simulatability
play

Simulatability The enemy knows the system, Claude Shannon CompSci - PowerPoint PPT Presentation

Feb 24, 2024 •148 likes •699 views

Simulatability The enemy knows the system, Claude Shannon CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 6 : 590.03 Fall 12 1 Announcements Please meet with me at least 2 times before you finalize your project (deadline

  1. Simulatability “The enemy knows the system”, Claude Shannon CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 6 : 590.03 Fall 12 1

  2. Announcements • Please meet with me at least 2 times before you finalize your project (deadline Sep 28). Lecture 6 : 590.03 Fall 12 2

  3. Recap – L-Diversity • The link between identity and attribute value is the sensitive information. “ Does Bob have Cancer? Heart disease? Flu?” “Does Umeko have Cancer? Heart disease? Flu?” • Adversary knows ≤ L -2 negation statements. “ Umeko does not have Heart Disease.” – Data Publisher may not know exact adversarial knowledge • Privacy is breached when identity can be linked to attribute value with high probability Pr[ “ Bob has Cancer” | published table, adv. knowledge ] > t Lecture 6 : 590.03 Fall 12 3

  4. Recap – 3-Diverse Table Zip Age Nat. Disease 1306* <=40 * Heart 1306* <=40 * Flu 1306* <=40 * Cancer L-Diversity Principle : 1306* <=40 * Cancer Every group of tuples with the 1485* >40 * Cancer same Q-ID values has ≥ L 1485* >40 * Heart distinct sensitive values of 1485* >40 * Flu 1485* >40 * Flu roughly equal proportions. 1305* <=40 * Heart 1305* <=40 * Flu 1305* <=40 * Cancer 1305* <=40 * Cancer Lecture 6 : 590.03 Fall 12 4

  5. Outline • Simulatable Auditing • Minimality Attack in anonymization • Simulatable algorithms for anoymization Lecture 6 : 590.03 Fall 12 5

  6. Query Auditing Query Yes Database Safe to publish? No Researcher Database has numeric values (say salaries of employees). Database either truthfully answers a question or denies answering. MIN, MAX, SUM queries over subsets of the database. Question: When to allow/deny queries? Lecture 6 : 590.03 Fall 12 6

  7. Why should we deny queries? • Q1: Ben’s sensitive value? Name 1 st year Gender Sensitiv – DENY PhD e value Ben Y M 1 • Q2: Max sensitive value of Bha N M 1 males? Ios Y M 1 – ANSWER: 2 Jan N M 2 Jian Y M 2 Jie N M 1 • Q3: Max sensitive value of 1 st Joe N M 2 year PhD students? Moh N M 1 – ANSWER: 3 Son N F 1 Xi Y F 3 • But Q3 + Q2 => Xi = 3 Yao N M 2 Lecture 6 : 590.03 Fall 12 7

  8. Value-Based Auditing • Let a 1 , a 2 , …, a k be the answers to previous queries Q 1 , Q 2 , …, Q k . • Let a k+1 be the answer to Q k+1 . a i = f(c i1 x 1 , c i2 x 2 , …, c in x n ), i = 1 … k+1 c im = 1 if Q i depends on x m Check if any x j has a unique solution. Lecture 6 : 590.03 Fall 12 8

  9. Value-based Auditing • Data Values: {x 1 , x 2 , x 3 , x 4 , x 5 }, Queries: MAX. • Allow query if value of xi can’t be inferred. x 1 x 2 x 3 x 4 x 5 Lecture 6 : 590.03 Fall 12 9

  10. Value-based Auditing • Data Values: {x 1 , x 2 , x 3 , x 4 , x 5 }, Queries: MAX. - ∞ ≤ x 1 … x 5 ≤ 10 • Allow query if value of xi can’t be inferred. max(x 1 , x 2 , x 3 , x 4 , x 5 ) x 1 x 2 Ans: 10 10 x 3 x 4 x 5 Lecture 6 : 590.03 Fall 12 10

