現行的資訊系統普遍使用資料庫，所以也儲存了敏感性的資料，本論文的目的在於利用資料庫的特性來限制敏感性資料的輸出，並配合稽核檢查機制減少敏感性資料外洩的疑慮，以保護資料庫中的敏感性資料。當敏感性資料有必要輸出時，將採取資料擾亂的方式來降低資料的精準度，藉由這種方式在不洩漏正確的敏感性資料為前提下，盡量提供給使用者詳盡的資料，以達到『精確性』與『隱私性』兩者間的平衡。
本研究利用資料庫(以醫療資訊資料庫為例)中資料表欄位的基本屬性配合規劃的資料擾亂方法(集合、遮蔽、置換、統計)，來針對欄位表中的資料進行擾亂作業；並且配合作業需求將整個作業區分為管理者、設計者與使用者三個階段。透過本研究，我們不僅僅提供給管理者有效的設定資料輸出限制方式及使用者合理的資料輸出作為，並且達成保護敏感性資料、輸出資料的穩定性與一致性。

The use of current information systems commonly go along with databases. Sensitive data usually are stored in the database as well. The purpose of this paper is to limit the output of sensitive data and to operate in coordination with the audit/inspection to reduce the doubt of leakage of sensitive data. We hope to protect sensitive data in databases through the use of this facility. When there is the need of data exportation, we adopt the data perturbation technique to reduce the precise degree of the sensitive data to the users under the prerequisite of not disclosing the original sensitive data. We hope to achieve the balance between “precision” and “privacy”.
We use basic attributes of table columns in databases (using a medical database as an example) to perturb the data with methods of data perturbations (collection, shelter, replacement, and statistics). We also divide the operations into three phases: administrator phase, design phase and user phase. We not only provide an effective way for the managers to setup the limitation of the data exportation effectively and for the users to have reasonable data (query) output but also to protect the sensitive stably and consistently.

[1] A. Cavoukian, “ Data mining: Staking a claim on your privacy.” Information and Privacy Commissioner/Ontario, pages 1–22, 1998.

[2]M.J. Culnan, “How did they get my name: An exploratory investigation of consumer attitudes towards secondary information use”, MIS Quarterly, volume 17, pages 341–361, 1993.

[3]T. Dalenius,S.P. Reiss, “Data-swapping: A technique for disclosure control”,Journal of Statistical Planning and Inference, 6(1):73–85, 1982.

[4]D.E.R. Denning, Cryptography and Data Security, Addison-Wesley,USA,1982.

[5]V. Estivill-Castro,L. Brankovic, “Data swapping: Balancing privacy against precision in mining for logic rules”, Proc. of Data Warehousing and Knowledge Discovery (DaWaK99), pages 389–398, 1999.

[6]O.H. Gandy Jr. and H.I. Schiller, “ Data mining and surveillance in the post-9.11 environment”, In Political Economy section, IAMCR, pages 1–18, Barcelona,July, 2002.

[7]A. Hundepool,L. Willenborg, “μ- and τ- argus: Software for statistical disclosure control” , Third International Seminar on Statistical Confidentiality, 1996.

[8]A. Hundepool, A. Van deWetering, Ramaswamy R., L. Franconi, S. Polettini, A. Capobianchi, P-P. de Wolf, , J. Domingo-Ferrer, V. Torra, R. Brand, and S. Giessing. “μ-argus version 4.1 software and users manual, 2007b.” http://neon.vb.cbs.nl/casc.

[9]Y. Li, S. Zhu, L. Wang, and S. Jajodia. “ A privacy-enhanced microaggregation method”, In Proc. of 2nd International Symposium on Foundations of Information and Knowledge Systems, pages 148–159, 2002.

[10] Petkovic Milan, Jonker Willem (Eds.), Security, Privacy, and Trust in Modern Data Management,Springer,USA,,2007.
[11]National Security Telecommunications and Information Systems Security Committee, The insider threat to U.S. government information systems, July 1999.

[12]F. Schneider, Trust in cyberspace, National Academy Press, 1999.

[13]Latanya Sweeney, “Guaranteeing anonymity when sharing medical data, the datafly system”, MIT A.I. Working Paper No. AIWP-WP334, May 1997.

[14]Yu-Cheng Chiang, Tsan-Sheng Hsu, Sun Kuo, Churn-Jung Liau and Dai-Wei Wang, “Preserving confidentiality when sharing medical database with the Cellsecu system,” International Journal of Medical Informatics, volume 71, pages 17-23, January 2003.

[15]V.S. Verykios, A.K. Elmagarmid, E. Bertino, Y. Saygin, and E. Dasseni, “Association rule hiding” ,IEEE Trans. Knowl. Data Eng., 16(4):434–447, 2004.

[16]http://zh.wikipedia.org/w/index.php, “維基百科，自由的百科全書”,最近一次訪問日期：2009/06/30。

[17]江育誠, “公開資料庫之個人隱私保護(Protecting Privacy in Public Database) ” ,國立臺灣大學資訊管理研究所碩士論文,台灣,1999。

[18]蔣益庭,江育誠,徐贊昇,廖純中,王大為,“資料隱私保護軟體Cellsecu的實作” ,第二屆離島資訊技術與應用研討會,第341-353頁,2006。