The Security of Confidential Numerical Data in Databases

O rganizations are storing large amounts of data in databases for data mining and other types of analysis. Some of this data is considered confidential and has to be protected from disclosure. When access to individual values of confidential numerical data in the database is prevented, disclosure may occur when a snooper uses linear models to predict individual values of confidential attributes using nonconfidential numerical and categorical attributes. Hence, it is important for the database administrator to have the ability to evaluate security for snoopers using linear models. In this study we provide a methodology based on Canonical Correlation Analysis that is both appropriate and adequate for evaluating security. The methodology can also be used to evaluate the security provided by different security mechanisms such as query restrictions and data perturbation. In situations where the level of security is inadequate, the methodology provided in this study can also be used to select appropriate inference control mechanisms. The application of the methodology is illustrated using a simulated database. (Confidentiality; Data Perturbation; Database Security; Inferential Disclosure; Inferential Security)