Security Control With Discrete Mathematics
Question asked by smriti in #Coffee Room on Dec 16, 2011
smriti · Dec 16, 2011
Rank C3 - EXPERT
In the age of data and databases that hold them, there is always the need to check for proper security control. Statistical Databases are one such data storage system which require privacy and confidentiality. Such Statistical databases (SDBs) are collections of data that are used to gather and analyze information from a variety of sources. Data content may vary from voter registrations to medical records or any data that in an organized form provides information.
Because databases are huge and hence need multiple processes and controls, it becomes a rather complex task for organizations to provide an adequate amount of security. This issue has been highlighted by Rudolf Ahlswede and Harout Aydinian in their paper <em>SIAM Journal on Discrete Mathematics. </em>
![[IMG]](proxy.php?image=http%3A%2F%2Fwww.crazyengineers.com%2Fwp-content%2Fuploads%2F2011%2F12%2Fxkcd_ip_over_demographic.png&hash=d7dbc0f9d73ad31dfce7219fdbbfcc67)
While maintaining security has always been a knotty task, it can not be done without. Plus with statistical databases, there is a risk that confidential information about an individual's record may be deliberately compromised, making security control all the more critical. Enough data about an individual's record can be derived just by correlating particular statistics. Usually, statistical databases only accept queries that involve specific statistical functions (such as sum, average, count, min, max, etc.) but this method is highly susceptible to compromise.
To counter this, Query restriction is one approach that is used for security control. A "query request" extracts a subset of data from a database fulfilling set of conditions. With query restriction, the kind and amount of data that can be extracted by such queries is fixed, for example, the size of the data, or the amount of overlap between data that is returned. The authors have maintained tight bounds for the maximum number of such queries that return subsets of data without compromising the information of a single individual record.
Future scope includes evaluation of new security-control mechanisms while maintaining richness of available queries, consistency, cost etc.
Source: PhysOrg Image Credit: xkcd Posted in: #Coffee Room
Because databases are huge and hence need multiple processes and controls, it becomes a rather complex task for organizations to provide an adequate amount of security. This issue has been highlighted by Rudolf Ahlswede and Harout Aydinian in their paper <em>SIAM Journal on Discrete Mathematics. </em>
While maintaining security has always been a knotty task, it can not be done without. Plus with statistical databases, there is a risk that confidential information about an individual's record may be deliberately compromised, making security control all the more critical. Enough data about an individual's record can be derived just by correlating particular statistics. Usually, statistical databases only accept queries that involve specific statistical functions (such as sum, average, count, min, max, etc.) but this method is highly susceptible to compromise.
To counter this, Query restriction is one approach that is used for security control. A "query request" extracts a subset of data from a database fulfilling set of conditions. With query restriction, the kind and amount of data that can be extracted by such queries is fixed, for example, the size of the data, or the amount of overlap between data that is returned. The authors have maintained tight bounds for the maximum number of such queries that return subsets of data without compromising the information of a single individual record.
Future scope includes evaluation of new security-control mechanisms while maintaining richness of available queries, consistency, cost etc.
Source: PhysOrg Image Credit: xkcd Posted in: #Coffee Room
