<bold>CASTLE:</bold> Enhancing the Utility of Inequality Query Auditing Without Denial Threats

Abstract

We consider a private data set composed of a set of individuals, and the data are outsourced to a remote cloud server. We revisit the classic query auditing problem in this outsourcing scenario; the cloud audits each newly arrived query on a single attribute, and the query is rejected if answering it compromises any individual's privacy. Various query auditing issues have been studied and addressed before. However, previous auditing schemes either have the difficulty of removing denial threats, or lack the analysis of utility (which is defined as the number of answered queries). In this paper, we study the auditing of a sequence of polynomial-time computable queries. Each query is of format f(X̃) a, where f is any polynomial function, X̃ is a subset of the private data set, and the answer is either “yes” or “no”. Existing methods cannot be applied directly to audit such a query, because it intermingles several types of functions (e.g., sum and max/min). Hence, we propose CASTLE, which is an inequality query auditing scheme that evaluates the risk of answering a query based on the query history and determines whether a newly arrived query should be answered correctly against a denial threat. Furthermore, to overcome the limitations of the existing query auditing mechanisms, which are of low utility, we relax CASTLE to increase the utility by returning answers with slight perturbations. We show that our method can be applied to audit intermingled equality queries with an extension. Experiments are conducted to evaluate the efficiency and effectiveness of our methods.