skip to main content
10.1145/1376916.1376941acmconferencesArticle/Chapter ViewAbstractPublication PagesmodConference Proceedingsconference-collections
research-article

Epistemic privacy

Published:09 June 2008Publication History

ABSTRACT

We present a novel definition of privacy in the framework of offline (retroactive) database query auditing. Given information about the database, a description of sensitive data, and assumptions about users' prior knowledge, our goal is to determine if answering a past user's query could have led to a privacy breach. According to our definition, an audited property A is private, given the disclosure of property B, if no user can gain confidence in A by learning B, subject to prior knowledge constraints. Privacy is not violated if the disclosure of B causes a loss of confidence in A. The new notion of privacy is formalized using the well-known semantics for reasoning about knowledge, where logical properties correspond to sets of possible worlds (databases) that satisfy these properties. Database users are modelled as either possibilistic agents whose knowledge is a set of possible worlds, or as probabilistic agents whose knowledge is a probability distribution on possible worlds.

We analyze the new privacy notion, show its relationship with the conventional approach, and derive criteria that allow the auditor to test privacy efficiently in some important cases. In particular, we prove characterization theorems for the possibilistic case, and study in depth the probabilistic case under the assumption that all database records are considered a-priori independent by the user, as well as under more relaxed (or absent) prior-knowledge assumptions. In the probabilistic case we show that for certain families of distributions there is no efficient algorithm to test whether an audited property A is private given the disclosure of a property B, assuming P ` NP. Nevertheless, for many interesting families, such as the family of product distributions, we obtain algorithms that are efficient both in theory and in practice.

