CSC 405 Introduction to Computer Security



Similar documents
Computer Security (EDA263 / DIT 641)

Database and Data Mining Security

Database Security. Database Security Requirements

Computer Security (EDA263 / DIT 641)

MULTILATERAL SECURITY. Based on chapter 9 of Security Engineering by Ross Anderson

DATA MINING - 1DL360

CS377: Database Systems Data Security and Privacy. Li Xiong Department of Mathematics and Computer Science Emory University

Database Security. Sarajane Marques Peres, Ph.D. University of São Paulo

INFO/CS 330: Applied Database Systems

Adverse Impact Ratio for Females (0/ 1) = 0 (5/ 17) = Adverse impact as defined by the 4/5ths rule was not found in the above data.

Class 19: Two Way Tables, Conditional Distributions, Chi-Square (Text: Sections 2.5; 9.1)

Database security. André Zúquete Security 1. Advantages of using databases. Shared access Many users use one common, centralized data set

Database Security. The Need for Database Security

DATA MINING - 1DL105, 1DL025

B A S I C S C I E N C E S

Security and Authorization. Introduction to DB Security. Access Controls. Chapter 21

Is it statistically significant? The chi-square test

Automated SEO. A Market Brew White Paper

Database Security. Chapter 21

Ch.5 Database Security. Ch.5 Database Security Review

EXAM. Exam #3. Math 1430, Spring April 21, 2001 ANSWERS

DATABASE SECURITY - ATTACKS AND CONTROL METHODS

How to Select a National Student/Parent School Opinion Item and the Accident Rate

Query 0BBP_INV_Q002 - Invoices per Vendor

Intro to Data Analysis, Economic Statistics and Econometrics

CS346: Advanced Databases

Capturing Database Transformations for Big Data Analytics

CHAPTER 13 SIMPLE LINEAR REGRESSION. Opening Example. Simple Regression. Linear Regression

Workbook 2 Overheads

COSC344 Database Theory and Applications. Lecture 23 Security and Auditing. COSC344 Lecture 23 1

Choices, choices, choices... Which sequence database? Which modifications? What mass tolerance?

Database Security. Soon M. Chung Department of Computer Science and Engineering Wright State University

Chapter 23. Database Security. Security Issues. Database Security

Computer Security: Principles and Practice

IBM SPSS Statistics for Beginners for Windows

IBM SPSS Direct Marketing 23

PRIVACY IN STATISTICAL DATABASES: AN APPROACH USING CELL SUPPRESSION NEELABH BAIJAL. Department of Computer Science

IBM SPSS Direct Marketing 22

Guide To Your USAA Investment Management Company Understanding Your USAA Mutual Fund IRS Form 1099-B For Tax Year 2013

CS2Bh: Current Technologies. Introduction to XML and Relational Databases. The Relational Model. The relational model

Knowledge Discovery and Data Mining. Structured vs. Non-Structured Data

Functional Dependencies and Finding a Minimal Cover

Overview of Component Search System SPARS-J

5.5. Solving linear systems by the elimination method

DALHOUSIE NOTES ON PAYROLL EXPENSE DETAIL IN FINANCE SELF SERVICE. QUICK REFERENCE As of September 1, 2015

August Page 1 PSA

CHAPTER IV FINDINGS AND CONCURRENT DISCUSSIONS

End-to-end Protection of Web Services. Tracking. Hao Chen and Benjamin Davis UC Davis. Web services are highly attractive targets

This Course. Modelling and Analysing of Security Protocol: Lecture 1. Introductions to Modelling Protocols. Course Outline. Course Outline.

SUBQUERIES AND VIEWS. CS121: Introduction to Relational Database Systems Fall 2015 Lecture 6

Canadian Individual Critical Illness Insurance Morbidity Experience

Engineering Problem Solving and Excel. EGN 1006 Introduction to Engineering

Port evolution: a software to find the shady IP profiles in Netflow. Or how to reduce Netflow records efficiently.

Math/Stat 394 Homework 2

03 The full syllabus. 03 The full syllabus continued. For more information visit PAPER C03 FUNDAMENTALS OF BUSINESS MATHEMATICS

The Relational Model. Why Study the Relational Model?

