data: Done
This commit is contained in:
parent
6240f457e7
commit
9acae8ed67
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -16,9 +16,12 @@ form in \emph{microdata} and \emph{statistical data}.
|
|||||||
% \kat{Use full sentences, even in the bullets. }
|
% \kat{Use full sentences, even in the bullets. }
|
||||||
% \mk{OK}
|
% \mk{OK}
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item \emph{Microdata} are the data items \kat{define data item} in their raw, usually tabular, form pertaining to individuals.
|
\item \emph{Microdata} (Table~\ref{tab:snapshot-micro}) are the data items
|
||||||
|
% \kat{define data item}
|
||||||
|
% \mk{OK}
|
||||||
|
in their raw, usually tabular, form pertaining to individuals.
|
||||||
% or objects \kat{objects?}.
|
% or objects \kat{objects?}.
|
||||||
\item \emph{Statistical data} are the outcome of statistical processes on microdata, e.g.,~average, count, sum, etc.
|
\item \emph{Statistical data} (Table~\ref{tab:snapshot-statistical}) are the outcome of statistical processes on microdata, e.g.,~average, count, sum, etc.
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
|
|
||||||
To accompany and facilitate the descriptions in this chapter, we provide Example~\ref{ex:snapshot} as a running example.
|
To accompany and facilitate the descriptions in this chapter, we provide Example~\ref{ex:snapshot} as a running example.
|
||||||
@ -83,76 +86,95 @@ We further define two sub-categories applicable to both finite and infinite data
|
|||||||
\subsection{Data processing and publishing}
|
\subsection{Data processing and publishing}
|
||||||
\label{subsec:data-publishing}
|
\label{subsec:data-publishing}
|
||||||
|
|
||||||
We categorize data processing and publishing based on the implemented scheme \kat{what does the implemented scheme refer to?}, as:
|
We categorize data processing and publishing based on what entity has access to the raw data in the \emph{global} and \emph{local} models.
|
||||||
|
% \kat{what does the implemented scheme refer to?}
|
||||||
|
% \mk{These are the bullet points... I change it}
|
||||||
|
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item \emph{Global}---data are collected, processed and privacy-protected, and then published by a central (trusted) entity, as for instance in~\cite{mcsherry2009privacy, blocki2013differentially, johnson2018towards}.
|
\item \emph{Global model} (Figure~\ref{fig:model-global}) dictates the collection, processing and privacy-protection, and then publishing of the data by a central (trusted) entity, e.g.,~\cite{mcsherry2009privacy, blocki2013differentially, johnson2018towards}.
|
||||||
\item \emph{Local}---data are stored, processed and privacy-protected on the side of data generators before sending them to any intermediate or final entity, as for instance in~\cite{andres2013geo, erlingsson2014rappor, katsomallos2017open}.
|
\item \emph{Local model} (Figure~\ref{fig:model-local}) requires the storage, processing and privacy-protection of data on the side of data generators before sending them to any intermediate or final entity, e.g.,~\cite{andres2013geo, erlingsson2014rappor, katsomallos2017open}.
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
|
|
||||||
\begin{figure}[htp]
|
\begin{figure}[htp]
|
||||||
\centering
|
\centering
|
||||||
\subcaptionbox{Global scheme\label{fig:scheme-global}}{%
|
\subcaptionbox{Global model\label{fig:model-global}}{%
|
||||||
\includegraphics[width=\linewidth]{preliminaries/scheme-global}%
|
\includegraphics[width=\linewidth]{preliminaries/model-global}%
|
||||||
} \\ \bigskip
|
} \\ \bigskip
|
||||||
\subcaptionbox{Local scheme\label{fig:scheme-local}}{%
|
\subcaptionbox{Local model\label{fig:model-local}}{%
|
||||||
\includegraphics[width=\linewidth]{preliminaries/scheme-local}%
|
\includegraphics[width=\linewidth]{preliminaries/model-local}%
|
||||||
}
|
}
|
||||||
\caption{The usual flow of user-generated data, optionally harvested by data publishers, privacy-protected, and released to data consumers, according to the (a)~global, and (b)~local privacy schemes.}
|
\caption{The usual flow of user-generated data, optionally harvested by data publishers, privacy-protected, and released to data consumers, according to the (a)~global, and (b)~local privacy models.}
|
||||||
\label{fig:privacy-schemes}
|
\label{fig:privacy-models}
|
||||||
\end{figure}
|
\end{figure}
|
||||||
|
|
||||||
In the case of location data privacy, the existing literature\kat{do not say literature, but sth related to the data processing and publishing} is divided in
|
In the case of location data privacy,
|
||||||
\emph{service-} and \emph{data-}centric methods~\cite{chow2011trajectory}.
