On Range Query Usability of Statistical Databases

Abstract

<p>A <i>statistical database</i> is a database which is used to obtain statistical information about subsets of records. Unlike in ordinary databases, the user is not allowed to query individual records in the statistical database. However, using only statistical types of queries, it is often possible to make inferences about individual records.</p>The security problem for statistical databases is to provide a control mechanism which would make available as much statistical information as possible, without revealing sensitive statistics [1]. A statistic is called <i>sensitive</i> if it reveals 'too much' confidential information, where 'too much' is defined by a security policy. Any statistic that reveals confidential individual data is always sensitive. Because of supplementary knowledge, that is, the knowledge that users may get from other sources, statistics that reveal information about any subset of k or less records, rather than just a single record, may be considered sensitive. In that case, if the disclosure of a statistic based on k or less records occurs, we say that the database is k-compromised. Thus, revealing individual confidential data can be considered to be a 1-compromise. The definition of several types of compromise in terms of supplementary knowledge is given in [12].</p>