skip to main content
10.1145/1807085.1807106acmconferencesArticle/Chapter ViewAbstractPublication PagespodsConference Proceedingsconference-collections
research-article

Towards an axiomatization of statistical privacy and utility

Published: 06 June 2010 Publication History

Abstract

"Privacy" and "utility" are words that frequently appear in the literature on statistical privacy. But what do these words really mean? In recent years, many problems with intuitive notions of privacy and utility have been uncovered. Thus more formal notions of privacy and utility, which are amenable to mathematical analysis, are needed. In this paper we present our initial work on an axiomatization of privacy and utility. In particular, we study how these concepts are affected by randomized algorithms. Our analysis yields new insights into the construction of both privacy definitions and mechanisms that generate data according to such definitions. In particular, it characterizes a class of relaxations of differential privacy and shows that desirable outputs of a differentially private mechanism are best interpreted as certain graphs rather than query answers or synthetic data.

References

[1]
Nabil Adam and John Wortmann. Security-control methods for statistical databases. ACM Computing Surveys, 21(4):515--556, 1989.
[2]
B. Barak, K. Chaudhuri, C. Dwork, S. Kale, F. McSherry, and K. Talwar. Privacy, accuracy, and consistency too: A holistic solution to contingency table release. In PODS, 2007.
[3]
Michael Barbaro and Tom Zeller. A face is exposed for AOL searcher no. 4417749. New York Times, August 9 2006.
[4]
Dimitri P. Bertsekas, Angelia Nedic, and Asuman E. Ozdaglar. Convex Analysis and Optimization. Athena Scientific, 2003.
[5]
U. Blien, H. Wirth, and M. Muller. Disclosure risk for microdata stemming from official statistics. Statistica Neerlandica, 46(1):69--82, 1992.
[6]
Avrim Blum, Cynthia Dwork, Frank McSherry, and Kobbi Nissim. Practical privacy: the sulq framework. In PODS, pages 128--138, 2005.
[7]
Avrim Blum, Katrina Ligett, and Aaron Roth. A learning theory approach to non-interactive database privacy. In STOC, pages 609--618, 2008.
[8]
Rudolf Carnap and Richard C. Jeffrey, editors. Studies in Inductive Logic and Probability, volume I. University of California Press, 1971.
[9]
George Casella and Roger L. Berger. Statistical Inference. Duxbury, 2nd edition, 2002.
[10]
Bee-Chung Chen, Daniel Kifer, Kristen LeFevre, and Ashwin Machanavajjhala. Privacy-preserving data publishing. Foundations and Trends in Databases, 2(1-2):1--167, 2009.
[11]
Joel E. Cohen, Yves Derriennic, and Gh. Zbaganu. Majorization, monotonicity of relative entropy and stochastic matrices. Contemporary Mathematics, 149, 1993.
[12]
Irit Dinur and Kobbi Nissim. Revealing information while preserving privacy. In PODS, 2003.
[13]
C. Dwork and N. Nissim. Privacy-preserving datamining on vertically partitioned databases. In CRYPTO, 2004.
[14]
Cynthia Dwork. Differential privacy. In ICALP, volume 4051 of Lecture Notes in Computer Science, pages 1--12, 2006.
[15]
Cynthia Dwork, Krishnaram Kenthapadi, Frank McSherry, Ilya Mironov, and Moni Naor. Our data, ourselves: Privacy via distributed noise generation. In EUROCRYPT, pages 486--503, 2006.
[16]
Cynthia Dwork, Frank Mcsherry, Kobbi Nissim, and Adam Smith. Calibrating noise to sensitivity in private data analysis. In Theory of Cryptography Conference, pages 265--284, 2006.
[17]
