A tradeoff analysis between data accessibility and inference control for row, column, and cell level security in relational databases

There is a need to protect data in relational databases from unauthorized access at finer levels of granularity and thereby make as much data available to the user as possible. Current state-of-the-art security techniques offer elegant ways to protect data at the column, row and cell levels. But for some patterns of secret cells, these techniques mask innocent data along with the secret data thus reducing data accessibility of the database. This study compares the current security techniques in terms of data accessibility for typical patterns of secret cells.; Another aspect of the current techniques is the possibility of inference based on data that appears to be absent in the database. This is a problem with cell-level security, because the absence of a value returned from a query indicates that a certain cell must contain secret data. This research studies the inference problem associated with these security techniques. A new technique is proposed that suppresses some innocent data in addition to the secret cells. This not only achieves better results in terms of data accessibility for typical patterns of secret cells than row or column level security but also controls data-suppression based inference to a reasonable degree.; The research is a step towards building an add-on tool that measures data accessibility and security from making inferences. A database administrator will input the total number of secret cells in the database and the tool will measure data accessibility and security with all security techniques. The tool will offer a choice to the DBA to pick a security technique based on the requirements for data accessibility versus security.