New Approaches to Disclosure Limitation While Answering Queries to a Database: Protecting Numerical Confidential Data against Insider Threat Based on Data or Algorithms

Confidentiality via Camouflage (CVC) is a practical method for giving unlimited, correct, numerical responses to ad-hoc queries to an on-line database, while not compromising confidential numerical data . Responses are in the form of intervals that are guaranteed to contain the exact answer. Virtually any imaginable query type can be answered and although sharing of query answers among users presents no problem, the threat of insider information is real. In this work we identify two distinct types of insider information, depending on whether the knowledge is of data in the confidential field or of the algorithmic process that is used to answer queries. We show that different realizations of CVC can protect against one type of insider threat or the other, while a combination of realizations can be used if the database administrator is not able to specify the type of threat that is present. Various strategies for dealing with cases where a user poses both types of threats are also presented. Computational experience relates the degradation of answer intervals that can be expected based on the type of threat that is protected against and indicates that, in general, algorithmic threat causes the greatest degradation.