To design a privacy-preserving data publishing system, we must first quantify the very notion of privacy, or information loss. In the past few years, there has been a proliferation of measures of privacy, some based on statistical considerations, others based on Bayesian or information-theoretic notions of information, and even others designed around the limitations of bounded adversaries. In this chapter, we review the various approaches to capturing privacy. We will find that although one can define privacy from different standpoints, there are many structural similarities in the way different approaches have evolved. It will also become clear that the notions of privacy and utility (the useful information one can extract from published data) are intertwined in ways that are yet to be fully resolved.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Proceedings of the 23rd International Conference on Data Engineering, ICDE 2007, April 15-20, 2007, The Marmara Hotel, Istanbul, Turkey (2007), IEEE.
Agrawal, D., and Aggarwal, C. C. On the design and quantification of privacy preserving data mining algorithms. In Proceedings of the twentieth ACM SIGMOD-SIGACT-SIGART symposium on Principles of Database Systems (Santa Barbara, CA, 2001), pp. 247–255.
Agrawal, R., and Srikant, R. Privacy preserving data mining. In Proceedings of the ACM SIGMOD Conference on Management of Data (Dallas, TX, May 2000), pp. 439–450.
Agrawal, S., and Haritsa, J. R. FRAPP: A framework for high-accuracy privacy-preserving mining. In ICDE ’05: Proceedings of the 21st International Conference on Data Engineering (ICDE’05) (Washington, DC, USA, 2005), IEEE Computer Society, pp. 193–204.
Bayardo, Jr., R. J., and Agrawal, R. Data privacy through optimal k-anonymization. In ICDE (2005), IEEE Computer Society, pp. 217–228.
Blum, A., Dwork, C., McSherry, F., and Nissim, K. Practical privacy: the sulq framework. In PODS ’05: Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems (New York, NY, USA, 2005), ACM Press, pp. 128–138.
Byun, J.-W., Kamra, A., Bertino, E., and Li, N. Efficient -anonymization using clustering techniques. In DASFAA (2007), K. Ramamohanarao, P. R. Krishna, M. K. Mohania, and E. Nantajeewarawat, Eds., vol. 4443 of Lecture Notes in Computer Science, Springer, pp. 188–200.
Chawla, S., Dwork, C., McSherry, F., Smith, A., and Wee, H. Toward privacy in public databases. In TCC (2005), J. Kilian, Ed., vol. 3378 of Lecture Notes in Computer Science, Springer, pp. 363–385.
Chawla, S., Dwork, C., McSherry, F., and Talwar, K. On privacy-preserving histograms. In UAI (2005), AUAI Press.
de Jonge, W. Compromising statistical databases responding to queries about means. ACM Trans. Database Syst. 8, 1 (1983), 60–80.
DeCew, J. Privacy. In The Stanford Encyclopedia of Philosophy, E. N. Zalta, Ed. Fall 2006.
Denning, D. E., Denning, P. J., and Schwartz, M. D. The tracker: A threat to statistical database security. ACM Trans. Database Syst. 4, 1 (1979), 76–96.
Denning, D. E., and Schlörer, J. A fast procedure for finding a tracker in a statistical database. ACM Trans. Database Syst. 5, 1 (1980), 88–102.
Dinur, I., and Nissim, K. Revealing information while preserving privacy. In PODS ’03: Proceedings of the twenty-second ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems (New York, NY, USA, 2003), ACM Press, pp. 202–210.
Duncan, G. T., and Mukherjee, S. Optimal disclosure limitation strategy in statistical databases: Deterring tracker attacks through additive noise. Journal of the American Statistical Association 95, 451 (2000), 720.
Dwork, C. Differential privacy. In Proc. 33rd Intnl. Conf. Automata, Languages and Programming (ICALP) (2006), pp. 1–12. Invited paper.
Dwork, C., McSherry, F., Nissim, K., and Smith, A. Calibrating noise to sensitivity in private data analysis. In TCC (2006), S. Halevi and T. Rabin, Eds., vol. 3876 of Lecture Notes in Computer Science, Springer, pp. 265–284.
Dwork, C., and Nissim, K. Privacy-preserving datamining on vertically partitioned databases. In CRYPTO (2004), M. K. Franklin, Ed., vol. 3152 of Lecture Notes in Computer Science, Springer, pp. 528–544.
Evfimevski, A., Gehrke, J., and Srikant, R. Limiting privacy breaches in privacy preserving data mining. In Proceedings of the ACM SIGMOD/PODS Conference (San Diego, CA, June 2003), pp. 211–222.
Evfimievski, A., Srikant, R., Agrawal, R., and Gehrke, J. Privacy preserving mining of association rules. In KDD ’02: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining (New York, NY, USA, 2002), ACM Press, pp. 217–228.
Fellegi, I. P. On the question of statistical confidentiality. J. Am. Stat. Assoc 67, 337 (1972), 7–18.
Friedman, A. D., and Hoffman, L. J. Towards a fail-safe approach to secure databases. In Proc. IEEE Symp. Security and Privacy (1980).
Gavison, R. Privacy and the limits of the law. The Yale Law Journal 89, 3 (January 1980), 421–471.
Givens, C. R., and Shortt, R. M. A class of Wasserstein metrics for probability distributions. Michigan Math J. 31 (1984), 231–240.
Hoffman, L. J., and Miller, W. F. Getting a personal dossier from a statistical data bank. Datamation 16, 5 (1970), 74–75.
Iyengar, V. S. Transforming data to satisfy privacy constraints. In KDD ’02: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining (New York, NY, USA, 2002), ACM Press, pp. 279–288.