Database Design and Database Programming with SQL - 5 Day In Class Event Day 1 Activity Start Time Length

Procedia Computer Science 00 (2012) Trieu Minh Nhut Le, Jinli Cao, and Zhen He. trieule@sgu.edu.vn, j.cao@latrobe.edu.au, z.he@latrobe.edu.

Implementation exercises for the course Heuristic Optimization

Information Theory and Coding Prof. S. N. Merchant Department of Electrical Engineering Indian Institute of Technology, Bombay

BI Requirements Checklist

MATH10212 Linear Algebra. Systems of Linear Equations. Definition. An n-dimensional vector is a row or a column of n numbers (or letters): a 1.

ALGEBRA 2/TRIGONOMETRY

Linear Codes. Chapter Basics

Question 2: How do you solve a matrix equation using the matrix inverse?

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Cloud and Big Data Summer School, Stockholm, Aug Jeffrey D. Ullman

How To Create A Table In Sql (Ahem)

National specific template Log NS.09 best estimate assumptions for life insurance risks

CS3220 Lecture Notes: QR factorization and orthogonal transformations

Recognizing and resolving Chasm and Fan traps when designing universes

SECURE UNIVERSES USING RESTRICTION SETS

2. Basic Relational Data Model

FUZZY CLUSTERING ANALYSIS OF DATA MINING: APPLICATION TO AN ACCIDENT MINING SYSTEM

Access Control Matrix

Problem of the Month The Wheel Shop

Overview. Database Security. Relational Database Basics. Semantic Integrity Controls. Access Control Rules- Name dependent access

Chapter 23. Database Security. Security Issues. Database Security

Module outline. CS 458 / 658 Computer Security and Privacy. (Relational) Databases. Module outline. Module 6 Database Security and Privacy.

Anti-Gaming in the OnePipe Optimal Liquidity Network

Calculating P-Values. Parkland College. Isela Guerra Parkland College. Recommended Citation

Relational Database: Additional Operations on Relations; SQL

10 th POLISH SUDOKU CHAMPIONSHIP INSTRUCTION BOOKLET. February 22, 2015 IMPORTANT INFORMATION:

CS 458 / 658 Computer Security and Privacy. Module outline. Module outline. Module 6 Database Security and Privacy. Winter 2010

Solving Systems of Linear Equations Using Matrices

Database Design and Normal Forms

Utilizing Microsoft Excel for Human Resources Management By Palani Murugappan

Databases -Normalization III. (N Spadaccini 2010 and W Liu 2012) Databases - Normalization III 1 / 31

An Informal Survey of Calculus and Physics requirements in Engineering Technology. Harvey Lyons and M. L. Brake. School of Engineering Technology

Information Security and Risk Management

Chapter 14. Web Extension: Financing Feedbacks and Alternative Forecasting Techniques

The Relational Model. Why Study the Relational Model? Relational Database: Definitions

BM482E Introduction to Computer Security

Privacy Preserving Outsourcing for Frequent Itemset Mining

Hidden Markov Models

PROC LOGISTIC: Traps for the unwary Peter L. Flom, Independent statistical consultant, New York, NY

Lecture 6. SQL, Logical DB Design

Degeneracy in Linear Programming

DATA VALIDATION and CONDITIONAL FORMATTING

Shut down management For Coal handling plant of thermal power station A New Approach 1.0 Abstract: Introduction: -

Transcription:

omputer Science S 45 Introduction to omputer Security Topic 6.: Database Inference ontrol Outline Inference attacks Direct attacks (no inference needed) Indirect attacks via aggregations Tracker attacks Inference via linear systems Inference via database constraints Inference control Limited Response Suppression ombining results Random sample Random data perturbation Query analysis omputer Science

Direct ttacks Name Sex Race id ines Drugs Dorm dams 5 45 ailey hin Dewitt 5 Earhart 95 ein 5 Groff 4 Hill 5 Koch Liu ajors Query List NE Where SEX= ^ DRUGS= Results: omputer Science Direct ttacks (ont d) Name dams ailey hin Dewitt Earhart ein Groff Hill Koch Liu ajors Sex Query List NE where (SEX= ^ DRUGS=) (SEX!= ^ SEX!=) (DOR=YRES) Result= omputer Science Race id 5 4 5 ines 45 5 95 5 Drugs Dorm 4

