CVC - PowerPoint PPT Presentation
1 / 32
Title: CVC
1
The Protection of Numerical Information in
Databases
Daniel O. Rice Loyola College in Maryland (with
Robert Garfinkel and Ram Gopal University of
Connecticut)
Presentation at Lomonosov Moscow State
University Tuesday, 23rd of October,
2007 Problems of Modern Information Systems Series
2
Database Security Objective
Maximize the utility of information provided to
users while maintaining the security of
confidential information.
Original Database
Secure Database
User Query
Query Answer
3
Confidentiality-Related
Identity-Related
Confidential
- Security Considerations
- Disclosure of Confidential Information
- Identity Disclosure
4
Protection of Confidential Information
- Perturbation
- Camouflage
5
Perturbation
82.32
-19.68
- Data Swapping/Shuffling
- Binning
6
Perturbation
7
Camouflage
- Interval Answers
- Answer Guarantee
- Interval Protection
- Storage Efficiency
- Computational Efficiency
- Good Query Answers
Record 2
Record 1
8
Camouflage - Polytope
9
Illustration of the CVC Approach
Non-Confidential Data
10
Confidential Numeric Data
11
Protection
12
CVC-POL Example DB table ( a interior to )
13
CVC-POL in 3-D
Record 3
Record 2
Record 1
14
(55,31)
Protection
Protection
15
(No Transcript)
16
CVC Basics
- Every query q f(a) is answered with the
interval q - , q , such that
and
where
and
17
Insider Threats - Data
Camouflage - Polytope
u2
Record 2
l2
Record 1
l1
u1
18
(No Transcript)
19
CVC-STAR
- Protects against insider data information
- Vulnerable to insider algorithm information
- is not a convex set
- Flexibility
20
CVC-STAR in 3-D
Record 2
Record 3
Record 1
21
(No Transcript)
22
CVC-Star Example SUM Query
- Users Query
- What is the SUM of salaries of all employees
of Company B?
23
CVC-Star Example SUM Query
I1 227 , 229 I2 229 , 232 I3 219
, 230 I4 229 , 232 I5 228 , 232
I 219 , 232
24
Solving SUM / MEAN Queries w/ CVC-STAR
What is the MEAN salary of all employees of
Company B?
- T 2 , 4 , 5 , 9 , 11
- ICVC-STAR 43.8 , 46.4
- ICVC-POL 44.2 , 46.8
25
Solving Regression Queries w/ CVC STAR
What is the correlation between the salaries of
all employees of Company B and some independent
variable X?
- MIN and MAX b0 and b1 at and
, or the reverse. - R2 is found by evaluating the below expression
26
Regression Results
Low Correlation Medium Correlation High
Correlation
27
CVC-POL
Answering queries with techniques...
CVC-STAR
- Vulnerable to insider algorithm threat
- Simpler to solve, no need for heuristics
- Actual data must be stored and used
- Vulnerable to insider data information threat
- Solved by 4 classes of efficient minimal access
algorithms - No need to store or use actual data
Can CVC be improved using combinations of
techniques?
28
Computational Experience
- Evaluate the relative performance of CVC-STAR and
CVC-POL - DB of 1,000 record
- 5 Non-Confidential fields A1,...,A5
- 1 Confidential field (log-normal dist.)
- 600 queries (selection criteria on A1,...,A5)
29
Average Percent Improvement in Answers using
CVC-STAR compared to CVC-POL
30
Relative Performance of CVC-STAR and CVC-INTPOL
31
Conclusions / Ongoing Research
- CVC POL and CVC-STAR can protect data
confidentiality - CVC-STAR outperforms CVC POL in computational
efficiency and answer quality - Each is vulnerable to insider information threat
- CVC-POL vulnerable to insider data threats
- CVC-STAR vulnerable to insider algorithm threats
- CVC-STAR can be used to provide flexible quality
query answers in a market for private information
(IEEE Transactions on Systems, Man, and
Cybernetics) - The optimal choice of protecting sets for
specific insider information threats.
32
End / Questions
?
