Enhancing the controlled disclosure of sensitive information

Abstract

The so-called “aggregation problem” is addressed, where the issue is how to release only a limited part of an information resource, and foil any attacks by users trying to aggregate information beyond the preset limits. The framework is that of relational databases, where sensitive information can be defined flexibly using view definitions. For each such view, the tuples that have already been disclosed are recorded in tensionally rather than extensionally; that is, at each point, sub-view definitions are maintained that describe all the sensitive tuples that have been released to each individual. While our previous work foiled sequences of single-query attacks attempted by individual users, it did not consider multi-query attacks, where a combination of queries is used to invade the sensitive information. In this study we enhance our previous solutions to guard the sensitive information against two kinds of multi-query attacks: join attacks, and complement attacks.: We then argue that the enhanced algorithm renders the sensitive information immune to attacks.