Wednesday, March 29th, 2006
Geetha Jagannathan
Computer Science Department
Stevens Institute of Technology
Title: Secure Inference Control in Databases
Abstract:
Data security is a critical issue for many
organizations.Private Information Retrieval (PIR) protocols
allow a client to query values from the database, without
revealing the query to the server. An authorized user or a
collection of users can invoke a sequence of queries, each of
which are under his (or their) privilege(s), but may be able
to combine all of this information to infer some sensitive
information from the database. Private Information Control
(PIC) protocols allows the server to perform inference
control on the clients queries, without knowing the client's
queries.
In this talk I will go over some of the PIR and PIC
protocols. Towards the end of the talk, I will present my
results which are a generalization of PIC. The server holds
the database and the client wants to interact with the server
to compute a function f over some of the database items. The
client performs a sequence of such queries. For each query,
he learns the value of the function for that query if and
only if the query passes the inference control test. The
server learns nothing about the queries, and the client
learns nothing other than the value of the function.