Kargupta, H., Datta, S., Wang, Q., and Sivakumar, K. On the privacy preserving properties of random data perturbation techniques. In Proceedings of the IEEE International Conference on Data Mining (Melbourne, FL, November 2003), p. 99.
Kifer, D., and Gehrke, J. Injecting utility into anonymized datasets. In SIGMOD ’06: Proceedings of the 2006 ACM SIGMOD international conference on Management of data (New York, NY, USA, 2006), ACM Press, pp. 217–228.
Koch, C., Gehrke, J., Garofalakis, M. N., Srivastava, D., Aberer, K., Deshpande, A., Florescu, D., Chan, C. Y., Ganti, V., Kanne, C.-C., Klas, W., and Neuhold, E. J., Eds. Proceedings of the 33rd International Conference on Very Large Data Bases, University of Vienna, Austria, September 23-27, 2007 (2007), ACM.
LeFevre, K., DeWitt, D. J., and Ramakrishnan, R. Mondrian multidimensional k-anonymity. In ICDE ’06: Proceedings of the 22nd International Conference on Data Engineering (ICDE’06) (Washington, DC, USA, 2006), IEEE Computer Society, p. 25.
Li, N., Li, T., and Venkatasubramanian, S. t-closeness: Privacy beyond k-anonymity and ℓ-diversity. In IEEE International Conference on Data Engineering (this proceedings) (2007).
Machanavajjhala, A., Gehrke, J., Kifer, D., and Venkitasubramaniam, M. l-diversity: Privacy beyond k-anonymity. In Proceedings of the 22nd International Conference on Data Engineering (ICDE’06) (2006), p. 24.
Martin, D. J., Kifer, D., Machanavajjhala, A., Gehrke, J., and Halpern, J. Y. Worst-case background knowledge for privacy-preserving data publishing. In ICDE [1], pp. 126–135.
Nakashima, E. AOL Search Queries Open Window Onto Users’ Worlds. The Washington Post (August 17 2006).
Nergiz, M. E., and Clifton, C. Thoughts on k-anonymization. In ICDE Workshops (2006), R. S. Barga and X. Zhou, Eds., IEEE Computer Society, p. 96.
Nissim, K., Raskhodnikova, S., and Smith, A. Smooth sensitivity and sampling in private data analysis. In STOC ’07: Proceedings of the thirty-ninth annual ACM symposium on Theory of computing (New York, NY, USA, 2007), ACM Press, pp. 75–84.
Rastogi, V., Hong, S., and Suciu, D. The boundary between privacy and utility in data publishing. In Koch et al. [29], pp. 531–542.
Rizvi, S. J., and Haritsa, J. R. Maintaining data privacy in association rule mining. In VLDB ’2002: Proceedings of the 28th international conference on Very Large Data Bases (2002), VLDB Endowment, pp. 682–693.
Rubner, Y., Tomasi, C., and Guibas, L. J. The earth mover’s distance as a metric for image retrieval. Int. J. Comput. Vision 40, 2 (2000), 99–121.
Schlörer, J. Identification and retrieval of personal records from a statistical data bank. Methods Info. Med. 14, 1 (1975), 7–13.
Schwartz, M. D., Denning, D. E., and Denning, P. J. Linear queries in statistical databases. ACM Trans. Database Syst. 4, 2 (1979), 156–167.
Sweeney, L. Achieving k-anonymity privacy protection using generalization and suppression. Int. J. Uncertain. Fuzziness Knowl.-Based Syst. 10, 5 (2002), 571–588.
Truta, T. M., and Vinay, B. Privacy protection: p-sensitive k-anonymity property. In ICDEW ’06: Proceedings of the 22nd International Conference on Data Engineering Workshops (ICDEW’06) (Washington, DC, USA, 2006), IEEE Computer Society, p. 94.
U. S. Department of Health and Human Services. Office for Civil Rights - HIPAA. http://www.hhs.gov/ocr/hipaa/.
Wang, K., Fung, B. C. M., and Yu, P. S. Handicapping attacker’s confidence: an alternative to k-anonymization. Knowl. Inf. Syst. 11, 3 (2007), 345–368.
Wong, R. C.-W., Fu, A. W.-C., Wang, K., and Pei, J. Minimality attack in privacy preserving data publishing. In Koch et al. [29], pp. 543–554.
Wong, R. C.-W., Li, J., Fu, A. W.-C., and Wang, K. (α, k)-anonymity: an enhanced k-anonymity model for privacy preserving data publishing. In KDD ’06: Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining (New York, NY, USA, 2006), ACM Press, pp. 754–759.
Xiao, X., and Tao, Y. Personalized privacy preservation. In SIGMOD ’06: Proceedings of the 2006 ACM SIGMOD international conference on Management of data (New York, NY, USA, 2006), ACM Press, pp. 229–240.
Yao, A. C. Protocols for secure computations. In Proc. IEEE Foundations of Computer Science (1982), pp. 160–164.
Zhang, Q., Koudas, N., Srivastava, D., and Yu, T. Aggregate query answering on anonymized tables. In ICDE [1], pp. 116–125.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Venkatasubramanian, S. (2008). Measures of Anonymity. In: Aggarwal, C.C., Yu, P.S. (eds) Privacy-Preserving Data Mining. Advances in Database Systems, vol 34. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-70992-5_4
Download citation
DOI: https://doi.org/10.1007/978-0-387-70992-5_4
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-70991-8
Online ISBN: 978-0-387-70992-5
eBook Packages: Computer ScienceComputer Science (R0)