|
% the existing literature\kat{do not say literature, but sth related to the data processing and publishing}
|
||||||
The service-centric methods correspond to scenarios where individuals share their privacy-protected location with a service to get some relevant information (local publishing scheme).
|
data processing and publishing methods are divided in \emph{service-} and \emph{data-}centric~\cite{chow2011trajectory}.
|
||||||
The data-centric methods relate to the publishing of user-generated data to data consumers (global publishing scheme).
|
The service-centric methods correspond to scenarios where individuals share their privacy-protected location with a service to get some relevant information (local publishing model).
|
||||||
\kat{I do not get the data-centric methods.. Can't data-centric be also service centric ? E.g., we publish our data to get back some service? Moreover, what is exactly the link between local and global and service and data centric? One to one ?}
|
The data-centric methods relate to the publishing of user-generated data to data consumers (global publishing model).
|
||||||
|
% \kat{I do not get the data-centric methods.. Can't data-centric be also service centric ? E.g., we publish our data to get back some service? Moreover, what is exactly the link between local and global and service and data centric? One to one ?}
|
||||||
|
% \mk{You've just described service-centric :) }
|
||||||
|
|
||||||
There is a long-standing debate whether the local or the global architectural scheme is more efficient with respect to not only privacy, but also organizational, economic, and security factors~\cite{king1983centralized}.
|
There is a long-standing debate whether the local or the global architectural model is more efficient with respect to not only privacy, but also organizational, economic, and security factors~\cite{king1983centralized}.
|
||||||
On the one hand, in the global privacy scheme (Figure~\ref{fig:scheme-global}), the dependence on third-party entities poses the risk of arbitrary privacy leakage from a compromised data publisher.
|
On the one hand, in the global privacy model (Figure~\ref{fig:model-global}), the dependence on third-party entities poses the risk of arbitrary privacy leakage from a compromised data publisher.
|
||||||
Nonetheless, the expertise of these entities is usually superior to that of the majority of (non-technical) data generators' in terms of understanding privacy permissions/\allowbreak policies and setting-up relevant preferences.
|
Nonetheless, the expertise of these entities is usually superior to that of the majority of (non-technical) data generators' in terms of understanding privacy permissions/\allowbreak policies and setting-up relevant preferences.
|
||||||
Moreover, in the global architecture, less distortion is necessary before publicly releasing the aggregated data set, naturally because the data sets are larger and users can be `hidden' more easily.
|
Moreover, in the global architecture, less distortion is necessary before publicly releasing the aggregated data set, naturally because the data sets are larger and users can be `hidden' more easily.
|
||||||
On the other hand, the local privacy scheme (Figure~\ref{fig:scheme-local}) facilitates fine-grained data management, offering to every individual better control over their data~\cite{goldreich1998secure}.
|
On the other hand, the local privacy model (Figure~\ref{fig:model-local}) facilitates fine-grained data management, offering to every individual better control over their data~\cite{goldreich1998secure}.
|
||||||
Nonetheless, data distortion at an early stage might prove detrimental to the overall utility of the aggregated data set.
|
Nonetheless, data distortion at an early stage might prove detrimental to the overall utility of the aggregated data set.
|
||||||
The so far consensus is that there is no overall optimal solution among the two designs.
|
The so far consensus is that there is no overall optimal solution among the two designs.
|
||||||
Most service-providing companies prefer the global scheme, mainly for reasons of better management and control over the data, while several privacy advocates support the local privacy scheme that offers users full control over what and how data are published.
|
Most service-providing companies prefer the global model, mainly for reasons of better management and control over the data, while several privacy advocates support the local privacy model that offers users full control over what and how data are published.
