No Access

PRIVACY RISK ASSESSMENT WITH BOUNDS DEDUCED FROM BOUNDS

School of Information Systems, Singapore Management University, 80 Stamford Road, Singapore 178902, Singapore

and

Department of Operations & Management Information Systems, Leavey School of Business, Santa Clara University, Santa Clara, California 95053-0382, USA

Search for more papers by this author

https://doi.org/10.1142/S0218488511007180Cited by:1 (Source: Crossref)

Abstract

As more and more organizations collect, store, and release large amounts of personal information, it is increasingly important for the organizations to conduct privacy risk assessment so as to comply with various emerging privacy laws and meet information providers' demands. Existing statistical database security and inference control solutions may not be appropriate for protecting privacy in many new uses of data as these methods tend to be either less or over-restrictive in disclosure limitation or are prohibitively complex in practice. We address a fundamental question in privacy risk assessment which asks: how to accurately derive bounds for protected information from inaccurate released information or, more particularly, from bounds of released information. We give an explicit formula for calculating such bounds from bounds, which we call square bounds or S-bounds. Classic F-bounds in statistics become a special case of S-bounds when all released bounds retrograde to exact values. We propose a recursive algorithm to extend our S-bounds results from two dimensions to high dimensions. To assess privacy risk for a protected database of personal information given some bounds of released information, we define typical privacy disclosure measures. For each type of disclosure, we investigate the distribution patterns of privacy breaches as well as effective and efficient controls that can be used to eliminate privacy risk, both based on our S-bounds results.

Keywords:

References

G. Duncan, Science 317, 1178 (2007), DOI: 10.1126/science.1143464. Crossref, Web of Science, Google Scholar
National Research Council , Engaging privacy and information technology in a digital age ( National Academies Press , Washington D.C. , 2007 ) . Google Scholar
The Royal Academy of Engineering , Dilemmas of privacy and surveillance: Challenges of techological change ( London , 2007 ) . Google Scholar
J. Kaiser, Science 305, 168 (2004), DOI: 10.1126/science.305.5681.168. Crossref, Web of Science, Google Scholar
D. E. Denning, J. Schlörer and E. Wehrle, Memoryless inference controls for statistical databases, IEEE Symp. Security and Privacy pp. 38–45. Google Scholar
L.-Y. Wang, S. Jajodia and D. Wijesekera, Securing olap data cubes against privacy breaches, IEEE Symp. Security and Privacy pp. 161–172. Google Scholar
Y.-J. Li, H.-B. Lu and R. H. Deng, Practical inference control for data cubes (extended abstract), IEEE Symp. Security and Privacy pp. 115–120. Google Scholar
P. Samarati and L. Sweeney, Protecting privacy when disclosing information: K-anonymity and its enforcement through generalization and suppression, Technical report, SRI International, 1998 . Google Scholar
T. Dalenius and D. Denning, A hybrid scheme for statistical release, Technical report, Computer Science Department, Purdue University, 1979 . Google Scholar
B. Sturmfels, Week 1: Two-way contingency tables, in John von Neumann Lectures 2003 at the Technical University München , http://www-m10.mathematik.tumuenchen.de/neumann/lecturenotes/neumann_week1.pdf . Google Scholar
A. Dobra, A. Karr and A. Sanil, Statistics and Computing 13, 363 (2003), DOI: 10.1023/A:1025671023941. Crossref, Web of Science, Google Scholar
P. B. Massell , Using linear programming for cell suppression in statistical tables: Theory and practice , Proc. Annual Meeting of the American Statistical Association . Google Scholar
M. Fréchet , Les Probabilities, Associées a un Système d' Événments Compatibles et Dépendants ( Hermann & Cie , Paris , 1940 ) . Google Scholar
W. Hoeffding, Scale-Invariant Correlation Theory, Scheriften des Mathematischen Instituts und des Instituts für Angewandte Mathematik der Universität Berlin5 (Berlin, 1940) pp. 181–233. Google Scholar
C. E. Bonferroni, Teoria Statistica delle Classi e Calcolo delle Probabilitá 8 (Publicazioni del R. Instituto Superiore di Scienze Economiche e Commerciali di Firenze, Florence, Italy, 1936) pp. 1–62. Google Scholar
S. Fienberg, Fréchet and Bonferroni bounds for multi-way tables of counts with applications to disclosure limitation, Proc. Conf. Statistical Data Protection pp. 115–129. Google Scholar
L. Buzzigoli and A. Giusti, An algorithm to calculate the lower and upper bounds of the elements of an array given its marginals, Proc. Conf. Statistical Data Protection pp. 131–147. Google Scholar
A. Dobra and S. E. Fienberg, Proc. National Academy of Sciences of the United States of America 97, 11885 (2000), DOI: 10.1073/pnas.97.22.11885. Crossref, Web of Science, Google Scholar
A. Dobra and S. E. Fienberg, Statistical Journal of the United States 18, 363 (2001). Google Scholar
L. H. Cox, Bounding entries in 3-dimensional contingency tables, Inference Control in Statistical Databases: From Theory to Practice, LNCS 2316 pp. 21–33. Google Scholar
L. H. Cox, J. Statistical Planning and Inference 117, 251 (2003), DOI: 10.1016/S0378-3758(02)00392-0. Crossref, Web of Science, Google Scholar
L. Sweeney, Int. J. Uncertainty, Fuzziness and Knowledge-Based Systems 10, 557 (2002), DOI: 10.1142/S0218488502001648. Link, Web of Science, Google Scholar
A. Machanavajjhalaet al., l-diversity: Privacy beyond k-anonymity, ICDE pp. 24–35. Google Scholar
N.-H. Li, T.-C. Li and S. Venkatasubramanian, t-closeness: Privacy beyond k-anonymity and l-diversity, ICDE pp. 106–115. Google Scholar
G. Lebanonet al., Beyond -anonymity: A decision theoretic framework for assessing privacy risk, Privacy in Statistical Databases pp. 217–232. Google Scholar
L. L. Beck, ACM Trans. Database Syst. 5, 316 (1980), DOI: 10.1145/320613.320617. Crossref, Google Scholar
J. Schlörer, ACM Trans. Database Syst. 6, 95 (1981). Crossref, Web of Science, Google Scholar
J. F. Traub, Y.-C. Yemini and H. Wozniakowski, ACM Trans. Database Syst. 9, 672 (1984), DOI: 10.1145/1994.383392. Crossref, Web of Science, Google Scholar
K. Muralidhar and R. Sarathy, Management Sciences 45, 1399 (1999), DOI: 10.1287/mnsc.45.10.1399. Crossref, Web of Science, Google Scholar
Z.-L. Huang, W.-L. Du and B. Chen, Deriving private information from randomized data, SIGMOD Conference pp. 37–48. Google Scholar
L. H. Cox, J. Am. Stat. Assoc. 75, 377 (1980), DOI: 10.2307/2287463. Crossref, Web of Science, Google Scholar
F. Y. L. Chin and G. Özsoyoglu, ACM Trans. Database Syst. 6, 113 (1981), DOI: 10.1145/319540.319558. Crossref, Web of Science, Google Scholar
T.-A. Su, J.-Y. Chung and G. Özsoyoglu, On the cell suppression by merging technique in the lattice model of summary tables, IEEE Symposium on Security and Privacy pp. 126–137. Google Scholar
D. P. Dobkin, A. K. Jones and R. J. Lipton, ACM Trans. Database Syst. 4, 97 (1979), DOI: 10.1145/320064.320068. Crossref, Google Scholar
G. T. Duncan and S. Mukherjee, Microdata disclosure limitation in statistical databases: Query size and random sample query control, IEEE Symp. Security and Privacy pp. 278–287. Google Scholar
T. D. Friedman and L. J. Hoffman, Towards a fail-safe approach to secure databases, IEEE Symp. Security and Privacy pp. 18–21. Google Scholar
N. R. Adam and J. C. Wortmann, ACM Computing Surveys 21, 515 (1989), DOI: 10.1145/76894.76895. Crossref, Web of Science, Google Scholar
F. Y. L. Chin and G. Özsoyoglu, IEEE Trans. Software Eng. 8, 574 (1982). Web of Science, Google Scholar
F. Y. L. Chin, P. Kossowski and S. C. Loh, Theor. Comput. Sci. 32, 77 (1984), DOI: 10.1016/0304-3975(84)90025-2. Crossref, Web of Science, Google Scholar
F. Y. L. Chin, J. ACM 33, 451 (1986), DOI: 10.1145/5925.5928. Crossref, Web of Science, Google Scholar
J. M. Kleinberg, C. H. Papadimitriou and P. Raghavan, Auditing boolean attributes, PODS pp. 86–91. Google Scholar
Y.-J. Liet al., Auditing interval-based inference, CAiSE pp. 553–567. Google Scholar
L.-Y. Wanget al., Precisely answering multidimensional range queries without privacy breaches, ESORICS pp. 100–115. Google Scholar
J. A. Goguen and J. Meseguer, Unwinding and inference control, IEEE Symp. Security and Privacy pp. 75–87. Google Scholar
J. A. Goguen and J. Meseguer, Security policies and security models, IEEE Symp. Security and Privacy pp. 11–20. Google Scholar
D. E. Denninget al., A multilevel relational data model, IEEE Symp. Security and Privacy pp. 220–234. Google Scholar
T.-A. Su and G. Özsoyoglu, Data dependencies and inference control in multilevel relational database systems, IEEE Symp. Security and Privacy pp. 202–211. Google Scholar
T. Hinke, Inference aggregation detection in database management systems, IEEE Symp. Security and Privacy pp. 96–106. Google Scholar
T. F. Lunt, Aggregation and inference: Facts and fallacies, IEEE Symposium on Security and Privacy pp. 102–109. Google Scholar
T. D. Garvey, T. F. Lunt and M. E. Stickel, Abductive and approximate reasoning models for characterizing inference channels, CSFW pp. 118–126. Google Scholar
X.-L. Qianet al., Detection and elimination of inference channels in multilevel relational database systems, IEEE Symp. Security and Privacy pp. 196–205. Google Scholar
J. Staddon, Dynamic inference control, DMKD pp. 94–100. Google Scholar
J. Biskup and J.-H. Lochner, Enforcing confidentiality in relational databases by reducing inference control to access control, ISC pp. 407–422. Google Scholar
D. P. Woodruff and J. Staddon, Private inference control, ACM Conf. Computer and Communications Security pp. 188–197. Google Scholar
J. Staddon, P. Golle and B. Zimny, Web-based inference detection, 16th USENIX Security Symposium pp. 71–86. Google Scholar
E. Bertino, Purpose based access control for privacy protection in database systems, DASFAA p. 2. Google Scholar
J.-W. Byun, E. Bertino and N.-H. Li, Purpose based access control of complex data for privacy protection, SACMAT pp. 102–110. Google Scholar
E. Bertino, J.-W. Byun and N.-H. Li, Privacy-preserving database systems, FOSAD pp. 178–206. Google Scholar
Q. Niet al., Conditional privacy-aware role based access control, ESORICS pp. 72–89. Google Scholar
D. Kifer and J. Gehrke, Injecting utility into anonymized datasets, SIGMOD Conference pp. 217–228. Google Scholar
S. Chowdhuryet al., Management Science 45, 1710 (1999), DOI: 10.1287/mnsc.45.12.1710. Crossref, Web of Science, Google Scholar