database management system (DBMS), 310 | retrieved data, 330 requested data, 330 | front end, 310 | allowed data, 330 | field, 310 | inference, 331 | element, 310 | direct inference, 332 | record, 310 | indirect inference, 333 | attribute, 310 | inference by sum, 334 | schema, 310 | inference by count, 334 | subschema, 310 | inference by median, 334 | relation, 311 | tracker inference, 335 | query, 312 | linear system inference, 337 | project, 313 | statistical inference, 337 | select, 313 | limited response suppression, 338 | join, 313 | combining results to suppress, 338 | database integrity, 315 | revealing a random sample, 339 | element integrity, 315 | random perturbation of data, 339 | access control, 315 | restricting output by query analysis, 340 | user authentication, 315 | aggregation, 341 | auditability , 318 | multilevel databases, 343 | availability, 319 | granularity of control, 344 | sensitive data, 319 | multilevel integrity, 345 | availability of data, 319 | multilevel secrecy , 345 | access control decision, 319 | polyinstantiation, 345 | disclosure, 326 | partitioned database, 346 | exact disclosure, 329 | encryption, 347 | bounded disclosure, 329 | integrity lock, 348 | negative disclosure, 329 | sensitivity lock, 349 | probable value disclosure, 330 | trusted front end, 350 | disclosure of existence, 330 | commutative filter, 352 | security, 330 | query modification, 352 | precision, 330 | window, 354 | revealed data, 330 | view, 354 | |