Security problems on inference control for SUM, MAX, and MIN queries

Abstract

The basic inference problem is defined as follows: For a finite set X = { x i , … , x n }, we wish to infer properties of elements of X on the basis of sets of "queries" regarding subsets of X . By restricting these queries to statistical queries, the statistical database (SDB) security problem is obtained. The security problem for the SDB is to limit the use of the SDB so that only statistical information is available and no sequence of queries is sufficient to infer protected information about any individual. When such information is obtained the SDB is said to be compromised. In this paper, two applications concerning the security of the SDB are considered: On-line application . The queries are answered one by one in sequence and it is necessary to determine whether the SDB is compromised if a new query is answered. Off-line application . All queries are available at the same time and it is necessary to determine the maximum subset of queries to be answered without compromising the SDB. The complexity of these two applications, when the set of queries consists of (a) a single type of SUM query, (b) a single type of MAX/MIN query, (c) mixed types of MAX and MIN queries, (d) mixed types of SUM and MAX/MIN queries, and (e) mixed types of SUM, MAX, and MIN queries, is studied. Efficient algorithms are designed for some of these situations while others are shown to be NP-hard.