  11. Value-based Auditing • Data Values: {x 1 , x 2 , x 3 , x 4 , x 5 }, Queries: MAX. • Allow query if value of xi can’t be inferred. - ∞ ≤ x 1 … x 4 ≤ 8 max(x 1 , x 2 , x 3 , x 4 , x 5 ) x 1 => x 5 = 10 x 2 Ans: 10 10 x 3 max(x 1 , x 2 , x 3 , x 4 ) x 4 x 5 Ans: 8 DENY Lecture 6 : 590.03 Fall 12 11

  12. Value-based Auditing • Data Values: {x 1 , x 2 , x 3 , x 4 , x 5 }, Queries: MAX. Denial means some • Allow query if value of xi can’t be inferred. value can be compromised! max(x 1 , x 2 , x 3 , x 4 , x 5 ) x 1 x 2 Ans: 10 10 x 3 max(x 1 , x 2 , x 3 , x 4 ) x 4 x 5 Ans: 8 DENY Lecture 6 : 590.03 Fall 12 12

  13. Value-based Auditing • Data Values: {x 1 , x 2 , x 3 , x 4 , x 5 }, Queries: MAX. What could • Allow query if value of xi can’t be inferred. max(x1, x2, x3, x4) be? max(x 1 , x 2 , x 3 , x 4 , x 5 ) x 1 x 2 Ans: 10 10 x 3 max(x 1 , x 2 , x 3 , x 4 ) x 4 x 5 Ans: 8 DENY Lecture 6 : 590.03 Fall 12 13

  14. Value-based Auditing • Data Values: {x 1 , x 2 , x 3 , x 4 , x 5 }, Queries: MAX. From first answer, • Allow query if value of xi can’t be inferred. max(x1,x2,x3,x4) ≤ 10 max(x 1 , x 2 , x 3 , x 4 , x 5 ) x 1 x 2 Ans: 10 10 x 3 max(x 1 , x 2 , x 3 , x 4 ) x 4 x 5 Ans: 8 DENY Lecture 6 : 590.03 Fall 12 14

  15. Value-based Auditing • Data Values: {x 1 , x 2 , x 3 , x 4 , x 5 }, Queries: MAX. If, max(x1,x2,x3,x4) = 10 • Allow query if value of xi can’t be inferred. Then, no privacy breach max(x 1 , x 2 , x 3 , x 4 , x 5 ) x 1 x 2 Ans: 10 10 x 3 max(x 1 , x 2 , x 3 , x 4 ) x 4 x 5 Ans: 8 DENY Lecture 6 : 590.03 Fall 12 15

  16. Value-based Auditing • Data Values: {x 1 , x 2 , x 3 , x 4 , x 5 }, Queries: MAX. Hence, • Allow query if value of xi can’t be inferred. max(x1,x2,x3,x4) < 10 => x5 = 10! max(x 1 , x 2 , x 3 , x 4 , x 5 ) x 1 x 2 Ans: 10 10 x 3 max(x 1 , x 2 , x 3 , x 4 ) x 4 x 5 Ans: 8 DENY Lecture 6 : 590.03 Fall 12 16

  17. Value-based Auditing • Data Values: {x 1 , x 2 , x 3 , x 4 , x 5 }, Queries: MAX. Hence, • Allow query if value of xi can’t be inferred. max(x1,x2,x3,x4) < 10 => x5 = 10! Denials leak information. max(x 1 , x 2 , x 3 , x 4 , x 5 ) x 1 Attack occurred since privacy analysis did x 2 Ans: 10 10 x 3 not assume that attacker knows the algorithm. max(x 1 , x 2 , x 3 , x 4 ) x 4 x 5 Ans: 8 DENY Lecture 6 : 590.03 Fall 12 17

