Database Reference
In-Depth Information
Query A:
SELECT COUNT (
*
) FROM CUSTOMER
WHERE CustCity
=
'Any City' AND CustGender
=
'F' AND
IncomeLevel
=
'High”
Query B:
SELECT AVG (Balance) FROM CUSTOMER
WHERE CustCity
=
'Any City' AND CustGender
=
'F' AND
IncomeLevel
=
'High”
If result from Query A is 1, then Query B gives the account balance
for the specific customer.
If result from Query A is 2 or 3, issue additional queries by including
statistical functions of MAX, MIN, SUM to get a precise range for the
account balance for the specific customer.
Figure 16-8
Ingenuous queries isolating individual records.
customer Jane Doe may be determined. Assume that the infiltrator knows some
basic information about Jane Doe.
Solution Options
Safeguarding privacy and confidentiality in a statistical data-
base proves to be difficult. The standard method of granting access privileges does
not work. In addition to discretionary and mandatory techniques, other restrictions
must be enforced on queries.
Here is a list of some solution options. None of them is completely satisfactory.
Combinations of some of the options seem to be effective. Nevertheless, protection
of privacy and confidentiality in statistical databases is becoming more and more
essential.
Only statistical functions.
Allow only statistical functions in queries.
Same sample.
Reject series of queries to the same sample set of records.
Query types.
Allow only those queries that contain statistical or mathematical
functions.
Number of queries.
Allow only a certain number of queries per user per unit time.
Query thresholds.
Reject queries that produce result sets containing fewer than
n
records, where
n
is the query threshold.
Query combinations.
The result set of two queries may have a number of common
records referred to as the intersection of the two queries. Impose a restriction saying
that no two queries may have an intersection larger than a certain threshold number.
Data pollution.
Adopt data swapping. In the case of the bank database, swap
balances between accounts. Even if a user manages to read a single customer's
Search WWH ::
Custom Search