Statistical database

From Wikipedia, the free encyclopedia
Jump to: navigation, search

A statistical database is a database used for statistical analysis purposes. It is an OLAP (online analytical processing), instead of OLTP (online transaction processing) system. Modern decision, and classical statistical databases are often closer to the relational model than the multidimensional model commonly used in OLAP systems today.

Statistical databases typically contain parameter data and the measured data for these parameters. For example, parameter data consists of the different values for varying conditions in an experiment (e.g., temperature, time). The measured data (or variables) are the measurements taken in the experiment under these varying conditions.

Many statistical databases are sparse with many null or zero values. It is not uncommon for a statistical database to be 40% to 50% sparse. There are two options for dealing with the sparseness: (1) leave the null values in there and use compression techniques to squeeze them out or (2) remove the entries that only have null values.

Statistical databases often incorporate support for advanced statistical analysis techniques, such as correlations, which go beyond SQL. They also pose unique security concerns, which were the focus of much research, particularly in the late 1970s and early to mid-1980s.

Security in statistical databases[edit]

In a statistical database, it is often desired to allow query access only to aggregate data, not individual records. Securing such a database is a difficult problem, since intelligent users can use a combination of aggregate queries to derive information about a single individual.

Some common approaches are:

  • only allowing aggregate queries (SUM, COUNT, AVG, STDEV, etc.)
  • rather than returning exact values for sensitive data like income, only return which partition it belongs to (e.g. 35k-40k)
  • return imprecise counts (e.g. rather than 141 records met query, only indicate 130-150 records met it.)
  • don't allow overly selective WHERE clauses
  • audit all users queries, so users using system incorrectly can be investigated
  • use intelligent agents to detect automatically inappropriate system use

For many years, research in this area was stalled, and it was thought in 1980 that, to quote:

The conclusion is that statistical databases are almost always subject to compromise. Severe restrictions on allowable query set sizes will render the database useless as a source of statistical information but will not secure the confidential records.[1]

But in 2006, Cynthia Dwork defined the field of differential privacy, using work that started appearing in 2003. While showing that some semantic security goals, related to work of Tore Dalenius, were impossible, it identified new techniques for limiting the increased privacy risk resulting from inclusion of private data in a statistical database. This makes it possible in many cases to provide very accurate statistics from the database while still ensuring high levels of privacy.[2][3]

Some further reading[edit]

Statistical and Scientific Database Management (SSDBM) An important series of conferences in this field

Some key papers in this field:

  1. doi:10.1145/320613.320616 - Dorothy E. Denning, Secure statistical databases with random sample queries, ACM Transactions on Database Systems (TODS), Volume 5, Issue 3 (September 1980), Pages: 291 - 315
  2. doi:10.1145/319830.319834 - Wiebren de Jonge, Compromising statistical databases responding to queries about means, ACM Transactions on Database Systems, Volume 8, Issue 1 (March 1983), Pages: 60 - 80
  3. doi:10.1145/320128.320138 - Dorothy E. Denning, Jan Schlörer, A fast procedure for finding a tracker in a statistical database, ACM Transactions on Database Systems, Volume 5, Issue 1 (March 1980) . Pages: 88 - 102
  4. A. Shoshani, “Statistical Databases: Characteristics, Problems, and some Solutions,” in Proceedings of the 8th International Conference on Very Large Data Bases, San Francisco, CA, USA, 1982, pp. 208–222.

References[edit]

  1. ^ Dorothy E. Denning, Peter J. Denning, and Mayer D. Schwartz, "The Tracker: A Threat to Statistical Database Security," ACM Transactions on Database Systems (TODS), Volume 4, Issue 1 (March 1979), Pages: 76 - 96, doi:10.1145/320064.320069.
  2. ^ HILTON, MICHAEL. "Differential Privacy: A Historical Survey" (PDF). 
  3. ^ Dwork, Cynthia (2008-04-25). "Differential Privacy: A Survey of Results". In Agrawal, Manindra; Du, Dingzhu; Duan, Zhenhua; Li, Angsheng. Theory and Applications of Models of Computation. Lecture Notes in Computer Science. Springer Berlin Heidelberg. pp. 1–19. ISBN 9783540792277. doi:10.1007/978-3-540-79228-4_1.