DATA & KNOWLEDGE ENGINEERING, cilt.111, ss.1-21, 2017 (SCI-Expanded)
Inference problem has always been an important and challenging topic of data privacy in databases. In relational databases, the traditional solution to this problem was to define views on relational schemas to restrict the subset of attributes and operations available to the users in order to prevent unwanted inferences. This method is a form of decomposition strategy, which mainly concentrates on the granularity of the accessible fields to the users, to prevent sensitive information inference. Nowadays, due to increasing data sharing among parties, the possibility of constructing complex indirect methods to obtain sensitive data has also increased. Therefore, we need to not only consider security threats due to direct access to sensitive data but also address indirect inference channels using functional and probabilistic dependencies (e.g., deducing gender of an individual from his/her name) while creating security views. In this paper, we propose a proactive and decomposition based inference control strategy for relational databases to prevent direct or indirect inference of private data. We introduce a new kind of context dependent attribute policy rule, which is named as security dependent set, as a set of attributes whose association should not be inferred. Then, we define a logical schema decomposition algorithm that prevents inference among attributes in security dependent set. The decomposition algorithm takes both functional and probabilistic dependencies into consideration in order to prevent all kinds of known inferences of relations among the attributes of security dependent sets. We prove that our proposed decomposition algorithm generates a secure logical schema that complies with the given security dependent set constraints. Since our proposed technique is purely proactive, it does not require any prior knowledge about executed queries and do not need to modify any submitted queries. It can also be embedded into any relational database management system without changing anything in the underlying system. We empirically compare our proposed method with the state of art reactive methods. Our extensive experimental analysis, conducted using TPC-H-1 benchmark scheme, shows the effectives our proposed approach.