diff --git a/graphics/related/rel-atk.pdf b/graphics/related/rel-atk.pdf index d51f7f3..25f78e7 100644 Binary files a/graphics/related/rel-atk.pdf and b/graphics/related/rel-atk.pdf differ diff --git a/tables/related/micro.tex b/tables/related/micro.tex index 3f16ebd..0f40d8a 100644 --- a/tables/related/micro.tex +++ b/tables/related/micro.tex @@ -28,7 +28,7 @@ \hyperlink{li2016hybrid}{Li et al.} & finite & batch & global & user & compl. release & generalization, & $l$-diversity \\ \cite{li2016hybrid} & & & & & (unknown releases) & randomization & \\ \hdashline - \hyperlink{erdogdu2015privacy}{Erdogdu and} & finite & batch/ & local & user & dependence & randomization & - \\ + \hyperlink{erdogdu2015privacy}{Erdogdu and} & finite & batch/ & local & user & correlation & randomization & - \\ \hyperlink{erdogdu2015privacy}{Fawaz}~\cite{erdogdu2015privacy} & & streaming & & & (temporal) & & \\ \hdashline \hyperlink{jiang2013publishing}{Jiang et al.} & finite & batch & global & event & linkage & perturbation & differential \\ @@ -37,7 +37,7 @@ \hyperlink{chen2011differentially}{Chen et al.} & finite & batch & global & user & linkage & perturbation & differential \\ \cite{chen2011differentially} & (sequential) & & & & & (Laplace) & privacy \\ \hdashline - \hyperlink{xiao2015protecting}{Xiao et al.} & finite & batch & local & user & dependence & perturbation (multi- & differential \\ + \hyperlink{xiao2015protecting}{Xiao et al.} & finite & batch & local & user & correlation & perturbation (multi- & differential \\ \cite{xiao2015protecting} & (sequential) & & & & (temporal) & variate Laplace) & privacy \\ \hdashline \hyperlink{primault2015time}{\emph{Promesse}} & finite & batch & local & event & linkage & perturbation & - \\ @@ -46,7 +46,7 @@ \hyperlink{gursoy2018differentially}{\emph{DP-Star}} & finite & batch & global & user & linkage & perturbation & differential \\ \cite{gursoy2018differentially} & (sequential) & & & & & (Laplace) & privacy \\ \hdashline - \hyperlink{ou2018optimal}{\emph{FGS-Pufferfish}} & finite & batch & local & event & dependence & perturbation & differential \\ + \hyperlink{ou2018optimal}{\emph{FGS-Pufferfish}} & finite & batch & local & event & correlation & perturbation & differential \\ \cite{ou2018optimal} & (sequential) & & & & (temporal) & (Laplace) & privacy \\ \midrule @@ -69,25 +69,25 @@ \hyperlink{zhou2009continuous}{Zhou et al.} & infinite & streaming & global & event & same with & generalization, & $k$-anonymity \\ \cite{zhou2009continuous} & & & & & $k$-anonymity~\cite{sweeney2002k} & randomization & \\ \hdashline - \hyperlink{gotz2012maskit}{\emph{MaskIt}} & infinite & streaming & local & event & dependence & suppression & - \\ + \hyperlink{gotz2012maskit}{\emph{MaskIt}} & infinite & streaming & local & event & correlation & suppression & - \\ \cite{gotz2012maskit} & & & & & (temporal) & & \\ \hdashline - \hyperlink{ma2017plp}{\emph{PLP}} & infinite & streaming & local & event & dependence & suppression & - \\ + \hyperlink{ma2017plp}{\emph{PLP}} & infinite & streaming & local & event & correlation & suppression & - \\ \cite{ma2017plp} & & & & & (spatiotemporal) & & \\ \hdashline - \hyperlink{al2018adaptive}{Al-Dhubhani and} & infinite & streaming & local & event & dependence & perturbation (multi- & geo-indistin- \\ + \hyperlink{al2018adaptive}{Al-Dhubhani and} & infinite & streaming & local & event & correlation & perturbation (multi- & geo-indistin- \\ \hyperlink{al2018adaptive}{Cazalas}~\cite{al2018adaptive} & (sequential) & & & & (temporal) & variate Laplace) & guishability \\ \hdashline - \hyperlink{ghinita2009preventing}{Ghinita et al.} & infinite & streaming & local/ & event & dependence & generalization, & - \\ + \hyperlink{ghinita2009preventing}{Ghinita et al.} & infinite & streaming & local/ & event & correlation & generalization, & - \\ \cite{ghinita2009preventing} & (sequential) & & global & & (spatiotemporal) & perturbation & \\ \hdashline \hyperlink{ye2017trajectory}{Ye et al.} & infinite & streaming & global & event & linkage & generalization & $l$-diversity \\ \cite{ye2017trajectory} & (sequential) & & & & & & \\ \hdashline - \hyperlink{cao2017quantifying}{Cao et al.} & infinite & streaming & global & user/ & dependence & perturbation & differential \\ + \hyperlink{cao2017quantifying}{Cao et al.