  18. Simulatable Auditing [Kenthapadi et al PODS ‘05] • An auditor is simulatable if the decision to deny a query Q k is made based on information already available to the attacker. – Can use querie s Q 1 , Q 2 , …, Q k and answers a 1 , a 2 , …, a k-1 – Cannot use a k or the actual data to make the decision. • Denials provably do not leak informaiton – Because the attacker could equivalently determine whether the query would be denied. – Attacker can mimic or simulate the auditor. Lecture 6 : 590.03 Fall 12 18

  19. Simulatable Auditing Algorithm • Data Values: {x 1 , x 2 , x 3 , x 4 , x 5 }, Queries: MAX. Ans > 10 => not possible • Allow query if value of xi can’t be inferred. Ans = 10 => - ∞ ≤ x 1 … x 4 ≤ 10 SAFE UNSAFE Ans < 10 => x 5 = 10 max(x 1 , x 2 , x 3 , x 4 , x 5 ) x 1 x 2 Ans: 10 10 x 3 max(x 1 , x 2 , x 3 , x 4 ) x 4 Before x 5 computing DENY answer Lecture 6 : 590.03 Fall 12 19

  20. Summary of Simulatable Auditing • Decision to deny answers must be based on past queries answered in some ( many! ) cases. • Denials can leak information if the adversary does not know all the information that is used to decide whether to deny the query. Lecture 6 : 590.03 Fall 12 20

  21. Outline • Simulatable Auditing • Minimality Attack in anonymization • Simulatable algorithms for anoymization Lecture 6 : 590.03 Fall 12 21

  22. Minimality attack on Generalization algorithms • Algorithms for K-anonymity, L-diversity, T-closeness, etc. try to maximize utility. – Find a minimally generalized table in the lattice that satisfies privacy, and maximizes utility. • But … attacker also knows this algorithm! Lecture 6 : 590.03 Fall 12 22

  23. Example Minimality attack [Wong et al VLDB07] • Dataset with one quasi-identifier and 2 values q1, q2. • q1, q2 generalize to Q. • Sensitive attribute: Cancer – yes/no • We want to ensure P[Cancer = yes] < ½. – OK to know if an individual does not have Cancer. QID Cancer Q Yes Q Yes • Published Table: Q No Q No q2 No q2 No Lecture 6 : 590.03 Fall 12 23

  24. Which input datasets could have led to the published table? Output dataset {q1,q2}  Q Possible Input dataset (“2 - diverse”) 3 occurrences of q1 QID Cancer QID Cancer QID Cancer q1 Yes q1 Yes Q Yes q1 Yes q1 No Q Yes q1 No q1 No Q No q2 No q2 Yes Q No q2 No q2 No q2 No q2 No q2 No q2 No Lecture 6 : 590.03 Fall 12 24

  25. Which input datasets could have led to the published table? Output dataset {q1,q2}  Q Possible Input dataset (“2 - diverse”) 3 occurrences of q1 QID Cancer QID Cancer q1 Yes Q Yes Q No Q Yes Q No Q No q2 Yes Q No q2 No q2 No q2 No q2 No This is a better generalization! Lecture 6 : 590.03 Fall 12 25

  26. Which input datasets could have led to the published table? Output dataset {q1,q2}  Q Possible Input dataset (“2 - diverse”) 1 occurrence of q1 QID Cancer QID Cancer QID Cancer q2 Yes q2 Yes Q Yes q1 Yes q2 Yes Q Yes q2 No q1 No Q No q2 No q2 No Q No q2 No q2 No q2 No q2 No q2 No q2 No Lecture 6 : 590.03 Fall 12 26

  27. Which input datasets could have led to the published table? Output dataset {q1,q2}  Q Possible Input dataset (“2 - diverse”) 3 occurrences of q1 QID Cancer QID Cancer q2 Yes Q Yes Q No Q Yes Q No Q No q2 Yes Q No q2 No q2 No q2 No q2 No This is a better generalization! Lecture 6 : 590.03 Fall 12 27

