skip to main content
10.1145/1376916.1376941acmconferencesArticle/Chapter ViewAbstractPublication PagespodsConference Proceedingsconference-collections
research-article

Epistemic privacy

Published: 09 June 2008 Publication History

Abstract

We present a novel definition of privacy in the framework of offline (retroactive) database query auditing. Given information about the database, a description of sensitive data, and assumptions about users' prior knowledge, our goal is to determine if answering a past user's query could have led to a privacy breach. According to our definition, an audited property A is private, given the disclosure of property B, if no user can gain confidence in A by learning B, subject to prior knowledge constraints. Privacy is not violated if the disclosure of B causes a loss of confidence in A. The new notion of privacy is formalized using the well-known semantics for reasoning about knowledge, where logical properties correspond to sets of possible worlds (databases) that satisfy these properties. Database users are modelled as either possibilistic agents whose knowledge is a set of possible worlds, or as probabilistic agents whose knowledge is a probability distribution on possible worlds.
We analyze the new privacy notion, show its relationship with the conventional approach, and derive criteria that allow the auditor to test privacy efficiently in some important cases. In particular, we prove characterization theorems for the possibilistic case, and study in depth the probabilistic case under the assumption that all database records are considered a-priori independent by the user, as well as under more relaxed (or absent) prior-knowledge assumptions. In the probabilistic case we show that for certain families of distributions there is no efficient algorithm to test whether an audited property A is private given the disclosure of a property B, assuming P ` NP. Nevertheless, for many interesting families, such as the family of product distributions, we obtain algorithms that are efficient both in theory and in practice.

Supplementary Material

Low Resolution (p159-part2_56k.mp4)
High Resolution (p159-part2_768k.mp4)

References

[1]
R. Agrawal, R. J. Bayardo, C. Faloutsos, J. Kiernan, R. Rantzau, and R. Srikant. Auditing compliance with a hippocratic database. In Proc. VLDB, pages 516--527, 2004.
[2]
R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Hippocratic databases. In Proc. VLDB, pages 143--154, 2002.
[3]
R. Ahlswede and D. E. Daykin. An inequality for the weights of two families of sets, their unions and intersections. Z. Wahrschein. und Verw. Gebiete, 43:183--185, 1978.
[4]
S. Basu, R. Pollack, and M.-F. Roy. On the combinatorial and algebraic complexity of quantifier elimination. J. ACM, 43(6):1002--1045, 1996.
[5]
A. Blum, C. Dwork, F. McSherry, and K. Nissim. Practical privacy: The SuLQ framework. In Proc. PODS, pages 128--138, 2005.
[6]
B. Bollobás. Combinatorics. Cambridge Univ. Press, 1986.
[7]
J. Canny. Improved algorithms for sign determination and existential quantifier elimination. Computer Journal, 36(5):409--418, 1993.
[8]
C. Caramanis. Non-convex optimization via real algebraic geometry, 2001. http://web.mit.edu/~cmcaram/www/pubs/nonconvex_opt_review.pdf.
[9]
C. P. de Campos and F. G. Cozman. Computing lower and upper expectations under epistemic independence. In Proc. 4th Intl. Symp. on Imprecise Probabilities and Their Apps., 2005.
[10]
I. Dinur and K. Nissim. Revealing information while preserving privacy. In Proc. PODS, pages 202--210, 2003.
[11]
C. Dwork and K. Nissim. Privacy-preserving datamining on vertically partitioned databases. In Proc. CRYPTO, pages 528--544, 2004.
[12]
A. Evfimievski, J. Gehrke, and R. Srikant. Limiting privacy breaches in privacy preserving data mining. In Proc. PODS, pages 211--222, 2003.
[13]
R. Fagin, J. Y. Halpern, Y. Moses, and M. Y. Vardi. Reasoning About Knowledge. The MIT Press, 1995. Paperbook edition appeared in 2001.
[14]
R. Fagin, J. Y. Halpern, and M. Y. Vardi. A model-theoretic analysis of knowledge. J. ACM, 91(2):382--428, 1991.
[15]
S. Fujishige. Submodular Functions and Optimization, volume 58 of Annals of Discrete Mathematics. Elsevier, 2nd edition, 2005.
[16]
D. Grigoriev, E. de Klerk, and D. V. Pasechnik. Finding optimum subject to few quadratic constraints in polynomial time. In Proc. Conf. on Effective Methods in Algebraic Geometry (MEGA), 2003.
[17]
J. Hintikka. Knowledge and Belief. Cornell University Press, 1962.
[18]
K. Kenthapadi, N. Mishra, and K. Nissim. Simulatable auditing. In Proc. PODS, pages 118--127, 2005.
[19]
S. Kripke. A semantical analysis of modal logic I: normal modal propositional calculi. Zeitschrift für Mathematische Logik und Grundlagen der Mathematik, 9:67--96, 1963. Announced in J. of Symbolic Logic 24, 1959, p. 323.
[20]
L. Lovász. Submodular functions and convexity. In A. Bachem, M. Grötchel, and B. Korte, editors, Mathematical Programming -- The State of the Art, pages 235--257. Springer-Verlag, 1983.
[21]
G. Miklau and D. Suciu. A formal analysis of information disclosure in data exchange. In Proc. SIGMOD, pages 575--586, 2004.
[22]
R. Motwani, S. U. Nabar, and D. Thomas. Auditing SQL queries. In Proc. ICDE, 2008. to appear.
[23]
S. U. Nabar, B. Marthi, K. Kenthapadi, N. Mishra, and R. Motwani. Towards robustness in query auditing. In Proc. VLDB, pages 151--162, 2006.
[24]
P. A. Parrilo. Structured semidefinite programs and semialgebraic geometry methods in robustness and optimization, 2000. Ph.D. Thesis, California Institute of Technology.
[25]
P. A. Parrilo and B. Sturmfels. Minimizing polynomial functions. In Algorithmic and Quantitative Aspects of Real Algebraic Geometry in Mathematics and Computer Science, pages 83--100, 2001.
[26]
President's Information Technology Advisory Committee. Revolutionizing health care through information technology, 2004.
[27]
M. Putinar. Positive polynomials on compact semi-algebraic sets. Indiana University Math Journal, 42(3), 1993.
[28]
K. Schmüdgen. The k-moment problem for compact semialgebraic sets. Annals of Math, 289:203--206, 1991.
[29]
C. E. Shannon. Communication theory of secrecy systems. Bell System Technical Journal, 28-4:656--715, 1949.
[30]
N. Z. Shor. Class of global minimum bounds of polynomial functions. Cybernetics, 6:731--734, 1987.
[31]
N. Z. Shor and P. I. Stetsyuk. The use of a modification of the r-algorithm for finding the global minimum of polynomial functions. Cybernetics and Systems Analysis, 33:482--497, 1997.
[32]
G. Stengle. A Nullstellensatz and a Positivstellensatz in semialgebraic geometry. Annals of Math, 207:87--97, 1974.
[33]
G. H. v. Wright. An Essay in Modal Logic. North-Holland, 1951.