} & infinite & streaming & global & user/ & correlation & perturbation & differential \\ \cite{cao2017quantifying} \cite{cao2018quantifying} & & & & ($w$-)event & (temporal) & (Laplace) & privacy \\ \hdashline - \hyperlink{naim2019off}{\emph{ON-OFF privacy}} & infinite & streaming & local & event & dependence & randomization & - \\ + \hyperlink{naim2019off}{\emph{ON-OFF privacy}} & infinite & streaming & local & event & correlation & randomization & - \\ \cite{naim2019off} \cite{ye2019preserving} & (sequential) & & & & (serial) & & \\ \cite{ye2020off} \cite{ye2021off} & & & & & & & \\ diff --git a/tables/related/statistical.tex b/tables/related/statistical.tex index 9ff6fa5..e8e9a35 100644 --- a/tables/related/statistical.tex +++ b/tables/related/statistical.tex @@ -34,19 +34,19 @@ \hyperlink{li2017achieving}{Li et al.} & finite & batch & global & user & linkage & perturbation & differential \\ \cite{li2017achieving} & (sequential) & & & & & (Laplace) & privacy \\ \hdashline - \hyperlink{he2015dpt}{\emph{DPT}} & finite & batch & global & user & dependence & perturbation & differential \\ + \hyperlink{he2015dpt}{\emph{DPT}} & finite & batch & global & user & correlation & perturbation & differential \\ \cite{he2015dpt} & (sequential) & & & & (spatial) & (Laplace) & privacy \\ \hdashline - \hyperlink{song2017pufferfish}{Song et al.} & finite & batch & global & event & dependence & perturbation & pufferfish \\ + \hyperlink{song2017pufferfish}{Song et al.} & finite & batch & global & event & correlation & perturbation & pufferfish \\ \cite{song2017pufferfish} & & & & & & (Laplace) & \\ \hdashline - \hyperlink{fan2013differentially}{Fan et al.} & finite & streaming & global & user & dependence & perturbation & differential \\ + \hyperlink{fan2013differentially}{Fan et al.} & finite & streaming & global & user & correlation & perturbation & differential \\ \cite{fan2013differentially} & (sequential) & & & & (spatiotemporal) & (Laplace) & privacy \\ \hdashline \hyperlink{fan2014adaptive}{\emph{FAST}} & finite & streaming & global & user & linkage & perturbation & differential \\ \cite{fan2014adaptive} & & & & & & (Laplace) & privacy \\ \hdashline - \hyperlink{wang2017cts}{\emph{CTS-DP}} & finite & streaming & global & event & dependence & perturbation & differential \\ + \hyperlink{wang2017cts}{\emph{CTS-DP}} & finite & streaming & global & event & correlation & perturbation & differential \\ \cite{wang2017cts} & & & & & (serial) & (Laplace) & privacy \\ \midrule @@ -63,7 +63,7 @@ \hyperlink{kellaris2014differentially}{Kellaris et al.} & infinite & streaming & global & $w$-event & linkage & perturbation & differential \\ \cite{kellaris2014differentially} & & & & & & (Laplace) & privacy \\ \hdashline - \hyperlink{wang2016rescuedp}{\emph{RescueDP}} & infinite & streaming & global & $w$-event & dependence & perturbation & differential \\ + \hyperlink{wang2016rescuedp}{\emph{RescueDP}} & infinite & streaming & global & $w$-event & correlation & perturbation & differential \\ \cite{wang2016rescuedp} & & & & & (serial) & (Laplace) & privacy \\ \hdashline \hyperlink{erlingsson2014rappor}{\emph{RAPPOR}} & infinite & streaming & local & user & linkage & randomization (ran- & differential \\ @@ -72,7 +72,7 @@ \hyperlink{quoc2017privapprox}{\emph{PrivApprox}} & infinite & streaming & global & event & linkage & randomization (ran- & differential \\ \cite{quoc2017privapprox} & & & & & & domized response) & privacy \\ \hdashline - \hyperlink{li2007hiding}{Li et al.} & infinite & streaming & global & event & dependence & randomization & - \\ + \hyperlink{li2007hiding}{Li et al.} & infinite & streaming & global & event & correlation & randomization & - \\ \cite{li2007hiding} & & & & & (serial) & & \\ \hdashline \hyperlink{chen2017pegasus}{\emph{PeGaSus}} & infinite & streaming & global & event & linkage & perturbation & differential \\ diff --git a/text/preliminaries/privacy.tex b/text/preliminaries/privacy.tex index cd641bb..55294c2 100644 --- a/text/preliminaries/privacy.tex +++ b/text/preliminaries/privacy.tex @@ -49,7 +49,7 @@ Even though many works directly refer to the general category of linkage attacks several releases, (ii)~the \emph{tuple correspondence} attack~\cite{fung2008anonymity}, when in case of incremental data certain tuples correspond to certain tuples in other releases, in an injective way, (iii)~the \emph{tuple equivalence} attack~\cite{he2011preventing}, when tuples among different releases are found to be equivalent with respect to the sensitive attribute, and (iv)~the \emph{unknown releases} attack~\cite{shmueli2015privacy}, when the privacy preservation is performed without taking into account previous data releases. % knowing the previously privacy-protected data sets. % \kat{can you elaborate on the last one?