Cynthia Dwork, Frank McSherry, and Kunal Talwar. The price of privacy and the limits of lp decoding. In STOC, pages 85--94, 2007.
[18]
Cynthia Dwork, Moni Naor, Omer Reingold, Guy N.Rothblum, and Salil Vadhan. On the complexity of differentially private data release: Efficient algorithms and hardness results. In STOC, pages 381--390, 2009.
[19]
Alexandre Evfimievski, Ronald Fagin, and David P. Woodruff. Epistemic privacy. In PODS, 2008.
[20]
Alexandre Evfimievski, Johannes Gehrke, and Ramakrishnan Srikant. Limiting privacy breaches in privacy-preserving data mining. In PODS, 2003.
[21]
B. Fung, K. Wang, R. Chen, and P. Yu. Privacy-preserving data publishing: A survey on recent developments. ACM Computing Surveys, 42(4), 2010.
[22]
Srivatsava Ranjit Ganta, Shiva Prasad Kasiviswanathan, and Adam Smith. Composition attacks and auxiliary information in data privacy. In KDD, 2008.
[23]
Arpita Ghosh, Tim Roughgarden, and Mukund Sundararajan. Universally utility-maximizing privacy mechanisms. In STOC, pages 351--360, 2009.
[24]
M. Hay, V. Rastogi, G. Miklau, and D. Suciu. Boosting the accuracy of differentially-private histograms through consistency. In VLDB, 2010.
[25]
Daniel Kifer. Attacks on privacy and de finetti's theorem. In SIGMOD, 2009.
[26]
Daniel Kifer and Bing-Rong Lin. Towards an axiomatization of statistical privacy and utility. Technical Report CSE-10-002, Penn State University, 2010.
[27]
Ravi Kumar, Jasmine Novak, Bo Pang, and Andrew Tomkins. On anonymizing query logs via token-based hashing. In WWW, 2007.
[28]
Ashwin Machanavajjhala, Johannes Gehrke, and Michaela Götz. Data publishing against realistic adversaries. VLDB, 2009.
[29]
Ashwin Machanavajjhala, Johannes Gehrke, Daniel Kifer, and Muthuramakrishnan Venkitasubramaniam. l-diversity: Privacy beyond k-anonymity. In ICDE, 2006.
[30]
Ashwin Machanavajjhala, Daniel Kifer, John Abowd, Johannes Gehrke, and Lars Vilhuber. Privacy: Theory meets practice on the map. ICDE, pages 277--286, 2008.
[31]
Frank McSherry and Kunal Talwar. Mechanism design via differential privacy. In FOCS, pages 94--103, 2007.
[32]
M. Ercan Nergiz and Chris Clifton. Thoughts on k-anonymization. Data & Knowledge Engineering, 63(3):622--645, 2007.
[33]
Kobbi Nissim, Sofya Raskhodnikova, and Adam Smith. Smooth sensitivity and sampling in private data analysis. In STOC, pages 75--84, 2007.
[34]
C. J. Nix and J. B. Paris. A continuum of inductive methods arising from a generalized principle of instantial relevance. Journal of Philosophical Logic, 35(1):83--115, 2006.
[35]
Vibhor Rastogi, Michael Hay, Gerome Miklau, and Dan Suciu. Relationship privacy: Output perturbation for queries with joins. In PODS, pages 107--116, 2009.
[36]
Vibhor Rastogi, Dan Suciu, and Sungho Hong. The boundary between privacy and utility in data publishing. In VLDB, pages 531--542, 2007.
[37]
Walter Rudin. Real & Complex Analysis. McGraw-Hill, 3rd edition, 1987.
[38]
Pierangela Samarati and Latanya Sweeney. Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. Technical report, CMU, SRI, 1998.
[39]
Mark J. Schervish. Theory of Statistics. Springer, 1995.
[40]
Latanya Sweeney. k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10(5):557--570, 2002.
[41]
Raymond Wong, Ada Fu, Ke Wang, and Jian Pei. Minimality attack in privacy preserving data publishing. In VLDB, 2007.
[42]
Xiaokui Xiao, Guozhang Wang, and Johannes Gehrke. Differential privacy via wavelet transforms. In ICDE, 2010.