Cited By

View all
  • (2015)Bayesian Differential Privacy on Correlated DataProceedings of the 2015 ACM SIGMOD International Conference on Management of Data10.1145/2723372.2747643(747-762)Online publication date: 27-May-2015
  • (2013)Defining Privacy Based on Distributions of Privacy Breaches10.1007/978-3-642-42001-6_15(211-225)Online publication date: 2013
  • (2013)Controlled Query Evaluation over OWL 2 RL OntologiesProceedings of the 12th International Semantic Web Conference - Part I10.1007/978-3-642-41335-3_4(49-65)Online publication date: 21-Oct-2013
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
PODS '08: Proceedings of the twenty-seventh ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
June 2008
330 pages
ISBN:9781605581521
DOI:10.1145/1376916
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 June 2008

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. auditing
  2. disclosure
  3. positivstellensatz
  4. privacy
  5. query logs
  6. reasoning about knowledge
  7. supermodularity

Qualifiers

  • Research-article

Conference

SIGMOD/PODS '08
Sponsor:

Acceptance Rates

PODS '08 Paper Acceptance Rate 28 of 159 submissions, 18%;
Overall Acceptance Rate 642 of 2,707 submissions, 24%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)2
  • Downloads (Last 6 weeks)0
Reflects downloads up to 16 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2015)Bayesian Differential Privacy on Correlated DataProceedings of the 2015 ACM SIGMOD International Conference on Management of Data10.1145/2723372.2747643(747-762)Online publication date: 27-May-2015
  • (2013)Defining Privacy Based on Distributions of Privacy Breaches10.1007/978-3-642-42001-6_15(211-225)Online publication date: 2013
  • (2013)Controlled Query Evaluation over OWL 2 RL OntologiesProceedings of the 12th International Semantic Web Conference - Part I10.1007/978-3-642-41335-3_4(49-65)Online publication date: 21-Oct-2013
  • (2011)Inference-proof view update transactions with forwarded refreshmentsJournal of Computer Security10.5555/2011016.201102019:3(487-529)Online publication date: 1-Aug-2011
  • (2010)Privacy in ontology-based information systems: A pending matterSemantic Web10.5555/2019445.20194541:1,2(137-141)Online publication date: 1-Apr-2010
  • (2010)Keeping secrets in possibilistic knowledge bases with necessity-valued privacy policiesProceedings of the Computational intelligence for knowledge-based systems design, and 13th international conference on Information processing and management of uncertainty10.5555/1876326.1876406(655-664)Online publication date: 28-Jun-2010
  • (2010)Epistemic privacyJournal of the ACM10.1145/1870103.187010558:1(1-45)Online publication date: 21-Dec-2010
  • (2010)Towards an axiomatization of statistical privacy and utilityProceedings of the twenty-ninth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems10.1145/1807085.1807106(147-158)Online publication date: 6-Jun-2010
  • (2010)Privacy-preserving data publishingACM Computing Surveys10.1145/1749603.174960542:4(1-53)Online publication date: 23-Jun-2010
  • (2009)Personal health information leak prevention in heterogeneous textsProceedings of the Workshop on Adaptation of Language Resources and Technology to New Domains10.5555/1859148.1859157(58-69)Online publication date: 17-Sep-2009
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media