A protection mechanism to limit inferencing of information in statistical database queries is:
A.
Specifying a maximum query set size
B.
Specifying a minimum query set size, but prohibiting the querying of all but one of the records in
the database
C.
Specifying a minimum query set size
D.
Specifying a maximum query set size, but prohibiting the querying of all but one of the records in
the database
Explanation:
When querying a database for statistical information, individually identifiable information should be
protected. Thus, requiring a minimum size for the query set (greater than one) offers protection
against gathering information on one individual. However, an attack may consist of gathering
statistics on a query set size M, equal to or greater than the minimum query set size, and then
requesting the same statistics on a query set size of M + 1. The second query set would be designed
to include the individual whose information is being sought surreptitiously. *Thus with answer
“Specifying a minimum query set size, but prohibiting the querying of all but one of the records in
the database”, this type of attack could not take place. * Answer “Specifying a minimum query set
size” is, therefore, incorrect since it leaves open the loophole of the M+1 set size query. Answers
“Specifying a maximum query set size” and “Specifying a maximum query set size, but prohibiting
the querying of all but one of the records in the database” are incorrect since the critical metric is
the minimum query set size and not the maximum size. Obviously, the maximum query set size
cannot be set to a value less than the minimum set size.