Security-Control Methods for Statistical Databases: A Comparative Study.

Nabil R. Adam, John C. Wortmann: Security-Control Methods for Statistical Databases: A Comparative Study. ACM Comput. Surv. 21(4): 515-556(1989)
  author    = {Nabil R. Adam and
               John C. Wortmann},
  title     = {Security-Control Methods for Statistical Databases: A Comparative
  journal   = {ACM Comput. Surv.},
  volume    = {21},
  number    = {4},
  year      = {1989},
  pages     = {515-556},
  ee        = {db/journals/csur/AdamW89.html},
  bibsource = {DBLP,}


This paper considers the problem of providing security to statistical databases against disclosure of confidential information. Security-control methods suggested in the literature are classified into four general approaches: conceptual, query restriction, data perturbation, and output perturbation.

Criteria for evaluating the performance of the various security-control methods are identified. Security-control methods that are based on each of the four approaches are discussed, together with their performance with respect to the identified evaluation criteria. A detailed comparative analysis of the most promising methods for protecting dynamic-online statistical databases is also presented.

To date no single security-control method prevents both exact and partial disclosures. There are, however, a few perturbation-based methods that prevent exact disclosure and enable the database administrator to exercise "statistical disclosure control." Some of these methods, however introduce bias into query responses or suffer from the 0/1 query-set-size problem (i.e., partial disclosure is possible in case of null query set or a query set of size 1).

We recommend directing future research efforts toward developing new methods that prevent exact disclosure and provide statistical-disclosure control, while at the same time do not suffer from the bias problem and the 0/1 query-set-size problem. Furthermore, efforts directed toward developing a bias-correction mechanism and solving the general problem of small query-set-size would help salvage a few of the current perturbation-based methods.

Copyright © 1989 by the ACM, Inc., used by permission. Permission to make digital or hard copies is granted provided that copies are not made or distributed for profit or direct commercial advantage, and that copies show this notice on the first page or initial screen of a display along with the full citation.

ACM SIGMOD Anthology

CDROM Version: Load the CDROM "Volume 4 Issue 1, Books, VLDB-j, TODS, ..." and ... DVD Version: Load ACM SIGMOD Anthology DVD 2" and ... BibTeX

