manos/the-last-thing
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

privacy: Reviewed subsec:prv-attacks

Browse Source
This commit is contained in:
Manos Katsomallos 2021-09-05 11:12:01 +03:00
parent 744bed7ac1
commit 79771e04ce
1 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
text/preliminaries/privacy.tex
View File

@ -4,7 +4,7 @@
\subsection{Information disclosure}
\label{subsec:prv-info-dscl}
When personal data are publicly released, either as microdata or statistical data, individuals' privacy can be compromised, i.e,~an adversary becomes certain about an individual's personal information with a probability higher than a desired threshold.
When personal data are publicly released, either as microdata or statistical data, individuals' privacy can be compromised, i.e,~an adversary becomes certain about an individual's \emph{sensitive attribute}, i.e.,~personal information, with a probability higher than a desired threshold.
In the literature, this compromise\kat{do you want to say 'peril', 'risk' instead of compromise ?} is known as \emph{information disclosure} and is usually categorized as (\cite{li2007t, wang2010privacy, narayanan2008robust}):
\begin{itemize}
@ -30,11 +30,22 @@ In its general form, this is known as \emph{adversarial} or \emph{linkage} attac
Even though many works directly refer to the general category of linkage attacks, we distinguish also the following sub-categories:
\begin{itemize}
\item \emph{Sensitive attribute domain knowledge} \kat{sensitive attribute not defined} can result in \emph{homogeneity and skewness} attacks~\cite{machanavajjhala2006diversity,li2007t}, when statistics of the sensitive attribute values are available, and \emph{similarity attack}, when semantics of the sensitive attribute values are available.
\item \emph{Complementary release attacks}~\cite{sweeney2002k} with regard to previous releases of different versions of the same and/or related data sets\kat{please rewrite as a full sentence}.
\item \emph{Sensitive attribute domain knowledge}
% \kat{sensitive attribute not defined}
% \mk{Done in subsec:prv-info-dscl}
can result in \emph{homogeneity and skewness} attacks~\cite{machanavajjhala2006diversity,li2007t}, when statistics of the sensitive attribute values are available, and \emph{similarity attack}, when semantics of the sensitive attribute values are available.
\item \emph{Complementary release attacks}~\cite{sweeney2002k} take place when attackers take into account previous releases of different versions of the same and/or related data sets.
% \kat{please rewrite as a full sentence}
In this category, we also identify the \emph{unsorted matching} attack~\cite{sweeney2002k}, which is achieved when two privacy-protected versions of an original data set are published in the same tuple ordering.
Other instances include: (i)~the \emph{join} attack~\cite{wang2006anonymizing}, when tuples can be identified by joining (on the (quasi-)identifiers) \kat{not defined} several releases, (ii)~the \emph{tuple correspondence} attack~\cite{fung2008anonymity}, when in case of incremental data certain tuples correspond to certain tuples in other releases, in an injective way, (iii)~the \emph{tuple equivalence} attack~\cite{he2011preventing}, when tuples among different releases are found to be equivalent with respect to the sensitive attribute, and (iv)~the \emph{unknown releases} attack~\cite{shmueli2015privacy}, when the privacy preservation is performed without knowing the previously privacy-protected data sets.\kat{can you elaborate on the last one?}
\item \emph{Data dependence} \kat{please rewrite as a full sentence} either within one data set or among one data set and previous data releases, and/or other external sources~\cite{kifer2011no, chen2014correlated, liu2016dependence, zhao2017dependent}.
Other instances include: (i)~the \emph{join} attack~\cite{wang2006anonymizing}, when tuples can be identified by joining (on the non uniquely identifying attributes, i.e.,~\emph{quasi-identifiers})
% \kat{not defined}
several releases, (ii)~the \emph{tuple correspondence} attack~\cite{fung2008anonymity}, when in case of incremental data certain tuples correspond to certain tuples in other releases, in an injective way, (iii)~the \emph{tuple equivalence} attack~\cite{he2011preventing}, when tuples among different releases are found to be equivalent with respect to the sensitive attribute, and (iv)~the \emph{unknown releases} attack~\cite{shmueli2015privacy}, when the privacy preservation is performed without taking into account previous data releases.
% knowing the previously privacy-protected data sets.
% \kat{can you elaborate on the last one?}
\item \emph{Data dependence}
% \kat{please rewrite as a full sentence}
that may exist
either within one data set or among one data set and previous data releases, and/or other external sources~\cite{kifer2011no, chen2014correlated, liu2016dependence, zhao2017dependent}.
We will look into this category in more detail later in Section~\ref{sec:correlation}.
\end{itemize}