Question: Dorothy E. Denning and Peter J. Denning. "Data Security." ACM Comp. Sum. II. No. 3 (September 1979). A good tutorial on security matters, covering discretionary access controls, mandatory access controls (here called flaw controls), data encryption, and inference controls (the special problem of statistical databases). We offer a few words of explanation regarding the last of these, since they were not discussed in the body of the chapter. A statistical database (in the present context) is a database that permits queries that derive aggregated information (e.g., sums. averages) but not queries that derive individual information. For example, the query "What is the average salary of programmers; might be permitted, while the query "What is the salary of programmer Mary; would not be. The problem with such databases is that it might be possible to make inferences from legal queries to deduce the answer to an illegal one. For example, the following two queries might both be legal:
1. How many female programmers are there aged between 25 and 30, living in Small ville, with a degree in modem languages from the University of Metropolis?
2. What is the average salary of female programmers aged between 25 and 30, living in Small ville, with a degree in modem languages from the University of Metropolis? But if the answer to query Q1 is "one," then the security of the database will be compromised by query Q2. Note: An extended tutorial treatment of such problems, and ap-proaches to their solution, is given by the present author in reference [ 15.4).