Information loss in the lattice model of summary tables due to cell suppression

Abstract

A statistical database (SDB) is a database that is used mostly to provide simple summary statistics (e.g., SUM, COUNT, MAX, MEDIAN, etc.) about individuals in the database and that supports statistical data analysis. When SDB users infer protected information in the SDB from responses to queries, we say that the SDB is compromised. Summary tables are tabular representations of summary data. For a given aggregate function and a set of attributes to specify subsets of individuals in the SDB, all possible (primitive) summary tables form a lattice. The SDB security problem in the lattice model is defined as preventing the users to obtain the information that a table element (i.e., cell) is of size one. In this paper, to solve the SDB security problem in the lattice model, we generalize a technique called cell suppression by merging, and analyze its information loss.