|
||||||
Although there have been attempts to bridge the gap between them, e.g.,~\cite{bittau2017prochlo}, the global scheme is considerably better explored and implemented~\cite{satyanarayanan2017emergence}.
|
Although there have been attempts to bridge the gap between them, e.g.,~\cite{bittau2017prochlo}, the global model is considerably better explored and implemented~\cite{satyanarayanan2017emergence}.
|
||||||
For this reason, most of the works in our work span this context.
|
% For this reason, most of the works in our work span this context.
|
||||||
\kat{this last sentence is out of context for the thesis dissertation. Please, explain why you said all that, but w.r.t. the thesis.}
|
% \kat{this last sentence is out of context for the thesis dissertation. Please, explain why you said all that, but w.r.t. the thesis.}
|
||||||
|
% \mk{Omitting it seems to resolve the issue}
|
||||||
|
|
||||||
We distinguish between two publishing modes for private data: \emph{snapshot} and \emph{continuous}. \kat{I do not like that you present some of the categories as bullets and others as plain text. Be consistent in one format.}
|
We distinguish publishing modes for private data between \emph{snapshot} and \emph{continuous}.
|
||||||
In snapshot publishing (also appearing as \emph{one-shot} or \emph{one-off} publishing), the system processes and releases a data set at a specific point in time and thereafter is not concerned anymore with the specific data set.
|
% \kat{I do not like that you present some of the categories as bullets and others as plain text. Be consistent in one format.}
|
||||||
For example, in Figure~\ref{fig:mode-snapshot} (ignore the privacy-preserving step for the moment) individuals send their data to an LBS provider, considering a specific time point.
|
% \mk{You're right}
|
||||||
In continuous data publishing the system computes, and publishes augmented or updated versions of one data set in different time points, and without a predefined duration.
|
|
||||||
In the context of privacy-preserving data publishing, privacy preservation is tightly coupled with the data processing and publishing stages. \kat{This can be the introductory sentence of the sub-section, but does not fit here.}
|
|
||||||
|
|
||||||
As already discussed in Section~\ref{ch:intro}, in this thesis we are studying the continuous data publishing mode, and thus we do not include works considering the snapshot paradigm.
|
|
||||||
We have made this choice because privacy-preserving continuous data publishing is a more complex problem, receiving more and more attention from the scientific community in the recent years, as shown by the increasing number of publications in this area.\kat{this was a good argumentation but for the survey, not for the thesis..}
|
|
||||||
Moreover, the use cases of continuous data publishing abound, with the proliferation of the Internet, sensors, and connected devices, which produce and send to servers huge amounts of continuous personal data in astounding speed.
|
|
||||||
|
|
||||||
We identify two main data processing and publishing modes: \kat{but so far you have already presented other categories for processing and publishing; why do you say here two main modes?}
|
|
||||||
|
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item \emph{Batch}---data are considered in groups in specific time intervals.
|
\item \emph{Snapshot mode} (also appearing as \emph{one-shot} or \emph{one-off} publishing) processes and releases a data set at a specific point in time and thereafter is not concerned anymore with the specific data set.
|
||||||
\item \emph{Streaming}---data are considered per timestamp, infinitely.
|
For example, in Figure~\ref{fig:mode-snapshot} (ignore the privacy-preserving step for the moment) individuals send their data to an LBS provider, considering a specific timestamp.
|
||||||
|
The use cases of continuous data publishing abound, with the proliferation of the Internet, sensors, and connected devices, which produce and send to servers huge amounts of continuous personal data in astounding speed.
|
||||||
|
|
||||||
|
\item \emph{Continuous mode} computes and publishes augmented or updated versions of one data set in different timestamps, and without a predefined duration.
|
||||||
|
In the context of privacy-preserving data publishing, privacy preservation is tightly coupled with the data processing and publishing stages.
|
||||||
|
% \kat{This can be the introductory sentence of the sub-section, but does not fit here.}
|
||||||
|
% \kat{but so far you have already presented other categories for processing and publishing; why do you say here two main modes?}
|
||||||
|
% \mk{Merged it with continuous}
|
||||||
|
|
||||||
|
We further categorize continuous publishing mode into \emph{batch} and \emph{streaming}.
