From 79771e04ce6aae23e14df837350127d55883bbd4 Mon Sep 17 00:00:00 2001 From: Manos Katsomallos Date: Sun, 5 Sep 2021 11:12:01 +0300 Subject: [PATCH] privacy: Reviewed subsec:prv-attacks --- text/preliminaries/privacy.tex | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/text/preliminaries/privacy.tex b/text/preliminaries/privacy.tex index 87be559..6f072ae 100644 --- a/text/preliminaries/privacy.tex +++ b/text/preliminaries/privacy.tex @@ -4,7 +4,7 @@ \subsection{Information disclosure} \label{subsec:prv-info-dscl} -When personal data are publicly released, either as microdata or statistical data, individuals' privacy can be compromised, i.e,~an adversary becomes certain about an individual's personal information with a probability higher than a desired threshold. +When personal data are publicly released, either as microdata or statistical data, individuals' privacy can be compromised, i.e,~an adversary becomes certain about an individual's \emph{sensitive attribute}, i.e.,~personal information, with a probability higher than a desired threshold. In the literature, this compromise\kat{do you want to say 'peril', 'risk' instead of compromise ?} is known as \emph{information disclosure} and is usually categorized as (\cite{li2007t, wang2010privacy, narayanan2008robust}): \begin{itemize} @@ -30,11 +30,22 @@ In its general form, this is known as \emph{adversarial} or \emph{linkage} attac Even though many works directly refer to the general category of linkage attacks, we distinguish also the following sub-categories: \begin{itemize} - \item \emph{Sensitive attribute domain knowledge} \kat{sensitive attribute not defined} can result in \emph{homogeneity and skewness} attacks~\cite{machanavajjhala2006diversity,li2007t}, when statistics of the sensitive attribute values are available, and \emph{similarity attack}, when semantics of the sensitive attribute values are available. - \item \emph{Complementary release attacks}~\cite{sweeney2002k} with regard to previous releases of different versions of the same and/or related data sets\kat{please rewrite as a full sentence}. + \item \emph{Sensitive attribute domain knowledge} + % \kat{sensitive attribute not defined} + % \mk{Done in subsec:prv-info-dscl} + can result in \emph{homogeneity and skewness} attacks~\cite{machanavajjhala2006diversity,li2007t}, when statistics of the sensitive attribute values are available, and \emph{similarity attack}, when semantics of the sensitive attribute values are available. + \item \emph{Complementary release attacks}~\cite{sweeney2002k} take place when attackers take into account previous releases of different versions of the same and/or related data sets. + % \kat{please rewrite as a full sentence} In this category, we also identify the \emph{unsorted matching} attack~\cite{sweeney2002k}, which is achieved when two privacy-protected versions of an original data set are published in the same tuple ordering. - Other instances include: (i)~the \emph{join} attack~\cite{wang2006anonymizing}, when tuples can be identified by joining (on the (quasi-)identifiers) \kat{not defined} several releases, (ii)~the \emph{tuple correspondence} attack~\cite{fung2008anonymity}, when in case of incremental data certain tuples correspond to certain tuples in other releases, in an injective way, (iii)~the \emph{tuple equivalence} attack~\cite{he2011preventing}, when tuples among different releases are found to be equivalent with respect to the sensitive attribute, and (iv)~the \emph{unknown releases} attack~\cite{shmueli2015privacy}, when the privacy preservation is performed without knowing the previously privacy-protected data sets.\kat{can you elaborate on the last one?} - \item \emph{Data dependence} \kat{please rewrite as a full sentence} either within one data set or among one data set and previous data releases, and/or other external sources~\cite{kifer2011no, chen2014correlated, liu2016dependence, zhao2017dependent}. + Other instances include: (i)~the \emph{join} attack~\cite{wang2006anonymizing}, when tuples can be identified by joining (on the non uniquely identifying attributes, i.e.,~\emph{quasi-identifiers}) + % \kat{not defined} + several releases, (ii)~the \emph{tuple correspondence} attack~\cite{fung2008anonymity}, when in case of incremental data certain tuples correspond to certain tuples in other releases, in an injective way, (iii)~the \emph{tuple equivalence} attack~\cite{he2011preventing}, when tuples among different releases are found to be equivalent with respect to the sensitive attribute, and (iv)~the \emph{unknown releases} attack~\cite{shmueli2015privacy}, when the privacy preservation is performed without taking into account previous data releases. + % knowing the previously privacy-protected data sets. + % \kat{can you elaborate on the last one?} + \item \emph{Data dependence} + % \kat{please rewrite as a full sentence} + that may exist + either within one data set or among one data set and previous data releases, and/or other external sources~\cite{kifer2011no, chen2014correlated, liu2016dependence, zhao2017dependent}. We will look into this category in more detail later in Section~\ref{sec:correlation}. \end{itemize}