} - \item \emph{Data dependence} + \item \emph{Data correlation} % \kat{please rewrite as a full sentence} that may exist either within one data set or among one data set and previous data releases, and/or other external sources~\cite{kifer2011no, chen2014correlated, liu2016dependence, zhao2017dependent}. @@ -62,7 +62,7 @@ An example is the lack of diversity in the sensitive attribute domain, e.g.,~if The second and third subcategories are attacks emerging (mostly) in continuous publishing scenarios. Consider again the data set in Figure~\ref{tab:snapshot-micro}. The complementary release attack means that an adversary can learn more things about the individuals (e.g.,~that there are high chances that Donald was at work) if he/she combines the information of two privacy-protected versions of this data set. -By the data dependence attack, the status of Donald could be more certainly inferred, by taking into account the status of Dewey at the same moment and the dependencies between Donald's and Dewey's status, e.g.,~when Dewey is at home, then most probably Donald is at work. +By the data correlation attack, the status of Donald could be more certainly inferred, by taking into account the status of Dewey at the same moment and the dependencies between Donald's and Dewey's status, e.g.,~when Dewey is at home, then most probably Donald is at work. In order to better protect the privacy of Donald in case of attacks, the data should be privacy-protected in a more adequate way (than without the attacks). @@ -304,7 +304,7 @@ We distinguish here \emph{Pufferfish}~\cite{kifer2014pufferfish}. To define a privacy mechanism using \emph{Pufferfish}, one has to define a set of potential secrets $\mathcal{X}$, a set of distinct pairs $\mathcal{X}_{pairs}$, and auxiliary information about data evolution scenarios $\mathcal{B}$. $\mathcal{X}$ serves as an explicit specification of what we would like to protect, e.g.,~`the record of an individual $x$ is (not) in the data'. $\mathcal{X}_{pairs}$ is a subset of $\mathcal{X} \times \mathcal{X}$ that instructs how to protect the potential secrets $\mathcal{X}$, e.g.,~(`$x$ is in the table', `$x$ is not in the table'). -Finally, $\mathcal{B}$ is a set of conservative assumptions about how the data evolved (or were generated) that reflects the adversary's belief about the data, e.g.,~probability distributions, variable correlations, etc. +Finally, $\mathcal{B}$ is a set of conservative assumptions about how the data evolved (or were generated) that reflects the adversary's belief about the data, e.g.,~probability distributions, variable correlation, etc. When there is independence between all the records in the original data set, then $\varepsilon$-differential privacy and the privacy definition of $\varepsilon$-\emph{Pufferfish}$(\mathcal{X}, \mathcal{X}_{pairs}, \mathcal{B})$ are equivalent. @@ -419,7 +419,7 @@ The first ($m - 1$ if $w \leq 2$ or $m - w + 1$ if $w > 2$) and last ($m$) mecha When $w$ is greater than $2$, the rest of the mechanisms (between $m - w + 2$ and $m - 1$) contribute only to the privacy loss that is corresponding to the publication of the relevant data. \begin{theorem} - [Sequential composition under temporal correlations~\cite{cao2018quantifying}] + [Sequential composition under temporal correlation~\cite{cao2018quantifying}] \label{theor:compo-seq-cor} When a set of $w \leq t \in \mathbb{Z}^+$ independent privacy mechanisms, satisfying $\varepsilon_{m \in [1, t]}$-differential privacy, is applied over a sequence of an equal number of temporally correlated data sets, it provides a privacy guarantee equal to: $$ @@ -430,7 +430,7 @@ When $w$ is greater than $2$, the rest of the mechanisms (between $m - w + 2$ an $$ \end{theorem} -Notice that the estimation of forward privacy loss is only pertinent to a setting under finite observation and moderate correlations. +Notice that the estimation of forward privacy loss is only pertinent to a setting under finite observation and moderate correlation. In different circumstances, it might be impossible to calculate the upper bound of the temporal privacy loss, and thus only the backward privacy loss would be relevant. % Notice that---although we refer to it as `sequential'---since Theorem~\ref{theor:compo-seq-cor} refers to the application of a sequence of mechanisms to a respective sequence of disjoint data sets, we would normally expect it to correspond to the parallel composition on independent data (Theorem~\ref{theor:compo-par-ind}).