Direct ttacks (ont d) Protect against direct attacks n items over k percent rule Data should be withheld if n items represent over k% of the result reported. dopted by U.S. ensus ureau Intuition: do not reveal results where a small number of records make up a large proportion of the category. Release only statistics Examples: sum, average, count, etc. omputer Science 5 Indirect ttacks via ggregations Sums of inancial id by Dorm and Sex Total 5 4 7 4 Total 8 emale Students Living in Name Liu Try to infer a sensitive value from a reported sum. What can we infer for the female students living in? s financial aid = omputer Science 6

Indirect ttacks via ggregations (ont d) ount of inancial id by Dorm and Sex Total 5 6 Total 4 4 ale Students Living in or Name dams Groff Dorm With additional counts, what can we further infer? s financial aid = s financial aid = omputer Science 7 Tracker ttacks DS protection llow aggregation of sensitive attributes only when the number of data items that constitute the aggregate is more than a threshold t. Trackers defeats this protection by using additional queries. omputer Science 8 4

Tracker ttacks (ont d) Name Sex Race id ines Drugs Dorm dams 5 45 ailey hin Dewitt 5 Earhart 95 ein 5 Groff 4 Hill 5 Koch Liu ajors Query Sum ((Sex=) ^ (Race=) ^ (Dorm=)) Is this allowed? omputer Science 9 Tracker ttacks (ont d) sum (a^b^c) = sum(a) sum (a^ (b^c)) sum ((Sex=) ^ (Race=) ^ (Dorm=)) is equivalent to sum (Sex=) sum ((Sex=)^(Race!= Dorm!= ) omputer Science 5

Tracker ttacks (ont d) Name Sex Race id ines Drugs Dorm dams 5 45 ailey hin Dewitt 5 Earhart 95 ein 5 Groff 4 Hill 5 Koch Liu ajors ount ((Sex=) ^ (Race=) ^ (Dorm=)) = = omputer Science Tracker ttacks (ont d) q() is disallowed = ^ T= ^ ~ Tracker q()=q() q(t) omputer Science 6

Inference via Linear Systems Generalization of the Tracker attacks We can get a sequence of linear equations through a sequence of queries Variables: sensitive values Q = c + c + c + c4 + c5 Q = c + c + c4 Q = c + c4 Q4 = c4 + c5 Q5 = c + c5 5 = ((Q Q) (Q Q4))/. omputer Science Inference via Database onstraints Integrity constraints Database dependencies Key integrity omputer Science 4 7

Integrity onstraints =+ =public, =public, and =secret can be calculated from and, i.e., secret information can be calculated from public data omputer Science 5 Database Dependencies Knowledge about the database could be used to make inference unctional dependencies ulti-valued dependencies Join dependencies etc. omputer Science 6 8

unctional Dependency D:, that is for any two tuples in the relation, if they have the same value for, they must have the same value for. Example: D: Rank Salary Secret information: Name and Salary together Query: Name and Rank Query: Rank and Salary ombine answers for query and to reveal Name and Salary together omputer Science 7 Inference ontrols Two ways Suppression Sensitive data values are not provided Query is rejected without response oncealing The answer provided is close to but not exactly the actual value. oth can be applied to either queries or individual items within the database. omputer Science 8 9

Limited Response Suppression Suppression technique Eliminate low-frequency elements Not always work. Student by Dorm and Sex Total -- -- 5 -- 6 Total 4 4 What are the suppressed values? omputer Science 9 ombining Results Suppression techniques ombine rows or columns to protect sensitive values. Present results in ranges Rounding Students by Sex and Drug Use Sex Drug Use Sex or Drug Use or omputer Science

Random Sample oncealing technique Use random sample of the database to answer queries. The same sample set should be chosen for equivalent queries. Prevent averaging attacks omputer Science Random Data Perturbation oncealing technique Perturb the values of the database by a small error. Statistical measures such as sum and mean will be close. Easier than random sample. omputer Science

Query nalysis Suppression technique Decide whether a result should be provided through analyzing queries and their implications. Need to maintain a query history Difficult to know what a user knows from out-ofband ways. omputer Science ethodologies of Inference ontrol Suppress obviously sensitive information Easy to do, but tend to be over restrictive Track what user knows Very expensive Query history annot deal with conspiracy Disguise data Sacrifice the quality of data omputer Science 4

onclusions No general technique is available to solve the problem Need assurance of protection Hard to incorporate outside knowledge omputer Science 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information