Database Privacy Research @Stanford --- An Overview Krishnaram - - PowerPoint PPT Presentation

database privacy research stanford an overview
SMART_READER_LITE
LIVE PREVIEW

Database Privacy Research @Stanford --- An Overview Krishnaram - - PowerPoint PPT Presentation

Apr 17, 2023 14 likes •227 views

Database Privacy Research @Stanford --- An Overview Krishnaram Kenthapadi kngk@cs.stanford.edu Hector Garcia-Molina, Rajeev Motwani G. Aggarwal, M. Bawa, C. Dwork, P. Ganesan, E-J. Goh, N. Mishra, S. Nabar, U. Srivastava, D. Thomas, Y. Xu

slide-1
SLIDE 1

Database Privacy Research @Stanford --- An Overview

Hector Garcia-Molina, Rajeev Motwani

  • G. Aggarwal, M. Bawa, C. Dwork, P. Ganesan, E-J. Goh, N.

Mishra, S. Nabar, U. Srivastava, D. Thomas, Y. Xu

Krishnaram Kenthapadi kngk@cs.stanford.edu

slide-2
SLIDE 2

DI MACS Working Group, 17 Mar 2004 Krishnaram Kent hapadi 2

Private Information Management

Individual centric privacy Search over access-controlled data Aggregates on vertically-partitioned databases Approximations for k-anonymity

slide-3
SLIDE 3

DI MACS Working Group, 17 Mar 2004 Krishnaram Kent hapadi 3

Private Information Management

Individual centric privacy Search over access-controlled data Aggregates on vertically-partitioned databases Approximations for k-anonymity Secure indexes Secure quantile computation …

slide-4
SLIDE 4

DI MACS Working Group, 17 Mar 2004 Krishnaram Kent hapadi 4

Individual Centric Privacy (P4P: Paranoid Platform for Privacy Preferences) [ABG+04]

slide-5
SLIDE 5

DI MACS Working Group, 17 Mar 2004 Krishnaram Kent hapadi 5

Managing Personal Information

Status

P3P: organization declares privacy policies Hippocratic DB: organization’s datastore

implements policies

Critique

Individual must trust each organization Ex of misuse: Acxiom, JetBlue, Northwest,…

slide-6
SLIDE 6

DI MACS Working Group, 17 Mar 2004 Krishnaram Kent hapadi 6

Managing Personal Information

Thesis

Enable an individual to retain “control” over his/her

information, even after it has been released to an

  • rganization

Plan

Design models and mechanisms for release,

acquisition, use and update of personal information (the P4P framework)

slide-7
SLIDE 7

DI MACS Working Group, 17 Mar 2004 Krishnaram Kent hapadi 7

Example: Managing Credit Card

Credit Card Number George CafeDay

Control: [a] Permission, [b] No copies, [c] No Integration, …

slide-8
SLIDE 8

DI MACS Working Group, 17 Mar 2004 Krishnaram Kent hapadi 8

Information Types

Ownership

Individual, Organization

Function

Identifier, Service Handle, Input to Predicate, Copy

Control

Complete Privacy, Limited Use, No Predicate Input, No

Integration, Accountable, Sharable

Goal: Mechanisms for each information type to enforce desired properties

slide-9
SLIDE 9

DI MACS Working Group, 17 Mar 2004 Krishnaram Kent hapadi 9

Search over access-controlled data (PPI: Privacy-Preserving Indexing) [BBA03]

slide-10
SLIDE 10

DI MACS Working Group, 17 Mar 2004 Krishnaram Kent hapadi 10

Provider

Shares documents Enforces access policy

P1 Alzheimer’s Disease (Alice, Bob) AIDS (Alice) … Small-Pox (Alice, Bob, Lisa) P1 P2 P3 P32 P2026

slide-11
SLIDE 11

DI MACS Working Group, 17 Mar 2004 Krishnaram Kent hapadi 11

Searcher

Has an identity Wants documents

That match a keyword

query Q; and

With appropriate access-

rights Alice P1 P2 P3 P32 P2026 Q = “AIDS”

slide-12
SLIDE 12

DI MACS Working Group, 17 Mar 2004 Krishnaram Kent hapadi 12

Search Engine

Engine not trusted by

providers:

Providers do not want to

send documents to search engine

Providers do not want to

reveal access-lists to search engine

How do we enable search?

