– Certain aggregate/statistical queries can be allowed by all users.
– Consider a student grade database with schema studentid, student_standing(junior or senior), exam1_score, exam2_score, final_grade.
Average score on an example is a query that any student should be able to run.
Attacker wants to find exact score of some student
Inference attack when target takes the exam late
– Average score before target takes the exam
– Average score after target takes the exam
– Target score can be easily found
Another example: only one student has junior standing in a senior class
– Get average score of students who have junior standing
– This query discloses score of a single student
Defenses Against Inference Attacks
– Do not allow aggregate query results when the set of tuples selected is either too small or too large
– Transform data by removing identifying information
deindentification
anonymization
this has to be done with care
