tailieunhanh - The Tracker: A Threat to Statistical Database Security
Alternatively, a DBMS client can submit DBMS commands that reference SQL stored procedures. These stored procedures translate the request into commands that the SAS servers that are running on the DBMS head node execute. Again, when these SAS jobs reference SAS formats, scoring models, or procedures that run inside the DBMS, they execute on the DBMS data nodes. The capability for SAS servers to run inside the DBMS results in a very powerful and flexible environment. SAS solutions are built on top of these servers. These solutions can be deployed on the DBMS head node along with the SAS. | The Tracker A Threat to Statistical Database Security DOROTHY E. DENNING and PETER J. DENNING Purdue University and MAYER D. SCHWARTZ Tektronix Inc. The query programs of certain databases report raw statistics for query sets which are groups of records specified implicitly by a characteristic formula. The raw statistics include query set size and sums of powers of values in the query set. Many users and designers believe that the individual records will remain confidential as long as query programs refuse to report the statistics of query sets which are too small. It is shown that the compromise of small query sets can in fact almost always be accomplished with the help of characteristic formulas called trackers. Schlorer s individual tracker is reviewed it is derived from known characteristics of a given individual and permits deducing additional characteristics he may have. The general tracker is introduced It permits calculating statistics for arbitrary query sets without requiring preknowledge of anything in the database. General trackers always exist if there are enough distinguishable classes of individuals in the database in which case the trackers have a simple form. Almost all databases have a general tracker and general trackers are almost always easy to find. Security is not guaranteed by the lack of a general tracker. Key Words and Phrases confidentiality database security data security secure query functions statistical database tracker OR Categories 1. INTRODUCTION Statistical databases must supply statistical summaries about a population without revealing particulars about any one individual. Yet statistical summaries contain vestiges of the original information A questioner may be able to deduce the original information by processing the summaries. When this happens the personal records are compromised. Database designers and users would like to know when compromise is possible and if so how easy it is. We studied these questions in the context
đang nạp các trang xem trước