Preserving Privacy in On-Line Analytical Processing (OLAP) (eBook)

Preface 8
Contents 10
1 Introduction 13
1.1 Background 13
1.2 Problem Statement 16
1.3 Overview 18
2 OLAP and Data Cubes 25
2.1 OLAP 25
2.2 Data Cube 27
3 Inference Control in Statistical Databases 33
3.1 Query Set Size Control and Trackers 35
3.2 The Star Query Model 37
3.3 Key-Specified Queries 38
3.4 Linear System Attack and Audit Expert 40
3.5 Intractbility of Inference Control 44
4 Inferences in Data Cubes 49
4.1 Introduction 49
4.2 Preliminaries 50
4.3 Arbitrary Range Queries 53
4.4 Restricted Range Queries 57
4.5 Conclusion 63
5 Cardinality-based Inference Control 65
5.1 Introduction 65
5.2 Preliminaries 69
5.3 Cardinality-based Sufficient Conditions 78
5.4 A Three-Tier Inference Control Model 88
5.5 Cardinality-based Inference Control for Data Cubes 92
5.6 Conclusions 98
6 Parity-based Inference Control for Range Queries 103
6.1 Introduction 103
6.2 Preliminaries 105
6.3 Applying Existing Methods to MDR Queries 109
6.4 Parity-Based Inference Control 114
6.5 Discussion 126
6.6 Conclusion 128
7 Lattice-based Inference Control in Data Cubes 131
7.1 Introduction 131
7.2 The Basic Model 132
7.3 Specifying Authorization Objects in Data Cubes 135
7.4 Controlling Inferences in Data Cubes 138
7.5 Implementation Options and Complexity 155
7.6 Summary 157
8 Query-driven Inference Control in Data Cubes 159
8.1 Introduction 159
8.2 Authorization Objects and Queries in Data Cubes 160
8.3 The Static Approach and Its Impact on Availability 161
8.4 Query-Driven Prevention of Multi-Dimensional Inferences 163
8.5 Summary 179
9 Conclusion and Future Direction 181
References 185
Index 191

Introduction (p. 1)

1.1 Background

Electronic privacy is drawing more and more attention nowadays, as evidenced by cover stories in media 1311 and initiatives of governments [70]. Public sur- veys also reflect strong concerns about potential privacy breaches. The results of recent public opinion polls show that 86% of respondents want a web site to obtain opt-in consent before collecting personal information, and 81% of respondents worry that companies may misuse the collected private data [lo].

Privacy is relevant to the business, too. Privacy concerns cause consumers to routinely abandon their shopping carts when too much personal information is being demanded. The estimated loss of internet sales due to such privacy concerns is as much as $18 billion according to analysts [36].

A failure to protect customers7 privacy will eventually become the breach of laws due to upcoming privacy legislation, such as the Health Insurance Portability and Accountability Act (HIPAA) enacted by the US. Congress in 1996. One of the efforts in reducing the privacy concerns of internet consumers is the platform for privacy preferences (P3P) project by WWW Consortium, which allows a web site to provide machine-readable privacy policies [19].

The web browser of a consumer can thus determine if the provided privacy policies may satisfy the consumer's privacy preferences by comparing the two in an automated way. However, P3P only helps companies in making promises, but it does not enforce them to keep those promises 1231. Unfortunately, keep- ing one's promises is usually easier said then done.

Privacy breaches may occur in various ways after personal data have been collected and stored in the enterprise's data warehouses. The data may be intentionally misused by the company for profits, violating the privacy policies under which the data have been collected. Such intentional misuses can be addressed by privacy legislation. The data may also be stolen by attackers that infiltrate the system through exploiting existing vulnerabilities. Such outsider attacks can be addressed by defensive mechanisms such as firewalls and intrusion detection systems.

More challenging threats are usually from the insiders who need limited accesses to the data. For example, a company may want to study the shop ping preferences of its customers to facilitate upsale. The company invites a third party analyst for this purpose. Without sufficient security mechanisms safeguarding the data, the analyst may obtain and later misuse the personal information about the customers.

Such disclosures of sensitive infor- mation is undesired, because it may lead to privacy breaches of individuals and consequently causes damages to the company's interest. On the other hand, companies collect data not just to occupy hard disks. They need to analyze the data and extract useful knowledge from it. Hence, the data in appropriate formats should be readily available to authorized users. How to prevent privacy breaches caused by inappropriate disclosures of sensitive in- formation while not adversely impacting the availability of data to legitimate users is the main topic of this book.

Among various ways of data analysis, OLAP (On-line Analytic Processing) is one of the most popular techniques. OLAP helps analysts to extract useful knowledge from a large amount of data. It allows analysts to gain insights to different perspectives of the data. This is achieved by aggregating data along multiple dimensions. Aggregations at different levels can be organized into a data cube [37].