ABSTRACT
In this paper we introduce a new and general privacy framework called Pufferfish. The Pufferfish framework can be used to create new privacy definitions that are customized to the needs of a given application. The goal of Pufferfish is to allow experts in an application domain, who frequently do not have expertise in privacy, to develop rigorous privacy definitions for their data sharing needs. In addition to this, the Pufferfish framework can also be used to study existing privacy definitions.
We illustrate the benefits with several applications of this privacy framework: we use it to formalize and prove the statement that differential privacy assumes independence between records, we use it to define and study the notion of composition in a broader context than before, we show how to apply it to protect unbounded continuous attributes and aggregate information, and we show how to use it to rigorously account for prior data releases.
- N. Adam and J. Worthmann. Security-control methods for statistical databases. ACM Computing Surveys, 21(4):515--556, 1989. Google Scholar
Digital Library
- C. C. Aggarwal, J. Pei, and B. Zhang. On privacy preservation against adversarial data mining. In KDD, 2006. Google Scholar
Digital Library
- A. Blum, K. Ligett, and A. Roth. A learning theory approach to non-interactive database privacy. In STOC, pages 609--618, 2008. Google Scholar
Digital Library
- P. J. Cantwell, H. Hogan, and K. M. Styles. The use of statistical methods in the u.s. census: Utah v. evans. The American Statistician, 58(3):203--212, 2004.Google Scholar
Cross Ref
- K. Chaudhuri and N. Mishra. When random sampling preserves privacy. In CRYPTO, 2006. Google Scholar
Digital Library
- B.-C. Chen, D. Kifer, K. LeFevre, and A. Machanavajjhala. Privacy-preserving data publishing. Foundations and Trends in Databases, 2(1--2):1--167, 2009. Google Scholar
Digital Library
- C. Clifton. Using sample size to limit exposure to data mining. Journal of Computer Security, 8(4), 2000. Google Scholar
Digital Library
- C. Clifton, M. Kantarcioglu, and J. Vaidya. Defining privacy for data mining. In Proc. of the NSF Workshop on Next Generation Data Mining, 2002.Google Scholar
- C. Clifton and D. Marks. Security and privacy implications of data mining. In Proceedings of the ACM SIGMOD Workshop on Data Mining and Knowledge Discovery, 1996.Google Scholar
- A. Delis, V. S. Verykios, and A. A. Tsitsonis. A data perturbation approach to sensitive classification rule hiding. In SAC, 2010. Google Scholar
Digital Library
- Y. Duan. Privacy without noise. In CIKM, 2009. Google Scholar
Digital Library
- C. Dwork. Differential privacy. In ICALP, 2006. Google Scholar
Digital Library
- C. Dwork, F. McSherry, K. Nissim, and A. Smith. Calibrating noise to sensitivity in private data analysis. In TCC, 2006. Google Scholar
Digital Library
- C. Dwork and M. Naor. On the difficulties of disclosure prevention in statistical databases or the case for differential privacy. JPC, 2(1), 2010.Google Scholar
- S. E. Fienberg. Confidentiality and disclosure limitation methodology: Challenges for national statistics and statistical research. Technical Report 668, Carnegie Mellon University, 1997.Google Scholar
- B. C. M. Fung, K. Wang, R. Chen, and P. S. Yu. Privacy-preserving data publishing: A survey on recent developments. ACM Computing Surveys, 42(4), 2010. Google Scholar
Digital Library
- S. R. Ganta, S. P. Kasiviswanathan, and A. Smith. Composition attacks and auxiliary information in data privacy. In KDD, 2008. Google Scholar
Digital Library
- J. Gehrke, E. Lui, and R. Pass. Towards privacy for social networks: A zero-knowledge based definition of privacy. In TCC, 2011. Google Scholar
Digital Library
- N. Homer, S. Szelinger, M. Redman, D. Duggan, W. Tembe, J. Muehling, J. V. Pearson, D. A. Stephan, S. F. Nelson, and D. W. Craig. Resolving individuals contributing trace amounts of dna to highly complex mixtures using high-density snp genotyping microarrays. PLoS Genet, 4(8), 08 2008.Google Scholar
Cross Ref
- D. Kifer and B.-R. Lin. An axiomatic view of statistical privacy and utility. To appear in Journal of Privacy and Confidentiality.Google Scholar
- D. Kifer and B.-R. Lin. Towards an axiomatization of statistical privacy and utility. In PODS, 2010. Google Scholar
Digital Library
- D. Kifer and A. Machanavajjhala. No free lunch in data privacy. In SIGMOD, 2011. Google Scholar