Alice P1 P2 P3 P32 P2026 Q = “AIDS” Search Engine

slide-13
SLIDE 13

DI MACS Working Group, 17 Mar 2004 Krishnaram Kent hapadi 13

Aggregates on vertically-partitioned databases [AST04]

slide-14
SLIDE 14

DI MACS Working Group, 17 Mar 2004 Krishnaram Kent hapadi 14

Vertically-Partitioned Databases

F CA Mary M CA Tom F NJ Alice M NJ John Sex State Name 26 100K Mary 72 200K Tom 22 80K Alice 35 120K John Age Salary Name

Census Bureau

  • Dept. of HRD

Q: Select State, Avg(Salary) Where Census.Name = HRD.Name From Census, HRD Groupby State

150K CA 100K NJ Salary State

A:

slide-15
SLIDE 15

DI MACS Working Group, 17 Mar 2004 Krishnaram Kent hapadi 15

Vertically-Partitioned Databases

Privacy concerns

Databases cannot be released as-is Databases can be released after data has been

perturbed Goal: Return high precision aggregate answers

slide-16
SLIDE 16

DI MACS Working Group, 17 Mar 2004 Krishnaram Kent hapadi 16

Approximations for k-anonymity [AFK+04]

slide-17
SLIDE 17

DI MACS Working Group, 17 Mar 2004 Krishnaram Kent hapadi 17

k-anonymity

Cold 95103 F 20 Eve 840 Rashes 95103 F 22 Kate 710 Cold 95102 F 18 Jen 629 Flu 94301 F 32 Alice 615 Flu 94305 M 23 Joe 614 Symptom Zip Sex Age Name SSN

slide-18
SLIDE 18

DI MACS Working Group, 17 Mar 2004 Krishnaram Kent hapadi 18

k-anonymity: suppress keys

Cold 95103 F 20 Rashes 95103 F 22 Cold 95102 F 18 Flu 94301 F 32 Flu 94305 M 23 Symptom Zip Sex Age

slide-19
SLIDE 19

DI MACS Working Group, 17 Mar 2004 Krishnaram Kent hapadi 19

k-anonymity: generalize attributes

* 9510* F [15-25] * 9510* F [15-25] * 9510* F [15-25] Flu 9430* * [20-35] Flu 9430* * [20-35] Symptom Zip Sex Age

k = 2

slide-20
SLIDE 20

DI MACS Working Group, 17 Mar 2004 Krishnaram Kent hapadi 20

k-anonymity – work in progress

[MW04]

NP-hardness O(k log k) - approximation algorithm

O(k) - approximation algorithm

slide-21
SLIDE 21

DI MACS Working Group, 17 Mar 2004 Krishnaram Kent hapadi 21

References

http://theory.stanford.edu/~rajeev/privacy.html

[ABG+04]: Stanford Database Privacy Group. Enabling

privacy for the paranoids.

[BBA03]: Bawa, Bayardo Jr., Agrawal. Privacy-preserving

indexing of documents on the network.

[AST04]: Agrawal, Srikant, Thomas. Privacy preserving OLAP. [AFK+04]: Aggarwal, Feder, Kenthapadi, Motwani, Panigrahy,

Thomas, Zhu. k-anonymity: Hardness and approximation results.

[AMP04]: Aggarwal, Mishra, Pinkas. Privacy-preserving

computation of the kth-ranked element.

[Goh03]: Goh. Secure indexes.