Online Edition: ACM Digital Library

Citation Page


[Abul-Ela et al. 1967]
[Achugbue and Chin 1979]
[Beck 1980]
Leland L. Beck: A Security Mechanism for Statistical Databases. ACM Trans. Database Syst. 5(3): 316-338(1980) BibTeX
[Chin 1978]
Francis Y. L. Chin: Security in Statistical Databases for Queries with Small Counts. ACM Trans. Database Syst. 3(1): 92-104(1978) BibTeX
[Chin et al. 1984]
Francis Y. L. Chin, Peter Kossowski, S. C. Loh: Efficient Inference Control for Range SUM Queries. Theor. Comput. Sci. 32: 77-86(1984) BibTeX
[Chin and Özsoyoglu 1979]
Francis Y. L. Chin, Gultekin Özsoyoglu: Auditing and Inference Control in Statistical Databases. IEEE Trans. Software Eng. 8(6): 574-582(1982) BibTeX
[Chin and Özsoyoglu 1981]
Francis Y. L. Chin, Gultekin Özsoyoglu: Statistical Database Design. ACM Trans. Database Syst. 6(1): 113-139(1981) BibTeX
[Chin and Özsoyoglu 1979]
[Cox 1980]
[Dalenius 1981]
[Dalenius 1977]
[Dalenius 1974]
[Denning 1985]
[Denning 1984]
[Denning 1983]
Dorothy E. Denning: A Security Model for the Statistical Database Problem. SSDBM 1983: 368-390 BibTeX
[Denning 1982]
Dorothy E. Denning: Cryptography and Data Security. Addison-Wesley 1982
[Denning 1981]
[Denning 1980]
Dorothy E. Denning: Secure Statistical Databases with Random Sample Queries. ACM Trans. Database Syst. 5(3): 291-315(1980) BibTeX
[Denning and Schlörer 1983]
Dorothy E. Denning, Jan Schlörer: Inference Controls for Statistical Databases. IEEE Computer 16(7): 69-82(1983) BibTeX
[Denning and Schl7ouml;rer 1980]
Dorothy E. Denning, Jan Schlörer: A Fast Procedure for Finding a Tracker in a Statistical Database. ACM Trans. Database Syst. 5(1): 88-102(1980) BibTeX
[Denning et al. 1982]
[Denning et al. 1979]
Dorothy E. Denning, Peter J. Denning, Mayer D. Schwartz: The Tracker: A Threat to Statistical Database Security. ACM Trans. Database Syst. 4(1): 76-96(1979) BibTeX
[Dobkin et al. 1979]
David P. Dobkin, Anita K. Jones, Richard J. Lipton: Secure Databases: Protection Against User Influence. ACM Trans. Database Syst. 4(1): 97-106(1979) BibTeX
[Fellegi 1972]
[Fellegi and Phillips 1974]
[Friedman and Hoffman 1980]
[Ghosh 1986]
Sakti P. Ghosh: Statistical Relational Tables for Statistical Database Management. IEEE Trans. Software Eng. 12(12): 1106-1116(1986) BibTeX
[Ghosh 1985]
Sakti P. Ghosh: An Application of Statistical Databases in Manufacturing Testing. IEEE Trans. Software Eng. 11(7): 591-598(1985) BibTeX
[Ghosh 1984]
Sakti P. Ghosh: An Application of Statistical Databases in Manufacturing Testing. ICDE 1984: 96-103 BibTeX
[Greenberg et al. 1969a]
[Greenberg et al. 1969b]
[Haq 1977]
[Haq 1975]
[Hoffman 1977]
[Hoffman and Miller 1970]
[Jonge 1983]
Wiebren de Jonge: Compromising Statistical Databases Responding to Queries about Means. ACM Trans. Database Syst. 8(1): 60-80(1983) BibTeX
[Kam and Ullman 1977]
John B. Kam, Jeffrey D. Ullman: A Model of Statistical Databases and Their Security. ACM Trans. Database Syst. 2(1): 1-10(1977) BibTeX
[Lefons et al. 1983]
Ezio Lefons, Alberto Silvestri, Filippo Tangorra: An Analytic Approach to Statistical Databases. VLDB 1983: 260-274 BibTeX
[Leiss 1982]
Ernst L. Leiss: Randomizing, A Practical Method for Protecting Statistical Databases Against Compromise. VLDB 1982: 189-196 BibTeX
[Liew et al. 1985]
Chong K. Liew, Uinam J. Choi, Chung J. Liew: A Data Distortion by Probability Distribution. ACM Trans. Database Syst. 10(3): 395-411(1985) BibTeX
[Matloff 1986]
[McLeish 1983]
Mary McLeish: An Information Theoretic Approach to Statistical Databases and Their Security: A Preliminary Report. SSDBM 1983: 355-359 BibTeX
[Miller 1971]
[Morgenstern 1987]
Matthew Morgenstern: Security and Inference in Multilevel Database and Knowledge-Base Systems. SIGMOD Conference 1987: 357-373 BibTeX
[Özsozoglu and Chin 1982]
Gultekin Özsoyoglu, Francis Y. L. Chin: Enhancing the Security of Statistical Databases with a Question-Answering System and a Kernel Design. IEEE Trans. Software Eng. 8(3): 223-234(1982) BibTeX
[Özsoyoglu and Chung 1986]
Gultekin Özsoyoglu, JiYoung Chung: Information Loss in the Lattice Model of Summary Tables due to Cell Suppression. ICDE 1986: 75-83 BibTeX
[Özsoyoglu and Özsoyoglu 1981]
[Özsoyoglu and Su 1985]
[Palley 1986]
Michael A. Palley: Security of Statistical Databases - Compromise through Attribute Correlational Modeling. ICDE 1986: 67-74 BibTeX
[Palley and Simonoff 1987]
Michael A. Palley, Jeffrey S. Simonoff: The Use of Regression Methodology for the Compromise of Confidential Information in Statistical Databases. ACM Trans. Database Syst. 12(4): 593-608(1987) BibTeX
[Reiss 1980]
[Reiss 1984]
Steven P. Reiss: Practical Data-Swapping: The First Steps. ACM Trans. Database Syst. 9(1): 20-37(1984) BibTeX
[Rowe 1984]
Neil C. Rowe: Diophantine Inferences from Statistical Aggregates on Few-Valued Attributes. ICDE 1984: 107-110 BibTeX
[Sande 1983]
Gordon Sande: Automated Cell Suppression to Preserve Confidentiality of Business Statistics. SSDBM 1983: 346-354 BibTeX
[Schlörer 1983]
Jan Schlörer: Information Loss in Partitioned Statistical Databases. Comput. J. 26(3): 218-223(1983) BibTeX
[Schlörer 1981]
Jan Schlörer: Security of Statistical Databases: Multidimensional Transformation. ACM Trans. Database Syst. 6(1): 95-112(1981) BibTeX
[Schlörer 1980]
Jan Schlörer: Disclosure from Statistical Databases: Quantitative Aspects of Trackers. ACM Trans. Database Syst. 5(4): 467-492(1980) BibTeX
[Schlörer 1976]
[Schlörer 1975]
[Schwartz et al. 1979]
Mayer D. Schwartz, Dorothy E. Denning, Peter J. Denning: Linear Queries in Statistical Databases. ACM Trans. Database Syst. 4(2): 156-167(1979) BibTeX
[Su and Özsoyoglu 1987]
[Tendick and Matloff 1987]
[Traub et al. 1984]
Joseph F. Traub, Yechiam Yemini, Henryk Wozniakowski: The Statistical Security of a Statistical Database. ACM Trans. Database Syst. 9(4): 672-679(1984) BibTeX
[Trueblood 1984]
[Turn and Shapiro 1978]
[Warner 1971]
[Warner 1965]
[Yu and Chin 1977]
Clement T. Yu, Francis Y. L. Chin: A Study on the Protection of Statistical Data Bases. SIGMOD Conference 1977: 169-181 BibTeX