Digital Library
- K. LeFevre, D. DeWitt, and R. Ramakrishnan. Mondrian multidimensional k-anonymity. In ICDE, 2006. Google Scholar
Digital Library
- B.-R. Lin and D. Kifer. A framework for extracting semantic guarantees from privacy definitions. Technical report, Penn State University, 2012.Google Scholar
- A. Machanavajjhala, D. Kifer, J. Abowd, J. Gehrke, and L. Vilhuber. Privacy: From theory to practice on the map. In ICDE, 2008. Google Scholar
Digital Library
- F. D. McSherry. Privacy integrated queries: An extensible platform for privacy-preserving data analysis. In SIGMOD, pages 19--30, 2009. Google Scholar
Digital Library
- I. Mironov, O. Pandey, O. Reingold, and S. Vadhan. Computational differential privacy. In CRYPTO, 2009. Google Scholar
Digital Library
- G. V. Moustakides and V. S. Verykios. A maxmin approach for hiding frequent itemsets. Data Knowl. Eng., 65(1), 2008. Google Scholar
Digital Library
- J. Natwichai, X. Li, and M. E. Orlowska. A reconstruction-based algorithm for classification rules hiding. In ADC, 2006. Google Scholar
Digital Library
- K. Nissim, S. Raskhodnikova, and A. Smith. Smooth sensitivity and sampling in private data analysis. In STOC, pages 75--84, 2007. Google Scholar
Digital Library
- S. R. M. Oliveira and O. R. Zaiane. Algorithms for balancing privacy and knowledge discovery in association rule mining. In International Database Engineering and Applications Symposium, 2003.Google Scholar
Cross Ref
- PREDICT (protected repository for the defense of infrastructure against cyber threats). http://www.cyber.st.dhs.gov/predict/.Google Scholar
- V. Rastogi, M. Hay, G. Miklau, and D. Suciu. Relationship privacy: Output perturbation for queries with joins. In PODS, pages 107--116, 2009. Google Scholar
Digital Library
- P. Samarati. Protecting respondents' identities in microdata release. TKDE, 13(6), 2001. Google Scholar
Digital Library
- S. Sankararaman, G. Obozinski, M. I. Jordan, and E. Halperin. Genomic privacy and limits of individual detection in a pool. Nature genetics, 41(9):965--967, September 2009.Google Scholar
Cross Ref
- V. S. Verykios, E. Bertino, I. N. Fovino, L. P. Provenza, Y. Saygin, and Y. Theodoridis. State-of-the-art in privacy preserving data mining. SIGMOD Rec., 33(1), 2004. Google Scholar
Digital Library
- V. S. Verykios, A. K. Elmagarmid, E. Bertino, Y. Saygin, and E. Dasseni. Association rule hiding. IEEE Trans. Knowl. Data Eng., 16(4), 2004. Google Scholar
Digital Library
- E. T. Wang and G. Lee. An efficient sanitization algorithm for balancing information privacy and knowledge discovery in association patterns mining. Data & Knowledge Engineering, 65(3), 2008. Google Scholar
Digital Library
- K. Wang, B. Fung, and P. Yu. Template-based privacy preservation in classification problems. In ICDM, 2005. Google Scholar
Digital Library
- X. Xiao and Y. Tao. Anatomy: Simple and effective privacy preservation. In VLDB, 2006. Google Scholar
Digital Library
- S. Zhou, K. Ligett, and L. Wasserman. Differential privacy with compression. In ISIT, 2009. Google Scholar
Digital Library
Index Terms
A rigorous and customizable framework for privacy
Recommendations
Pufferfish Privacy Mechanisms for Correlated Data
SIGMOD '17: Proceedings of the 2017 ACM International Conference on Management of DataMany modern databases include personal and sensitive correlated data, such as private information on users connected together in a social network, and measurements of physical activity of single subjects across time. However, differential privacy, the ...
Blowfish privacy: tuning privacy-utility trade-offs using policies
SIGMOD '14: Proceedings of the 2014 ACM SIGMOD International Conference on Management of DataPrivacy definitions provide ways for trading-off the privacy of individuals in a statistical database for the utility of downstream analysis of the data. In this paper, we present Blowfish, a class of privacy definitions inspired by the Pufferfish ...
A privacy framework: indistinguishable privacy
EDBT '13: Proceedings of the Joint EDBT/ICDT 2013 WorkshopsIn this paper we illustrate a privacy framework named Indistinguishable Privacy. Indistinguishable privacy could be deemed as the formalization of the existing privacy definitions in privacy preserving data publishing as well as secure multi-party ...






Comments