This Article Full Text (PDF) References Alert me when this article is cited Alert me if a correction is posted Services Email this article to a friend Similar articles in this journal Alert me to new issues of the journal Download to citation manager Citing Articles Citing Articles via Google Scholar Google Scholar Articles by Li, H. Articles by Sarathy, R. Search for Related Content

Technical Note—Assessment of Disclosure Risk When Using Confidentiality via Camouflage

Department of Computer Information Systems, Virginia State University, Petersburg, Virginia 23806
Gatton College of Business and Economics, University of Kentucky, Lexington, Kentucky 40506
Department of Management Science and Information Systems, Oklahoma State University, Stillwater, Oklahoma 74078
hli{at}vsu.edu
krishm{at}uky.edu
rathin.sarathy{at}okstate.edu

The confidentiality-via-camouflage (CVC) procedure was recently proposed as an alternative to existing procedures such as data perturbation for protecting the confidentiality of numerical data. In this paper, we show that CVC, implemented with certain parameters, could potentially disclose confidential information. We identify the conditions under which such compromise will occur. We provide new derivations for the database administrator to select CVC parameters to avoid such disclosure. We also derive CVC parameters that allow the database administrator to evaluate the trade-off between disclosure risk and data utility, and we provide an expression to evaluate partial value disclosure risk of CVC. Thus, the results of this study should aid the database administrator in evaluating the applicability of CVC.

Subject classifications: computers; databases; protecting confidential data; information systems; decision-support systems; answering ad-hoc queries.
History: Received October 2004; revision received August 2006; accepted November 2006.