Simply restricting the computation to non-sensitive part of the data may lead to inferences on sensitive data through data dependencies. Inference control from data dependencies has been studied in the prior work. However, existing solutions either detect and deny queries which may lead to leakage -- resulting in poor utility, or only protects against exact reconstruction of the sensitive data -- resulting in poor security. In this paper, we present a novel security model called full deniability. Under this stronger security model, any information inferred about sensitive data from non-sensitive data is considered as a leakage. We describe algorithms for efficiently implementing full deniability on a given database instance with a set of data dependencies and sensitive cells. Using experiments on two different datasets, we demonstrate that our approach protects against realistic adversaries while hiding only minimal number of additional non-sensitive cells and scales well with database size and sensitive data.

翻译：仅限制对数据非敏感部分的计算，可能因数据依赖而导致敏感数据被推断。现有研究已探讨了基于数据依赖的推断控制问题，但其解决方案存在局限性：要么通过检测并拒绝可能引发泄露的查询导致可用性低下，要么仅能防范敏感数据的精确重构从而安全性不足。本文提出一种称为"完全可否认性"的新型安全模型。在该更强安全模型下，任何从非敏感数据推断出的敏感信息均被视为泄露。我们描述了在给定数据库实例中，针对一组数据依赖和敏感单元格高效实现完全可否认性的算法。基于两个不同数据集的实验表明，该方法能有效抵御现实对手的威胁，仅需隐藏极少量的额外非敏感单元格，且算法性能随数据库规模和敏感数据量呈良好扩展性。