{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T04:47:13Z","timestamp":1755838033278},"reference-count":28,"publisher":"Association for Computing Machinery (ACM)","issue":"1","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2006,2]]},"abstract":"<jats:p>In response to queries asked to a statistical database, the query system should avoid releasing summary statistics that could lead to the disclosure of confidential individual data. Attacks to the security of a statistical database may be direct or indirect and, in order to repel them, the query system should audit queries by controlling the amount of information released by their responses. This paper focuses on sum-queries with a response variable of nonnegative real type and proposes a compact representation of answered sum-queries, called an information model in \u201cnormal form,\u201d which allows the query system to decide whether the value of a new sum-query can or cannot be safely answered. If it cannot, then the query system will issue the range of feasible values of the new sum-query consistent with previously answered sum-queries. Both the management of the information model and the answering procedure require solving linear-programming problems and, since standard linear-programming algorithms are not polynomially bounded (despite their good performances in practice), effective procedures that make a parsimonious use of them are stated for the general case. Moreover, in the special case that the information model is \u201cgraphical.\u201d It is shown that the answering procedure can be implemented in polynomial time.<\/jats:p>","DOI":"10.1145\/1127345.1127347","type":"journal-article","created":{"date-parts":[[2006,5,8]],"date-time":"2006-05-08T16:09:20Z","timestamp":1147104560000},"page":"31-60","update-policy":"http:\/\/dx.doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":27,"title":["Auditing sum-queries to make a statistical database secure"],"prefix":"10.1145","volume":"9","author":[{"given":"Francesco M.","family":"Malvestuto","sequence":"first","affiliation":[{"name":"\u201cLa Sapienza\u201d University of Rome, Roma, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mauro","family":"Mezzini","sequence":"additional","affiliation":[{"name":"\u201cLa Sapienza\u201d University of Rome, Roma, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Marina","family":"Moscarini","sequence":"additional","affiliation":[{"name":"\u201cLa Sapienza\u201d University of Rome, Roma, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2006,2]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/76894.76895"},{"key":"e_1_2_1_2_1","unstructured":"Ahuja R. K. Magnanti T. L. and Orlin J. B. 1993. Network Flows. Prentice Hall Englewood Cliffs NJ.  Ahuja R. K. Magnanti T. L. and Orlin J. B. 1993. Network Flows. Prentice Hall Englewood Cliffs NJ."},{"key":"e_1_2_1_3_1","volume-title":"Proceedings of the 4th International Conference on Statistical and Scientific Database Management","author":"Chang Chen M.","unstructured":"Chang Chen , M. and L. McNamee , L. 1989a. A model of summary data and its applications to statistical databases . In Proceedings of the 4th International Conference on Statistical and Scientific Database Management , G. Goos and J. Hatmanis, Eds. Lecture Notes in Computer Sciences vol. 339. 354--372. Chang Chen, M. and L. McNamee, L. 1989a. A model of summary data and its applications to statistical databases. In Proceedings of the 4th International Conference on Statistical and Scientific Database Management, G. Goos and J. Hatmanis, Eds. Lecture Notes in Computer Sciences vol. 339. 354--372."},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/69.43426"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/5925.5928"},{"key":"e_1_2_1_6_1","doi-asserted-by":"crossref","first-page":"574","DOI":"10.1109\/TSE.1982.236161","article-title":"Auditing and inference control in statistical databases","volume":"8","author":"Chin F. Y.","year":"1982","unstructured":"Chin , F. Y. and Ozsoyoglu , G. 1982 . Auditing and inference control in statistical databases . IEEE Trans. Software Engineering 8 , 574 -- 582 . Chin, F. Y. and Ozsoyoglu, G. 1982. Auditing and inference control in statistical databases. IEEE Trans. Software Engineering 8, 574--582.","journal-title":"IEEE Trans. Software Engineering"},{"key":"e_1_2_1_7_1","volume-title":"Linear Programming","author":"Chv\u00e1tal V.","unstructured":"Chv\u00e1tal , V. 1983. Linear Programming . Freeman , New York . Chv\u00e1tal, V. 1983. Linear Programming. Freeman, New York."