Rounding and Inference Controlin Conceptual Models for Statistical Databases

A statistical database (SDB) is a database that is used to provide simple summary statistics (e.g., SUM, COUNT, MAX, MEDIAN, etc.) about populations stored in the database and that supports statistical data analysis. When SDB users infer protected information in the SDB from responses to queries, we say that the SDB is compromised. The security problem of SDB is to allow simple summary statistics about protected information in the SDB while preventing compromise. In this paper, we investigate the effectiveness of rounding in statistical databases as a protection technique for SUM and COUNT queries. We consider the generalization hiermchy of the Data Abstraction model and assume there are four different types of inference mechanisms (called R1-R4 range reductions) available for SDB users. For a two-level generalization hierarchy, we find (a) necessary conditions for compromise, and (b) a necessary and sufficient condition for eliminating R1-R4 range reductions. We then describe a procedure for choosing a round-ing base for a tree-organized generalization hierarchy that allows range reductions, but guarantees a minimum range size for protected values in the hierarchy.