Dynamic inference control

Staddon, Jessica

doi:10.1145/882082.882103

Cited by 35 publications

(19 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The closest approach to ours is the one presented by Staddon [20]. In her paper, Staddon presented a dynamic inference control scheme that does not depend on user query history.…”

Section: Related Workmentioning

confidence: 99%

Collusion Resistant Inference Control for Cadastral Databases

Khalil¹,

Gabillon²,

Capolsini³

2014

Foundations and Practice of Security

View full text Add to dashboard Cite

Abstract. In this paper we present a novel inference control technique, based on graphs, to control the number of accessible parcels in a cadastral database. Different levels of collusion resistance are introduced as part of the approach. The dynamic aspect of the cadastral application, caused by mutation operations, is handled. We propose a scheme for gradually resetting the inference graph allowing continuous access to the data.

show abstract

“…The closest approach to ours is the one presented by Staddon [20]. In her paper, Staddon presented a dynamic inference control scheme that does not depend on user query history.…”

Section: Related Workmentioning

confidence: 99%

Collusion Resistant Inference Control for Cadastral Databases

Khalil¹,

Gabillon²,

Capolsini³

2014

Foundations and Practice of Security

View full text Add to dashboard Cite

show abstract

“…Developing technological solutions to detecting database inference is complex. Much of the work done in this area involves revoking access to specific database objects based on a user's past querying history (Staddon, 2003). The problem with inference detection, especially when done at query processing time, is that it results in a significant delay between the time the query is executed and the results are presented.…”

Section: Database Inferencementioning

confidence: 99%

Database Security: What Students Need to Know

Murray

2010

JITE:IIP

View full text Add to dashboard Cite

“…Tools and techniques for ensuring inference control without user privacy can be found in [43,32,47].…”

Section: Related Workmentioning

confidence: 99%

“…It is straightforward to modify our protocols to protect against collusion -we simply permit each user to access less of each channel. The same technique is used in [47] to ensure collusion-resistant inference control without privacy, however it is easily adopted in our setting as it only depends on server knowledge of the number of queries a user has made not the content of the queries. Adjusting the definition is similarly straightforward, one would instead consider malicious users, U * 1 , .…”

Section: Inference Controlmentioning

confidence: 99%

Private inference control

Woodruff

Staddon

2004

Proceedings of the 11th ACM Conference on Computer and Communications Security

Self Cite

View full text Add to dashboard Cite

Access control can be used to ensure that database queries pertaining to sensitive information are not answered. This is not enough to prevent users from learning sensitive information though, because users can combine non-sensitive information to discover something sensitive. Inference control prevents users from obtaining sensitive information via such "inference channels", however, existing inference control techniques are not private -that is, they require the server to learn what queries the user is making in order to deny inference-enabling queries.We propose a new primitive -private inference control (PIC) -which is a means for the server to provide inference control without learning what information is being retrieved. PIC is a generalization of private information retrieval (PIR) and symmetrically-private information retrieval (SPIR). While it is straightforward to implement access control using PIR (simply omit sensitive information from the database), it is nontrivial to implement inference control efficiently. We measure the efficiency of a PIC protocol in terms of its communication complexity, its round complexity, and the work the server performs per query. Under existing cryptographic assumptions, we give a PIC scheme which is simultaneously optimal, up to logarithmic factors, in the work the server performs per query, the total communication complexity, and the number of rounds of interaction. We also present a scheme requiring more communication but sufficient storage of state by the server to facilitate private user revocation. Finally, we present a generic reduction which shows that one can focus on designing PIC schemes for which the inference channels take a particularly simple threshold form.

show abstract

Dynamic inference control

Cited by 35 publications

References 20 publications

Collusion Resistant Inference Control for Cadastral Databases

Collusion Resistant Inference Control for Cadastral Databases

Database Security: What Students Need to Know

Private inference control

Contact Info

Product

Resources

About