},{"key":"e_1_2_1_8_1","doi-asserted-by":"crossref","first-page":"377","DOI":"10.1080\/01621459.1980.10477481","article-title":"Suppression methodology and statistical disclosure control","volume":"75","author":"Cox L. H.","year":"1980","unstructured":"Cox , L. H. 1980 . Suppression methodology and statistical disclosure control . J. American Statistical Association 75 , 377 -- 385 . Cox, L. H. 1980. Suppression methodology and statistical disclosure control. J. American Statistical Association 75, 377--385.","journal-title":"J. American Statistical Association"},{"key":"e_1_2_1_9_1","first-page":"205","article-title":"An agenda for research on statistical disclosure limitation","volume":"11","author":"Cox L. H.","year":"1995","unstructured":"Cox , L. H. and Zayatz , L. V. 1995 . An agenda for research on statistical disclosure limitation . J. Official Statistics 11 , 205 -- 220 . Cox, L. H. and Zayatz, L. V. 1995. An agenda for research on statistical disclosure limitation. J. Official Statistics 11, 205--220.","journal-title":"J. Official Statistics"},{"key":"e_1_2_1_10_1","doi-asserted-by":"crossref","first-page":"11885","DOI":"10.1073\/pnas.97.22.11885","article-title":"Bounds for cell entries in contingency tables given the marginal totals and decomposable graphs","volume":"97","author":"Dobra A.","year":"2000","unstructured":"Dobra , A. and Fienberg , S. E. 2000 . Bounds for cell entries in contingency tables given the marginal totals and decomposable graphs . In Proc. Nat. Acad. Sci. USA 97 , 11885 -- 11892 . Dobra, A. and Fienberg, S. E. 2000. Bounds for cell entries in contingency tables given the marginal totals and decomposable graphs. In Proc. Nat. Acad. Sci. USA 97, 11885--11892.","journal-title":"Proc. Nat. Acad. Sci. USA"},{"key":"e_1_2_1_11_1","unstructured":"Duncan G. T. Fienberg S. E. Krishnan R. Padman R. and Roehrig S. F. 2001. Disclosure limitation methods and information loss for tabular data. In Confidentiality Disclosure and Data Access P. Doyle J. Lane J. Theeuwes L. Zayatz Eds. Elsevier New York 135--166.  Duncan G. T. Fienberg S. E. Krishnan R. Padman R. and Roehrig S. F. 2001. Disclosure limitation methods and information loss for tabular data. In Confidentiality Disclosure and Data Access P. Doyle J. Lane J. Theeuwes L. Zayatz Eds. Elsevier New York 135--166."},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1137\/0217034"},{"key":"e_1_2_1_13_1","volume-title":"Proceedings of the 19th ACM Symposium on Principles of Database Systems. 86--91","author":"Kleinberg J. M.","unstructured":"Kleinberg , J. M. , Papadimitriou , C. H. , and Raghavan , P . 2000. Auditing Boolean attributes . In Proceedings of the 19th ACM Symposium on Principles of Database Systems. 86--91 . 10.1145\/335168.335210 Kleinberg, J. M., Papadimitriou, C. H., and Raghavan, P. 2000. Auditing Boolean attributes. In Proceedings of the 19th ACM Symposium on Principles of Database Systems. 86--91. 10.1145\/335168.335210"},{"key":"e_1_2_1_14_1","volume-title":"The Theory of Relational Databases","author":"Maier D.","unstructured":"Maier , D. 1983. The Theory of Relational Databases . Computer Science Press , Rockville, IL . Maier, D. 1983. The Theory of Relational Databases. Computer Science Press, Rockville, IL."},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/169725.169712"},{"key":"e_1_2_1_16_1","volume-title":"Proceedings of the World Multiconference on Systemics, Cybernetics and Informatics","author":"Malvestuto F. M.","unstructured":"Malvestuto , F. M. and Mezzini , M . 2001. On the hardness of protecting sensitive information in a statistical database . In Proceedings of the World Multiconference on Systemics, Cybernetics and Informatics , vol. XIV . 504--509. Malvestuto, F. M. and Mezzini, M. 2001. On the hardness of protecting sensitive information in a statistical database. In Proceedings of the World Multiconference on Systemics, Cybernetics and Informatics, vol. XIV. 504--509."},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1137\/S0097539700376068"},{"key":"e_1_2_1_18_1","series-title":"Lecture Notes in Computer Sciences. 504--509.","volume-title":"Proceedings of the International Conference on Database Theory","author":"Malvestuto F.","unstructured":"Malvestuto , F. and M., Mezzini , M. 2003. Auditing sum-queries . In Proceedings of the International Conference on Database Theory . Lecture Notes in Computer Sciences. 504--509. Malvestuto, F. and M., Mezzini, M. 2003. Auditing sum-queries. In Proceedings of the International Conference on Database Theory. Lecture Notes in Computer Sciences. 504--509."},{"key":"e_1_2_1_19_1","volume-title":"Proceedings of the International Conference on Privacy in Statistical Databases, Barcelona.","author":"Malvestuto F. M.","unstructured":"Malvestuto , F. M. and Mezzini , M . 2004. Privacy preserving and data mining in an on-line statistical database of additive type . In Proceedings of the International Conference on Privacy in Statistical Databases, Barcelona. Malvestuto, F. M. and Mezzini, M. 2004. Privacy preserving and data mining in an on-line statistical database of additive type. In Proceedings of the International Conference on Privacy in Statistical Databases, Barcelona."