Cited By

View all
  • (2024)Protecting Label Distribution in Cross-Silo Federated Learning2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00113(4828-4847)Online publication date: 19-May-2024
  • (2024)(θ,ϵ): Social Relationship Privacy Protection for Order Allocation in Vehicular Social NetworkIEEE Internet of Things Journal10.1109/JIOT.2024.341620311:20(32813-32823)Online publication date: 15-Oct-2024
  • (2024)PPMM-DA: Privacy-Preserving Multidimensional and Multisubset Data Aggregation With Differential Privacy for Fog-Based Smart GridsIEEE Internet of Things Journal10.1109/JIOT.2023.330913211:4(6096-6110)Online publication date: 15-Feb-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
PODS '10: Proceedings of the twenty-ninth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
June 2010
350 pages
ISBN:9781450300339
DOI:10.1145/1807085
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 June 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. axioms
  2. privacy
  3. utility

Qualifiers

  • Research-article

Conference

SIGMOD/PODS '10
Sponsor:
SIGMOD/PODS '10: International Conference on Management of Data
June 6 - 11, 2010
Indiana, Indianapolis, USA

Acceptance Rates

PODS '10 Paper Acceptance Rate 27 of 113 submissions, 24%;
Overall Acceptance Rate 642 of 2,707 submissions, 24%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)29
  • Downloads (Last 6 weeks)2
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Protecting Label Distribution in Cross-Silo Federated Learning2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00113(4828-4847)Online publication date: 19-May-2024
  • (2024)(θ,ϵ): Social Relationship Privacy Protection for Order Allocation in Vehicular Social NetworkIEEE Internet of Things Journal10.1109/JIOT.2024.341620311:20(32813-32823)Online publication date: 15-Oct-2024
  • (2024)PPMM-DA: Privacy-Preserving Multidimensional and Multisubset Data Aggregation With Differential Privacy for Fog-Based Smart GridsIEEE Internet of Things Journal10.1109/JIOT.2023.330913211:4(6096-6110)Online publication date: 15-Feb-2024
  • (2024)Privacy-Preserving Classification on Deep Learning with Exponential MechanismInternational Journal of Computational Intelligence Systems10.1007/s44196-024-00422-x17:1Online publication date: 26-Feb-2024
  • (2023)Towards Benchmarking Privacy Risk for Differential Privacy: A SurveyProceedings of the 10th ACM International Conference on Systems for Energy-Efficient Buildings, Cities, and Transportation10.1145/3600100.3625373(322-327)Online publication date: 15-Nov-2023
  • (2023)Differentially Private Release of Heterogeneous Network for Managing Healthcare DataACM Transactions on Knowledge Discovery from Data10.1145/358036717:6(1-30)Online publication date: 18-Jan-2023
  • (2023)A Robust Privacy-Preserving Data Aggregation Scheme for Edge-Supported IIoTIEEE Transactions on Industrial Informatics10.1109/TII.2023.3315375(1-12)Online publication date: 2023
  • (2022)Continuous Release of Location Data Based on Differential Privacy2022 21st International Symposium on Communications and Information Technologies (ISCIT)10.1109/ISCIT55906.2022.9931267(1-6)Online publication date: 27-Sep-2022
  • (2022)Differential Privacy from Locally Adjustable Graph Algorithms: k-Core Decomposition, Low Out-Degree Ordering, and Densest Subgraphs2022 IEEE 63rd Annual Symposium on Foundations of Computer Science (FOCS)10.1109/FOCS54457.2022.00077(754-765)Online publication date: Oct-2022
  • (2022)Differential privacy protection scheme based on community density aggregation and matrix perturbationInformation Sciences: an International Journal10.1016/j.ins.2022.09.052615:C(167-190)Online publication date: 1-Nov-2022
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media