Wednesday, March 29th, 2006
Computer Science Department
Stevens Institute of Technology
Title: Secure Inference Control in Databases
Abstract: Data security is a critical issue for many organizations.Private Information Retrieval (PIR) protocols allow a client to query values from the database, without revealing the query to the server. An authorized user or a collection of users can invoke a sequence of queries, each of which are under his (or their) privilege(s), but may be able to combine all of this information to infer some sensitive information from the database. Private Information Control (PIC) protocols allows the server to perform inference control on the clients queries, without knowing the client's queries. In this talk I will go over some of the PIR and PIC protocols. Towards the end of the talk, I will present my results which are a generalization of PIC. The server holds the database and the client wants to interact with the server to compute a function f over some of the database items. The client performs a sequence of such queries. For each query, he learns the value of the function for that query if and only if the query passes the inference control test. The server learns nothing about the queries, and the client learns nothing other than the value of the function.