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/69.63254"},{"key":"e_1_2_1_21_1","unstructured":"Malvestuto F. M. and Moscarini M. 1999. An audit expert for large statistical databases. In Statistical Data Protection EUROSTAT. 29--43.  Malvestuto F. M. and Moscarini M. 1999. An audit expert for large statistical databases. In Statistical Data Protection EUROSTAT. 29--43."},{"key":"e_1_2_1_22_1","doi-asserted-by":"crossref","unstructured":"Malvestuto F. M. and Moscarini M. 2003. Privacy in multidimensional databases. In Multidimensional Databases M. Rafanelli Ed. Idea Group Pub. Hershey PA. 310--360.   Malvestuto F. M. and Moscarini M. 2003. Privacy in multidimensional databases. In Multidimensional Databases M. Rafanelli Ed. Idea Group Pub. Hershey PA. 310--360.","DOI":"10.4018\/978-1-59140-053-0.ch011"},{"key":"e_1_2_1_23_1","volume-title":"Theory of Linear and Integer Programming","author":"Schrijver A.","unstructured":"Schrijver , A. 1986. Theory of Linear and Integer Programming . Wiley , New York . Schrijver, A. 1986. Theory of Linear and Integer Programming. Wiley, New York."},{"key":"e_1_2_1_24_1","volume-title":"Proc. Europ. Symp. Computer Security (ESORICS","volume":"2502","author":"Wang L.","year":"2002","unstructured":"Wang , L. , Wijekera , D. , and Jajodia , S . 2002. Cardinality-based inference control in sum-only data cubes . In Proc. Europ. Symp. Computer Security (ESORICS 2002 ). Lecture Notes in Computer Science , vol. 2502 . Springer-Verlag, New York. 55--71. Wang, L., Wijekera, D., and Jajodia, S. 2002. Cardinality-based inference control in sum-only data cubes. In Proc. Europ. Symp. Computer Security (ESORICS 2002). Lecture Notes in Computer Science, vol. 2502. Springer-Verlag, New York. 55--71."},{"key":"e_1_2_1_25_1","doi-asserted-by":"crossref","first-page":"655","DOI":"10.3233\/JCS-2004-12501","article-title":"Cardinality-based inference control in datacubes","volume":"12","author":"Wang L.","year":"2004","unstructured":"Wang , L. , Wijekera , D. , and Jajodia , S. 2004 . Cardinality-based inference control in datacubes . J. Comp. Security 12 , 655 -- 692 . Wang, L., Wijekera, D., and Jajodia, S. 2004. Cardinality-based inference control in datacubes. J. Comp. Security 12, 655--692.","journal-title":"J. Comp. Security"},{"key":"e_1_2_1_26_1","series-title":"Lecture Notes in Statistics","volume-title":"Statistical Disclosure Control in Practice","author":"Willenborg L.","unstructured":"Willenborg , L. and de Waal , T. 1996. Statistical Disclosure Control in Practice . Lecture Notes in Statistics , vol. 111 . Springer-Verlag , New York . Willenborg, L. and de Waal, T. 1996. Statistical Disclosure Control in Practice. Lecture Notes in Statistics, vol. 111. Springer-Verlag, New York."},{"key":"e_1_2_1_27_1","series-title":"Lecture Notes in Statistics, 155","volume-title":"Elements of Statistical Disclosure","author":"Willenborg L.","unstructured":"Willenborg , L. and de Waal , T. 2000. Elements of Statistical Disclosure . Lecture Notes in Statistics, 155 . Springer-Verlag , New York . Willenborg, L. and de Waal, T. 2000. Elements of Statistical Disclosure. Lecture Notes in Statistics, 155. Springer-Verlag, New York."},{"key":"e_1_2_1_28_1","volume-title":"Proceedings of the ACM International Workshop on Data Warehousing and OLAP (DOLAP","author":"Zhang N.","year":"2004","unstructured":"Zhang , N. , Zhao , W. , and Chen , J . 2004. Cardinality-based inference control in OLAP systems: an information theoretic approach . In Proceedings of the ACM International Workshop on Data Warehousing and OLAP (DOLAP 2004 ). 59--64. 10.1145\/1031763.1031776 Zhang, N., Zhao, W., and Chen, J. 2004. Cardinality-based inference control in OLAP systems: an information theoretic approach. In Proceedings of the ACM International Workshop on Data Warehousing and OLAP (DOLAP 2004). 59--64. 10.1145\/1031763.1031776"}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1127345.1127347","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,28]],"date-time":"2022-12-28T19:38:40Z","timestamp":1672256320000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1127345.1127347"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006,2]]},"references-count":28,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2006,2]]}},"alternative-id":["10.1145\/1127345.1127347"],"URL":"https:\/\/doi.org\/10.1145\/1127345.1127347","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"value":"1094-9224","type":"print"},{"value":"1557-7406","type":"electronic"}],"subject":[],"published":{"date-parts":[[2006,2]]},"assertion":[{"value":"2006-02-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}