一個用於統計資料庫上以控制推論的偵測機制

Abstract

統計資料庫是一種只提供統計上的資料的資料庫.使用者可以藉由一連 推 論出機密的資訊.有許多文獻討論到統計資料庫的保護,但是目前為止沒有 一種方法可以適用於任何種類的統計資料庫.有些方法不能保證絕對的安 全性,有些並不實用,有些限制住了資料庫的活用性. Chin 和 Ozsoyoglu 提出了可以檢查在統計資料庫上一個查詢是否會導至資料外洩的控制推論 的機制,它是唯一可以經由處理使用者所有的查詢來檢查是否有資料外洩 的保護方式.然而,因為它沒有考慮到資料庫的特性,使得時間和空間上造 成很大的浪廢,尤其當統計資料庫是隨時有新資料的加入及舊資料的刪除 時,會使系統在空間及時間上的花費趨近無限.在本篇論文中,我們提出了 一個以Chin及Ozsoyoglu的方法為基礎的偵測機制,但是提供了較高的效 率.即使在動態的統計資料庫上,我們的偵測機制也能使空間和時間的花費 在有限的範圍之內.此外,我們的偵測機制也可輕易的解決保護特定資料群 的問題. DB (Statistical Databases) is the database which contains recordsescribing individuals but only statistical information is availa-le. Users may be able to compromise database by asking a seriesf questions and then inferring confidential information from thenswers. There are many literatures in the area of SDB. But no oneo date proposed a protection mechanism that is suitable for allypes of SDBs. Some of them cannot guarantee absolute security, orre impractical, while others limit the usefulness of the SDBs.hin and Ozsoyoglu proposed an inference control mechanism whichan check whether or not a query will lead to the compromise of aDB. It can manage the past history of user's queries, reduces andtores sequences of the answered queries in finite storages. How-ver, it is ineffective because it does not consider the charact-ristics of databases, and it is infeasible because the time andtorage requirements of their mechanism will become infinite whenhe records of a SDB is dynamically updated. In this thesis, weropose an audit mechanism which is based on Chin and Ozsoyoglu'sodel but provides higher efficiency. Our audit mechanism is feas-ble because the time and storage requirements are finite even he SDB is dynamic.