|
||||||
|
\begin{itemize}
|
||||||
|
\item \emph{Batch mode} (Figure~\ref{fig:mode-batch}) considers data in groups in specific time intervals.
|
||||||
|
It is performed (usually offline) over both finite and infinite data
|
||||||
|
\item \emph{Streaming mode} (Figure~\ref{fig:mode-streaming}) processes data per timestamp, infinitely.
|
||||||
|
It is by definition connected to infinite data (usually in real-time).
|
||||||
|
\end{itemize}
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
|
|
||||||
|
% As already discussed in Section~\ref{ch:intro}, in this thesis we are studying the continuous data publishing mode, and thus we do not include works considering the snapshot paradigm.
|
||||||
|
% We have made this choice because privacy-preserving continuous data publishing is a more complex problem, receiving more and more attention from the scientific community in the recent years, as shown by the increasing number of publications in this area.
|
||||||
|
% \kat{this was a good argumentation but for the survey, not for the thesis..}
|
||||||
|
% \mk{Removed}
|
||||||
|
|
||||||
\begin{figure}[htp]
|
\begin{figure}[htp]
|
||||||
\centering
|
\centering
|
||||||
\subcaptionbox{Snapshot mode\label{fig:mode-snapshot}}{%
|
\subcaptionbox{Snapshot mode\label{fig:mode-snapshot}}{%
|
||||||
\includegraphics[width=.4\linewidth]{preliminaries/mode-snapshot}%
|
\includegraphics[width=.49\linewidth]{preliminaries/mode-snapshot}%
|
||||||
} \\ \bigskip\hspace{\fill}
|
} \\ \bigskip\hfill
|
||||||
\subcaptionbox{Batch mode\label{fig:mode-batch}}{%
|
\subcaptionbox{Batch mode\label{fig:mode-batch}}{%
|
||||||
\includegraphics[width=.4\linewidth]{preliminaries/mode-batch}%
|
\includegraphics[width=.49\linewidth]{preliminaries/mode-batch}%
|
||||||
}\hspace{\fill}
|
}\hfill
|
||||||
\subcaptionbox{Streaming mode\label{fig:mode-streaming}}{%
|
\subcaptionbox{Streaming mode\label{fig:mode-streaming}}{%
|
||||||
\includegraphics[width=.4\linewidth]{preliminaries/mode-streaming}%
|
\includegraphics[width=.49\linewidth]{preliminaries/mode-streaming}%
|
||||||
}\hspace{\fill}
|
}\hfill
|
||||||
\caption{The different data processing and publishing modes of continuously generated data sets.
|
\caption{
|
||||||
|
The different data processing and publishing modes of continuously generated data sets.
|
||||||
(a)~Snapshot publishing, (b)~continuous publishing--batch mode, and (c)~continuous publishing--streaming mode.
|
(a)~Snapshot publishing, (b)~continuous publishing--batch mode, and (c)~continuous publishing--streaming mode.
|
||||||
$\pmb{o}_x$ denotes the privacy-protected version of the data set $D_x$ or statistics thereof, while `\dots' denote the continuous data generation and/or publishing, where applicable.
|
$\pmb{o}_x$ denotes the privacy-protected version of the data set $D_x$ or statistics thereof, while `\dots' denote the continuous data generation and/or publishing, where applicable.
|
||||||
Depending on the data observation span, $n$ can either be finite or tend to infinity. \kat{We cannot see in these scenarios the continuous querying of the same snapshot.}}
|
Depending on the data observation span, $n$ can either be finite or tend to infinity.
|
||||||
|
% \kat{We cannot see in these scenarios the continuous querying of the same snapshot.}
|
||||||
|
% \mk{Does this appear anywhere in the literature?}
|
||||||
|
}
|
||||||
\label{fig:privacy-modes}
|
\label{fig:privacy-modes}
|
||||||
\end{figure}
|
\end{figure}
|
||||||
|
|
||||||
Batch data processing and publishing (Figure~\ref{fig:mode-batch}) is performed (usually offline) over both finite and infinite data, while streaming processing and publishing (Figure~\ref{fig:mode-streaming}) is by definition connected to infinite data (usually in real-time).
|
|
||||||
|
Loading…
Reference in New Issue
Block a user