theotherthing: Reviewed the intro

This commit is contained in:
Manos Katsomallos 2021-10-11 21:07:42 +02:00
parent 7db6872640
commit 8c2fd1ebf2

View File

@ -27,11 +27,12 @@ The differentiation among regular and {\thething} events stipulates a privacy bu
Based on this novel event categorization, we designed three models (Section~\ref{subsec:lmdk-mechs}) that achieve {\thething} privacy. Based on this novel event categorization, we designed three models (Section~\ref{subsec:lmdk-mechs}) that achieve {\thething} privacy.
For this, we assumed that the timestamps in the {\thething} set $L$ are not privacy sensitive, and therefore we used them in our models as they were. For this, we assumed that the timestamps in the {\thething} set $L$ are not privacy sensitive, and therefore we used them in our models as they were.
This may pose a direct or indirect privacy threat to the users. This may pose a direct or indirect privacy threat to the data generators (users).
For the former case, we consider the case where we desire to publish $L$ as complimentary information to the release of the event values. For the former, we consider the case where we desire to publish $L$ as complimentary information to the release of the event values.
For the latter, the privacy budget is usually an inseparable attribute of the data release which not only quantifies the privacy guarantee to the data generators (users) but also gives an estimate of the data utility to the data consumers (analysts). For the latter, a potentially adversarial data consumer (analyst) may infer $L$ by observing the values of the privacy budget which is usually an inseparable attribute of the data release as an indicator of the privacy guarantee to the users and as an estimate of the data utility to the data analysts.
Hence, in both cases, a user-defined $L$ which is supposed to facilitate th configurable privacy protection of the user could end up posing a privacy threat to them.
In Example~\ref{ex:lmdk-risk}, we demonstrate the extreme case of the application of the Skip {\thething} privacy model from Figure~\ref{fig:lmdk-skip}, where we approximate {\thethings} and invest all of the available privacy budget to regular events, i.e.,~$\varepsilon_i = 0 \forall i \in L$. In Example~\ref{ex:lmdk-risk}, we demonstrate the extreme case of the application of the Skip {\thething} privacy model from Figure~\ref{fig:lmdk-skip}, where we approximate {\thethings} and invest all of the available privacy budget to regular events, i.e.,~$\varepsilon_i = 0$, $\forall i \in L$.
\begin{example} \begin{example}
\label{ex:lmdk-risk} \label{ex:lmdk-risk}
@ -47,7 +48,7 @@ In Example~\ref{ex:lmdk-risk}, we demonstrate the extreme case of the applicatio
\label{fig:lmdk-risk} \label{fig:lmdk-risk}
\end{figure} \end{figure}
Apart from the privacy budget that we invested at {\thethings}, we can also observe a pattern for the budgets at regular events as well. Apart from the privacy budget that we invested at {\thethings}, we can observe a pattern for the budgets at regular events as well.
Therefore, an adversary who observes the values of the privacy budget can easily infer not only the number but also the exact temporal position of {\thethings}. Therefore, an adversary who observes the values of the privacy budget can easily infer not only the number but also the exact temporal position of {\thethings}.
\end{example} \end{example}