Download presentation

Presentation is loading. Please wait.

Published byJada Douglas Modified over 2 years ago

1
Wang, Lakshmanan Probabilistic Privacy Analysis of Published Views, WPES'06 Probabilistic Privacy Analysis of Published Views Hui (Wendy) Wang Laks V.S. Lakshmanan University of British Columbia Vancouver, Canada

2
Wang, Lakshmanan Probabilistic Privacy Analysis of Published Views, WPES'06 Motivation Publishing relational data containing personal information Publishing relational data containing personal information Sensitive information: private associations Sensitive information: private associations E.g., Bill gets AIDS E.g., Bill gets AIDS The published data The published data Usage: for data analysis Usage: for data analysis E.g. find out what are the ages that people are more likely to have heart disease E.g. find out what are the ages that people are more likely to have heart disease Privacy concern: hide the private association Privacy concern: hide the private association NameAgeJobDisease Sarah50Artist Heart disease Bill30ArtistAIDS John50Artist

3
Wang, Lakshmanan Probabilistic Privacy Analysis of Published Views, WPES'06 Protection Approach 1 Generalization of base table (k-anonymity, e.g., [Bayardo05], [LeFevre05]) Generalization of base table (k-anonymity, e.g., [Bayardo05], [LeFevre05]) NameAgeJobDisease *[30,50]Artist Heart disease *[30,50]ArtistAIDS *[30,50]Artist The generalized data is USELESS for data analysis! The generalized data is USELESS for data analysis! Revisit the example: what are the ages that people are more likely to have heart disease Revisit the example: what are the ages that people are more likely to have heart disease

4
Wang, Lakshmanan Probabilistic Privacy Analysis of Published Views, WPES'06 Protection Approach 2 Publishing Views (E.g., [Yao05], [Deutch05], [Miklau04]) Publishing Views (E.g., [Yao05], [Deutch05], [Miklau04]) NameAge Sarah50 Bill30 John50AgeJobDisease50Artist Heart disease 30ArtistAIDS 50Artist V1V1V1V1 V2V2V2V2 Private associations may be revealed Private associations may be revealed E.g., V 1 join V 2 Prob(Bill, AIDS) = 1 E.g., V 1 join V 2 Prob(Bill, AIDS) = 1

5
Wang, Lakshmanan Probabilistic Privacy Analysis of Published Views, WPES'06 Problem Set Given a view scheme, whats its probability of leakage of private association?

6
Wang, Lakshmanan Probabilistic Privacy Analysis of Published Views, WPES'06 Our Contributions Define two attack models Define two attack models Propose connectivity graph as the synopsis of the database Propose connectivity graph as the synopsis of the database Based on connectivity graph, for each attack model, derive the probability of information leakage Based on connectivity graph, for each attack model, derive the probability of information leakage

7
Wang, Lakshmanan Probabilistic Privacy Analysis of Published Views, WPES'06 Security Model Private association Private association Form: (ID=I, P=p) Form: (ID=I, P=p) E.g., (Name=Bill, Disease=HIV) E.g., (Name=Bill, Disease=HIV) Can be expressed in SQL Can be expressed in SQL Assumption Assumption For every private association, every ID value is associated with one unique p value in the base table For every private association, every ID value is associated with one unique p value in the base table

8
Wang, Lakshmanan Probabilistic Privacy Analysis of Published Views, WPES'06 Attack Model 1: Unrestricted Model The attacker has no background knowledge The attacker has no background knowledge The attacker can access to the view def. and the view tables The attacker can access to the view def. and the view tables The attack approach The attack approach Construct the candidates of base table Construct the candidates of base table Pick the ones that contain the private association Pick the ones that contain the private association

9
Wang, Lakshmanan Probabilistic Privacy Analysis of Published Views, WPES'06 Example of Unrestricted Model ABC a1b1c1 a2b1c2BCb1c1 b1c2ABa1b1 a2b1 ABCa1b1c1 a2b1c2ABCa1b1c2 a2b1c1 Base table T V1= A, B (T) V2 = B, c (T) Possible world #1 Possible world #2 ABCa1b1c2 a2b1c2 a1b1c1 Possible world #3... There are 7 such possible worlds Attacker knows: Attackerconstructs: For (A=a1, C=c1), attacker picks: There are 5 such interesting worlds X Prob. of privacy breach of (A=a1, C=c1): 5/7

10
Wang, Lakshmanan Probabilistic Privacy Analysis of Published Views, WPES'06 Attack Model 2: Restricted Model The attacker knows the assumption that for every private association, every ID value is associated with one unique p value in the base table The attacker knows the assumption that for every private association, every ID value is associated with one unique p value in the base table Similar approach Similar approach Construct the candidates of base table, s.t., they meet the assumption Construct the candidates of base table, s.t., they meet the assumption Pick the ones that contain the private association Pick the ones that contain the private association

11
Wang, Lakshmanan Probabilistic Privacy Analysis of Published Views, WPES'06 Example of Restricted Model ABC a1b1C1 a2b1c2BCb1c1 b1c2ABa1b1 a2b1 ABCa1b1c1 a2b1c2ABCa1b1c2 a2b1c1 Base table T V1= A, B (T) V2 = B, c (T) Possible world #1 Possible world #2 ABCa1b1 c1c1c1c1 a2b1c2 a2a2a2a2 B1B1B1B1c1 Possible world #3 Attacker knows: For (A=a1, C=c1), Attacker constructs Attacker picks: X Prob. of privacy breach of (A=a1, C=c1): 1/2 ABCa1b1 c2c2c2c2 a2b1c2 a2a2a2a2 B1B1B1B1c1 Possible world #4 X

12
Wang, Lakshmanan Probabilistic Privacy Analysis of Published Views, WPES'06 A Further Step Question Question Given a view scheme and two view tables, how to efficiently calculate the probability? Given a view scheme and two view tables, how to efficiently calculate the probability? Our contributions Our contributions For each attack model, we derived the formulas to quantify the probability For each attack model, we derived the formulas to quantify the probability Details can be found in the paper Details can be found in the paper

13
Wang, Lakshmanan Probabilistic Privacy Analysis of Published Views, WPES'06 Conclusion We defined a general framework to measure the likelihood of privacy breach We defined a general framework to measure the likelihood of privacy breach We proposed two attack models We proposed two attack models For each model, we derived the formulas to calculate the probability of privacy breach For each model, we derived the formulas to calculate the probability of privacy breach

14
Wang, Lakshmanan Probabilistic Privacy Analysis of Published Views, WPES'06 Future Work For the formulas of calculation of the breach probability, find an appropriate approximation For the formulas of calculation of the breach probability, find an appropriate approximation Extend the work to k-view-table case, where k>2 Extend the work to k-view-table case, where k>2

15
Wang, Lakshmanan Probabilistic Privacy Analysis of Published Views, WPES'06 Q & A

16
Wang, Lakshmanan Probabilistic Privacy Analysis of Published Views, WPES'06 More Slides

17
Wang, Lakshmanan Probabilistic Privacy Analysis of Published Views, WPES'06 Example of Probability Calculation ABC a1b1C1 a2b1c2 Base table T V1= A, B (T) V2 = B, c (T) View scheme a1, b1 a2, b1 b1, c1 b1, c2 Connectivity graph Unrestricted model V.S. unrestricted cover Unrestricted model V.S. unrestricted cover Example of unrestricted cover Example of unrestricted cover Restricted model V.S. restricted cover Restricted model V.S. restricted cover Example of restricted cover Example of restricted cover

Similar presentations

© 2016 SlidePlayer.com Inc.

All rights reserved.

Ads by Google