text: OCD
This commit is contained in:
parent
9432e8a5ef
commit
31a58c93e1
@ -86,44 +86,44 @@ We further define two sub-categories applicable to both finite and infinite data
|
|||||||
\subsection{Data processing and publishing}
|
\subsection{Data processing and publishing}
|
||||||
\label{subsec:data-publishing}
|
\label{subsec:data-publishing}
|
||||||
|
|
||||||
We categorize data processing and publishing based on what entity has access to the raw data in the \emph{global} and \emph{local} models.
|
We categorize data processing and publishing based on what entity has access to the raw data in the \emph{global} and \emph{local} schemes.
|
||||||
% \kat{what does the implemented scheme refer to?}
|
% \kat{what does the implemented scheme refer to?}
|
||||||
% \mk{These are the bullet points... I change it}
|
% \mk{These are the bullet points... I change it}
|
||||||
|
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item \emph{Global model} (Figure~\ref{fig:model-global}) dictates the collection, processing and privacy-protection, and then publishing of the data by a central (trusted) entity, e.g.,~\cite{mcsherry2009privacy, blocki2013differentially, johnson2018towards}.
|
\item \emph{Global scheme} (Figure~\ref{fig:scheme-global}) dictates the collection, processing and privacy-protection, and then publishing of the data by a central (trusted) entity, e.g.,~\cite{mcsherry2009privacy, blocki2013differentially, johnson2018towards}.
|
||||||
\item \emph{Local model} (Figure~\ref{fig:model-local}) requires the storage, processing and privacy-protection of data on the side of data generators before sending them to any intermediate or final entity, e.g.,~\cite{andres2013geo, erlingsson2014rappor, katsomallos2017open}.
|
\item \emph{Local scheme} (Figure~\ref{fig:scheme-local}) requires the storage, processing and privacy-protection of data on the side of data generators before sending them to any intermediate or final entity, e.g.,~\cite{andres2013geo, erlingsson2014rappor, katsomallos2017open}.
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
|
|
||||||
\begin{figure}[htp]
|
\begin{figure}[htp]
|
||||||
\centering
|
\centering
|
||||||
\subcaptionbox{Global model\label{fig:model-global}}{%
|
\subcaptionbox{Global scheme\label{fig:scheme-global}}{%
|
||||||
\includegraphics[width=\linewidth]{preliminaries/model-global}%
|
\includegraphics[width=\linewidth]{preliminaries/scheme-global}%
|
||||||
} \\ \bigskip
|
} \\ \bigskip
|
||||||
\subcaptionbox{Local model\label{fig:model-local}}{%
|
\subcaptionbox{Local scheme\label{fig:scheme-local}}{%
|
||||||
\includegraphics[width=\linewidth]{preliminaries/model-local}%
|
\includegraphics[width=\linewidth]{preliminaries/scheme-local}%
|
||||||
}
|
}
|
||||||
\caption{The usual flow of user-generated data, optionally harvested by data publishers, privacy-protected, and released to data consumers, according to the (a)~global, and (b)~local privacy models.}
|
\caption{The usual flow of user-generated data, optionally harvested by data publishers, privacy-protected, and released to data consumers, according to the (a)~global, and (b)~local privacy schemes.}
|
||||||
\label{fig:privacy-models}
|
\label{fig:privacy-schemes}
|
||||||
\end{figure}
|
\end{figure}
|
||||||
|
|
||||||
In the case of location data privacy,
|
In the case of location data privacy,
|
||||||
% the existing literature\kat{do not say literature, but sth related to the data processing and publishing}
|
% the existing literature\kat{do not say literature, but sth related to the data processing and publishing}
|
||||||
data processing and publishing methods are divided in \emph{service-} and \emph{data-}centric~\cite{chow2011trajectory}.
|
data processing and publishing methods are divided in \emph{service-} and \emph{data-}centric~\cite{chow2011trajectory}.
|
||||||
The service-centric methods correspond to scenarios where individuals share their privacy-protected location with a service to get some relevant information (local publishing model).
|
The service-centric methods correspond to scenarios where individuals share their privacy-protected location with a service to get some relevant information (local publishing scheme).
|
||||||
The data-centric methods relate to the publishing of user-generated data to data consumers (global publishing model).
|
The data-centric methods relate to the publishing of user-generated data to data consumers (global publishing scheme).
