholar
  16. 16.
    Demetrovics, J., Katona, G.O.H., Sali, A.: The characterization of branching dependencies. Discrete Appl. Math. 40(2), 139–153 (1992). https://doi.org/10.1016/0166-218X(92)90027–8MathSciNetCrossRefGoogle Scholar
  17. 17.
    Denning, D.E.: Cryptography and Data Security. Addison-Wesley, Reading (1982)zbMATHGoogle Scholar
  18. 18.
    Fung, B.C.M., Wang, K., Fu, A.W.C., Yu, P.S.: Introduction to Privacy-Preserving Data Publishing - Concepts and Techniques. Chapman & Hall/CRC, Boca Raton (2011)Google Scholar
  19. 19.
    Ganapathy, V., Thomas, D., Feder, T., Garcia-Molina, H., Motwani, R.: Distributing data for secure database services. Trans. Data Privacy 5(1), 253–272 (2012)MathSciNetGoogle Scholar
  20. 20.
    Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness. Freeman, New York (1979)zbMATHGoogle Scholar
  21. 21.
    Grant, J., Minker, J.: Inferences for numerical dependencies. Theor. Comput. Sci. 41, 271–287 (1985). https://doi.org/10.1016/0304-3975(85)90075–1
  22. 22.
    Hartmann, S.: On the implication problem for cardinality constraints and functional dependencies. Ann. Math. Artif. Intell. 33(2–4), 253–307 (2001).  https://doi.org/10.1023/A:1013133428451
  23. 23.
    Kolahi, S., Libkin, L.: An information-theoretic analysis of worst-case redundancy in database design. ACM Trans. Database Syst. 35(1), 5:1–5:32 (2010).  https://doi.org/10.1145/1670243.1670248
  24. 24.
    Libkin, L.: Certain answers as objects and knowledge. Artif. Intell. 232, 1–19 (2016).  https://doi.org/10.1016/j.artint.2015.11.004
  25. 25.
    Sagiv, Y., Delobel, C., Parker Jr., D.S., Fagin, R.: An equivalence between relational database dependencies and a fragment of propositional logic. J. ACM 28(3), 435–453 (1981).  https://doi.org/10.1145/322261.322263MathSciNetCrossRefGoogle Scholar
  26. 26.
    Sali Sr., A., Sali, A.: Generalized dependencies in relational databases. Acta Cybern. 13(4), 431–438 (1998)MathSciNetzbMATHGoogle Scholar
  27. 27.
    Thalheim, B.: Entity-Relationship Modeling - Foundations of Database Technology. Springer, Heidelberg (2000).  https://doi.org/10.1007/978-3-662-04058-4CrossRefGoogle Scholar
  28. 28.
    Xu, X., Xiong, L., Liu, J.: Database fragmentation with confidentiality constraints: a graph search approach. In: Park, J., Squicciarini, A.C. (eds.) 5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015, pp. 263–270. ACM (2015)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Fakultät für InformatikTechnische Universität DortmundDortmundGermany

Personalised recommendations