Databases Reference
In-Depth Information
2.
Generalization:
Replace a numeric or categorical value by a more general
value. For numeric values, it could be a range that covers the original value
and for categorical data, this may be a more generic class, e.g., an ancestor
node in a taxonomy tree.
3.
Swapping:
Take two different records in the data set and swap the values
of a specific attribute (say, the salary value is swapped between the records
corresponding to two individuals).
Of all the disclosure-control methods, the one that has been primarily uti-
lized to realize DAS functionalities is that of generalization. The nature of
disclosure in information hiding based schemes is different from that in cryp-
tographic schemes. In the latter, the disclosure risk is inversely proportional to
the diculty of breaking the encryption scheme and if broken, it means there
is complete disclosure of the plaintext values. In contrast, the information
disclosure in information hiding approaches could be partial or probabilistic
in nature. That is, there could be a non-negligible probability of disclosure of
a sensitive value given the transformed data, e.g., the bucket identity might
give a clue regarding the actual value of the sensitive attribute.
In this section, we will primarily concentrate on the information hiding
based approach and show how it has been utilized to support SQL queries. As
will be clear, information hiding approaches can be used to support compari-
son operators on the server and can hence be the basis for implementing SPJ
(select-project-join) queries. They can also support sorting and grouping op-
erators. Such techniques, however, cannot support aggregation at the server.
A few papers [27, 24] have combined an information hiding approach with
PH to support both server-side aggregation as well as SPJ queries. Of course,
with PH being used for aggregation, these techniques become vulnerable to
diverse types of attacks. In the remainder of the section, we will concentrate
on how information hiding techniques are used to support SPJ queries. We
will use the query processing architecture proposed in [22, 26] to explain the
approach.
Query Processing Architecture for DAS [26]
Figure 1 illustrates the control flow for queries in DAS where information
hiding technique is used to represent data at the server. The figure illustrates
the three primary entities of the DAS model:
user
,
client
and
server
.The
client stores the data at the server which is hosted by the service provider and
this is known as the
server-side
. The data is stored in an encrypted format
at the server-side at all times for security purposes. The encrypted database
is augmented with additional information (secure indexes) that allows certain
amount of query processing to occur at the server without jeopardizing data
privacy. The client also maintains
metadata
for translating user queries to the
appropriate representation on the server, and performs post-processing on
server-query results. Based on the auxiliary information stored, the original