Skip Supplemental Material Section

Supplemental Material

High Resolution
Low Resolution

References

  1. R. Agrawal, R. J. Bayardo, C. Faloutsos, J. Kiernan, R. Rantzau, and R. Srikant. Auditing compliance with a hippocratic database. In Proc. VLDB, pages 516--527, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Hippocratic databases. In Proc. VLDB, pages 143--154, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. R. Ahlswede and D. E. Daykin. An inequality for the weights of two families of sets, their unions and intersections. Z. Wahrschein. und Verw. Gebiete, 43:183--185, 1978.Google ScholarGoogle ScholarCross RefCross Ref
  4. S. Basu, R. Pollack, and M.-F. Roy. On the combinatorial and algebraic complexity of quantifier elimination. J. ACM, 43(6):1002--1045, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. A. Blum, C. Dwork, F. McSherry, and K. Nissim. Practical privacy: The SuLQ framework. In Proc. PODS, pages 128--138, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. B. Bollobás. Combinatorics. Cambridge Univ. Press, 1986.Google ScholarGoogle Scholar
  7. J. Canny. Improved algorithms for sign determination and existential quantifier elimination. Computer Journal, 36(5):409--418, 1993.Google ScholarGoogle ScholarCross RefCross Ref
  8. C. Caramanis. Non-convex optimization via real algebraic geometry, 2001. http://web.mit.edu/~cmcaram/www/pubs/nonconvex_opt_review.pdf.Google ScholarGoogle Scholar
  9. C. P. de Campos and F. G. Cozman. Computing lower and upper expectations under epistemic independence. In Proc. 4th Intl. Symp. on Imprecise Probabilities and Their Apps., 2005.Google ScholarGoogle Scholar
  10. I. Dinur and K. Nissim. Revealing information while preserving privacy. In Proc. PODS, pages 202--210, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. C. Dwork and K. Nissim. Privacy-preserving datamining on vertically partitioned databases. In Proc. CRYPTO, pages 528--544, 2004.Google ScholarGoogle ScholarCross RefCross Ref
  12. A. Evfimievski, J. Gehrke, and R. Srikant. Limiting privacy breaches in privacy preserving data mining. In Proc. PODS, pages 211--222, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. R. Fagin, J. Y. Halpern, Y. Moses, and M. Y. Vardi. Reasoning About Knowledge. The MIT Press, 1995. Paperbook edition appeared in 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. R. Fagin, J. Y. Halpern, and M. Y. Vardi. A model-theoretic analysis of knowledge. J. ACM, 91(2):382--428, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. S. Fujishige. Submodular Functions and Optimization, volume 58 of Annals of Discrete Mathematics. Elsevier, 2nd edition, 2005.Google ScholarGoogle Scholar
  16. D. Grigoriev, E. de Klerk, and D. V. Pasechnik. Finding optimum subject to few quadratic constraints in polynomial time. In Proc. Conf. on Effective Methods in Algebraic Geometry (MEGA), 2003.Google ScholarGoogle Scholar
  17. J. Hintikka. Knowledge and Belief. Cornell University Press, 1962.Google ScholarGoogle Scholar
  18. K. Kenthapadi, N. Mishra, and K. Nissim. Simulatable auditing. In Proc. PODS, pages 118--127, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. S. Kripke. A semantical analysis of modal logic I: normal modal propositional calculi. Zeitschrift für Mathematische Logik und Grundlagen der Mathematik, 9:67--96, 1963. Announced in J. of Symbolic Logic 24, 1959, p. 323.Google ScholarGoogle ScholarCross RefCross Ref
  20. L. Lovász. Submodular functions and convexity. In A. Bachem, M. Grötchel, and B. Korte, editors, Mathematical Programming -- The State of the Art, pages 235--257. Springer-Verlag, 1983.Google ScholarGoogle Scholar
  21. G. Miklau and D. Suciu. A formal analysis of information disclosure in data exchange. In Proc. SIGMOD, pages 575--586, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. R. Motwani, S. U. Nabar, and D. Thomas. Auditing SQL queries. In Proc. ICDE, 2008. to appear. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. S. U. Nabar, B. Marthi, K. Kenthapadi, N. Mishra, and R. Motwani. Towards robustness in query auditing. In Proc. VLDB, pages 151--162, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. P. A. Parrilo. Structured semidefinite programs and semialgebraic geometry methods in robustness and optimization, 2000. Ph.D. Thesis, California Institute of Technology.Google ScholarGoogle Scholar
  25. P. A. Parrilo and B. Sturmfels. Minimizing polynomial functions. In Algorithmic and Quantitative Aspects of Real Algebraic Geometry in Mathematics and Computer Science, pages 83--100, 2001.Google ScholarGoogle Scholar
  26. President's Information Technology Advisory Committee. Revolutionizing health care through information technology, 2004.Google ScholarGoogle Scholar
  27. M. Putinar. Positive polynomials on compact semi-algebraic sets. Indiana University Math Journal, 42(3), 1993.Google ScholarGoogle ScholarCross RefCross Ref
  28. K. Schmüdgen. The k-moment problem for compact semialgebraic sets. Annals of Math, 289:203--206, 1991.Google ScholarGoogle ScholarCross RefCross Ref
  29. C. E. Shannon. Communication theory of secrecy systems. Bell System Technical Journal, 28-4:656--715, 1949.Google ScholarGoogle ScholarCross RefCross Ref
  30. N. Z. Shor. Class of global minimum bounds of polynomial functions. Cybernetics, 6:731--734, 1987.Google ScholarGoogle Scholar
  31. N. Z. Shor and P. I. Stetsyuk. The use of a modification of the r-algorithm for finding the global minimum of polynomial functions. Cybernetics and Systems Analysis, 33:482--497, 1997.Google ScholarGoogle ScholarCross RefCross Ref
  32. G. Stengle. A Nullstellensatz and a Positivstellensatz in semialgebraic geometry. Annals of Math, 207:87--97, 1974.Google ScholarGoogle ScholarCross RefCross Ref
  33. G. H. v. Wright. An Essay in Modal Logic. North-Holland, 1951.Google ScholarGoogle Scholar

Index Terms

  1. Epistemic privacy

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!