Referenced by

  1. Rakesh Agrawal, Ramakrishnan Srikant: Privacy-Preserving Data Mining. SIGMOD Conference 2000: 439-450
  2. Jon M. Kleinberg, Christos H. Papadimitriou, Prabhakar Raghavan: Auditing Boolean Attributes. PODS 2000: 86-91
  3. Francesco M. Malvestuto, Marina Moscarini: Computational Issues Connected with the Protection of Sensitive Statistics by Auditing Sum Queries. SSDBM 1998: 134-144
  4. Pai-Cheng Chu: Cell Suppression Methodology: The Importance of Suppressing Marginal Totals. IEEE Trans. Knowl. Data Eng. 9(4): 513-523(1997)
  5. Tsan-sheng Hsu, Ming-Yang Kao: Security Problems for Statistical Databases with General Cell Suppressions. SSDBM 1997: 155-164
  6. Ljiljana Brankovic, Peter Horák, Mirka Miller, Graham Wrightson: Usability of Compromise-Free Statistical Databases. SSDBM 1997: 144-154
  7. Sushil Jajodia: Database Security and Privacy. ACM Comput. Surv. 28(1): 129-131(1996)
  8. Francesco M. Malvestuto, Marina Moscarini: Censoring Statistical Tables to Protect Sensitive Information: Easy and Hard Problems. SSDBM 1996: 12-21
  9. Piero A. Bonatti, Sarit Kraus, V. S. Subrahmanian: Foundations of Secure Deductive Databases. IEEE Trans. Knowl. Data Eng. 7(3): 406-422(1995)
  10. Patrick Tendick, Norman S. Matloff: A Modified Random Perturbation Method for Database Security. ACM Trans. Database Syst. 19(1): 47-63(1994)
  11. Daniel Stamate, Henri Luchian, Ben Paechter: A General Model for the Answer-Perturbation Techniques. SSDBM 1994: 90-96
  12. Rosine Cicchetti, Lotfi Lakhal: Matrix-Relation for Statistical Database Management. EDBT 1994: 31-44
  13. Goetz Graefe: Query Evaluation Techniques for Large Databases. ACM Comput. Surv. 25(2): 73-170(1993)
  14. S. C. Hansen, E. A. Unger: An Extended Memoryless Inference Control Method: Accounting for Dependence in Table-level Controls. SIGMOD Conference 1991: 348-356
  15. Francesco M. Malvestuto, Marina Moscarini, Maurizio Rafanelli: Suppressing Marginal Cells to Protect Sensitive Information in a Two-Dimensional Statistical Table. PODS 1991: 252-258
ACM SIGMOD Anthology - DBLP: [Home | Search: Author, Title | Conferences | Journals]
ACM SIGMOD Anthology: Copyright © by ACM (, Corrections:
DBLP: Copyright © by Michael Ley (, last change: Sat May 16 23:54:46 2009