|
||||||
% \kat{I do not get the data-centric methods.. Can't data-centric be also service centric ? E.g., we publish our data to get back some service? Moreover, what is exactly the link between local and global and service and data centric? One to one ?}
|
% \kat{I do not get the data-centric methods.. Can't data-centric be also service centric ? E.g., we publish our data to get back some service? Moreover, what is exactly the link between local and global and service and data centric? One to one ?}
|
||||||
% \mk{You've just described service-centric :) }
|
% \mk{You've just described service-centric :) }
|
||||||
|
|
||||||
There is a long-standing debate whether the local or the global architectural model is more efficient with respect to not only privacy, but also organizational, economic, and security factors~\cite{king1983centralized}.
|
There is a long-standing debate whether the local or the global architectural scheme is more efficient with respect to not only privacy, but also organizational, economic, and security factors~\cite{king1983centralized}.
|
||||||
On the one hand, in the global privacy model (Figure~\ref{fig:model-global}), the dependence on third-party entities poses the risk of arbitrary privacy leakage from a compromised data publisher.
|
On the one hand, in the global privacy scheme (Figure~\ref{fig:scheme-global}), the dependence on third-party entities poses the risk of arbitrary privacy leakage from a compromised data publisher.
|
||||||
Nonetheless, the expertise of these entities is usually superior to that of the majority of (non-technical) data generators' in terms of understanding privacy permissions/\allowbreak policies and setting-up relevant preferences.
|
Nonetheless, the expertise of these entities is usually superior to that of the majority of (non-technical) data generators' in terms of understanding privacy permissions/\allowbreak policies and setting-up relevant preferences.
|
||||||
Moreover, in the global architecture, less distortion is necessary before publicly releasing the aggregated data set, naturally because the data sets are larger and users can be `hidden' more easily.
|
Moreover, in the global architecture, less distortion is necessary before publicly releasing the aggregated data set, naturally because the data sets are larger and users can be `hidden' more easily.
|
||||||
On the other hand, the local privacy model (Figure~\ref{fig:model-local}) facilitates fine-grained data management, offering to every individual better control over their data~\cite{goldreich1998secure}.
|
On the other hand, the local privacy scheme (Figure~\ref{fig:scheme-local}) facilitates fine-grained data management, offering to every individual better control over their data~\cite{goldreich1998secure}.
|
||||||
Nonetheless, data distortion at an early stage might prove detrimental to the overall utility of the aggregated data set.
|
Nonetheless, data distortion at an early stage might prove detrimental to the overall utility of the aggregated data set.
|
||||||
The so far consensus is that there is no overall optimal solution among the two designs.
|
The so far consensus is that there is no overall optimal solution among the two designs.
|
||||||
Most service-providing companies prefer the global model, mainly for reasons of better management and control over the data, while several privacy advocates support the local privacy model that offers users full control over what and how data are published.
|
Most service-providing companies prefer the global scheme, mainly for reasons of better management and control over the data, while several privacy advocates support the local privacy scheme that offers users full control over what and how data are published.
|
||||||
Although there have been attempts to bridge the gap between them, e.g.,~\cite{bittau2017prochlo}, the global model is considerably better explored and implemented~\cite{satyanarayanan2017emergence}.
|
Although there have been attempts to bridge the gap between them, e.g.,~\cite{bittau2017prochlo}, the global scheme is considerably better explored and implemented~\cite{satyanarayanan2017emergence}.
|
||||||
% For this reason, most of the works in our work span this context.
|
% For this reason, most of the works in our work span this context.
|
||||||
% \kat{this last sentence is out of context for the thesis dissertation. Please, explain why you said all that, but w.r.t. the thesis.}
|
% \kat{this last sentence is out of context for the thesis dissertation. Please, explain why you said all that, but w.r.t. the thesis.}
|
||||||
% \mk{Omitting it seems to resolve the issue}
|
% \mk{Omitting it seems to resolve the issue}
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
\chapter{{\Thething} privacy}
|
\chapter{{\Thething} privacy}
|
||||||
\label{ch:lmdk-prv}
|
\label{ch:lmdk-prv}
|
||||||
|
|
||||||
% Crowdsensing applications
|
% Crowdsensing applications
|
||||||
The plethora of sensors currently embedded in personal devices and other infrastructures have paved the way for the development of numerous \emph{crowdsensing services} (e.g.,~Ring~\cite{ring}, TousAntiCovid~\cite{tousanticovid}, Waze~\cite{waze}, etc.) based on the collected personal, and usually geotagged and timestamped data.
|
The plethora of sensors currently embedded in personal devices and other infrastructures have paved the way for the development of numerous \emph{crowdsensing services} (e.g.,~Ring~\cite{ring}, TousAntiCovid~\cite{tousanticovid}, Waze~\cite{waze}, etc.) based on the collected personal, and usually geotagged and timestamped data.
|
||||||
% Continuously user-generated data
|
% Continuously user-generated data
|
||||||
|
Loading…
Reference in New Issue
Block a user