A formal analysis of information disclosure in data exchange
作者:
Highlights:
•
摘要
We perform a theoretical study of the following query-view security problem: given a view V to be published, does V logically disclose information about a confidential query S? The problem is motivated by the need to manage the risk of unintended information disclosure in today's world of universal data exchange. We present a novel information-theoretic standard for query-view security. This criterion can be used to provide a precise analysis of information disclosure for a host of data exchange scenarios, including multi-party collusion and the use of outside knowledge by an adversary trying to learn privileged facts about the database. We prove a number of theoretical results for deciding security according to this standard. We also generalize our security criterion to account for prior knowledge a user or adversary may possess, and introduce techniques for measuring the magnitude of partial disclosures. We believe these results can be a foundation for practical efforts to secure data exchange frameworks, and also illuminate a nice interaction between logic and probability theory.
论文关键词:Database security,Information disclosure,Inference control,Privacy
论文评审过程:Received 15 January 2005, Revised 3 March 2006, Available online 13 November 2006.
论文官网地址:https://doi.org/10.1016/j.jcss.2006.10.004