privacy: Reviewed subsec:prv-attacks

This commit is contained in:
Manos Katsomallos 2021-09-05 11:12:01 +03:00
parent 744bed7ac1
commit 79771e04ce

View File

@ -4,7 +4,7 @@
\subsection{Information disclosure} \subsection{Information disclosure}
\label{subsec:prv-info-dscl} \label{subsec:prv-info-dscl}
When personal data are publicly released, either as microdata or statistical data, individuals' privacy can be compromised, i.e,~an adversary becomes certain about an individual's personal information with a probability higher than a desired threshold. When personal data are publicly released, either as microdata or statistical data, individuals' privacy can be compromised, i.e,~an adversary becomes certain about an individual's \emph{sensitive attribute}, i.e.,~personal information, with a probability higher than a desired threshold.
In the literature, this compromise\kat{do you want to say 'peril', 'risk' instead of compromise ?} is known as \emph{information disclosure} and is usually categorized as (\cite{li2007t, wang2010privacy, narayanan2008robust}): In the literature, this compromise\kat{do you want to say 'peril', 'risk' instead of compromise ?} is known as \emph{information disclosure} and is usually categorized as (\cite{li2007t, wang2010privacy, narayanan2008robust}):
\begin{itemize} \begin{itemize}
@ -30,11 +30,22 @@ In its general form, this is known as \emph{adversarial} or \emph{linkage} attac
Even though many works directly refer to the general category of linkage attacks, we distinguish also the following sub-categories: Even though many works directly refer to the general category of linkage attacks, we distinguish also the following sub-categories:
\begin{itemize} \begin{itemize}
\item \emph{Sensitive attribute domain knowledge} \kat{sensitive attribute not defined} can result in \emph{homogeneity and skewness} attacks~\cite{machanavajjhala2006diversity,li2007t}, when statistics of the sensitive attribute values are available, and \emph{similarity attack}, when semantics of the sensitive attribute values are available. \item \emph{Sensitive attribute domain knowledge}
\item \emph{Complementary release attacks}~\cite{sweeney2002k} with regard to previous releases of different versions of the same and/or related data sets\kat{please rewrite as a full sentence}. % \kat{sensitive attribute not defined}
% \mk{Done in subsec:prv-info-dscl}
can result in \emph{homogeneity and skewness} attacks~\cite{machanavajjhala2006diversity,li2007t}, when statistics of the sensitive attribute values are available, and \emph{similarity attack}, when semantics of the sensitive attribute values are available.
\item \emph{Complementary release attacks}~\cite{sweeney2002k} take place when attackers take into account previous releases of different versions of the same and/or related data sets.
% \kat{please rewrite as a full sentence}
In this category, we also identify the \emph{unsorted matching} attack~\cite{sweeney2002k}, which is achieved when two privacy-protected versions of an original data set are published in the same tuple ordering. In this category, we also identify the \emph{unsorted matching} attack~\cite{sweeney2002k}, which is achieved when two privacy-protected versions of an original data set are published in the same tuple ordering.
Other instances include: (i)~the \emph{join} attack~\cite{wang2006anonymizing}, when tuples can be identified by joining (on the (quasi-)identifiers) \kat{not defined} several releases, (ii)~the \emph{tuple correspondence} attack~\cite{fung2008anonymity}, when in case of incremental data certain tuples correspond to certain tuples in other releases, in an injective way, (iii)~the \emph{tuple equivalence} attack~\cite{he2011preventing}, when tuples among different releases are found to be equivalent with respect to the sensitive attribute, and (iv)~the \emph{unknown releases} attack~\cite{shmueli2015privacy}, when the privacy preservation is performed without knowing the previously privacy-protected data sets.\kat{can you elaborate on the last one?} Other instances include: (i)~the \emph{join} attack~\cite{wang2006anonymizing}, when tuples can be identified by joining (on the non uniquely identifying attributes, i.e.,~\emph{quasi-identifiers})
\item \emph{Data dependence} \kat{please rewrite as a full sentence} either within one data set or among one data set and previous data releases, and/or other external sources~\cite{kifer2011no, chen2014correlated, liu2016dependence, zhao2017dependent}. % \kat{not defined}
several releases, (ii)~the \emph{tuple correspondence} attack~\cite{fung2008anonymity}, when in case of incremental data certain tuples correspond to certain tuples in other releases, in an injective way, (iii)~the \emph{tuple equivalence} attack~\cite{he2011preventing}, when tuples among different releases are found to be equivalent with respect to the sensitive attribute, and (iv)~the \emph{unknown releases} attack~\cite{shmueli2015privacy}, when the privacy preservation is performed without taking into account previous data releases.
% knowing the previously privacy-protected data sets.
% \kat{can you elaborate on the last one?}
\item \emph{Data dependence}
% \kat{please rewrite as a full sentence}
that may exist
either within one data set or among one data set and previous data releases, and/or other external sources~\cite{kifer2011no, chen2014correlated, liu2016dependence, zhao2017dependent}.
We will look into this category in more detail later in Section~\ref{sec:correlation}. We will look into this category in more detail later in Section~\ref{sec:correlation}.
\end{itemize} \end{itemize}