  28. Which input datasets could have led to the published table? Output dataset {q1,q2}  Q Possible Input dataset (“2 - diverse”) 3 occurrences of q1 QID Cancer QID Cancer q2 Yes Q Yes There must be exactly two tuples with q1 Q No Q Yes Q No Q No q2 Yes Q No q2 No q2 No q2 No q2 No Lecture 6 : 590.03 Fall 12 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Simulatability The enemy knows the system, Claude Shannon

Simulatability The enemy knows the system, Claude Shannon

Simulatability The enemy knows the system, Claude Shannon CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 6 : 590.03 Fall 13 1 Outline

647 views • 51 slides
Anonymization Algorithms - Other techniques, metrics, and extended scenarios Li Xiong CS573

Anonymization Algorithms - Other techniques, metrics, and extended scenarios Li Xiong CS573

Anonymization Algorithms - Other techniques, metrics, and extended scenarios Li Xiong CS573 Data Privacy and Anonymity So far k-anonymity (protect identity disclosure) Anonymization algorithms Generalization and suppression

549 views • 34 slides
realisation in Opt-Out trial site Nepean Blue Mountains Jo-Anna Wood Change &amp; Adoption

realisation in Opt-Out trial site Nepean Blue Mountains Jo-Anna Wood Change &amp; Adoption

HealtheNet &amp; My Health Record benefits realisation in Opt-Out trial site Nepean Blue Mountains Jo-Anna Wood Change &amp; Adoption Manager eHealth NSW Introduction ________________________________________________________________________

766 views • 30 slides
Disclaimer This webinar may be recorded. This webinar presents a sampling of best practices and

Disclaimer This webinar may be recorded. This webinar presents a sampling of best practices and

Disclaimer This webinar may be recorded. This webinar presents a sampling of best practices and overviews, generalities, and some state laws. This should not be used as legal advice. Itentive recognizes that there is not a one size fits

821 views • 45 slides
CME for POTS/EDS/Chiari My story with POTS/EDS/Chiari By Amanda Ross Frequent Questions How

CME for POTS/EDS/Chiari My story with POTS/EDS/Chiari By Amanda Ross Frequent Questions How

CME for POTS/EDS/Chiari My story with POTS/EDS/Chiari By Amanda Ross Frequent Questions How did you develop POTS? How did you get better? How did you get through school? Are you really cured? Beginning of EDS Symptoms Beginning

596 views • 21 slides
I U Health Motility Conference July 2, 2014 Anne Mary Montero, PhD, HSPP Prevalence

I U Health Motility Conference July 2, 2014 Anne Mary Montero, PhD, HSPP Prevalence

I U Health Motility Conference July 2, 2014 Anne Mary Montero, PhD, HSPP Prevalence Presentation/system use Persistent symptoms Cost Relationship to evident psychological factors: Sx occurrence Sx remediation

666 views • 32 slides
Disclosures Vanderbilt Institutional Review Board approved this study Vanderbilt University

Disclosures Vanderbilt Institutional Review Board approved this study Vanderbilt University

AN INNOVATIVE MUCOSAL IMPEDANCE DEVICE DIFFERENTIATES ACTIVE EOSINOPHILIC ESOPHAGITIS FROM INACTIVE DISEASE, NERD, AND CONTROLS Mary Allyson Lowry, MD 1 Michael Vaezi, MD, MS, PhD 2 Hernan Correa, MD 3 Chris Slaughter, DrPH 4 Tina Higginbotham, MPA

106 views • 7 slides
The London Neurogastroenterology Course 2019 Session slides Day 1 Wednesday 17 April 2019

The London Neurogastroenterology Course 2019 Session slides Day 1 Wednesday 17 April 2019

The London Neurogastroenterology Course 2019 Session slides Day 1 Wednesday 17 April 2019 MORNING SESSION INTRODUCTION TO FGID Chairs: Dr A Fikree and Dr M Peiris a. Epidemiology and extent of problem/biopsychosocial model Prof Q Aziz

189 views • 3 slides
APPROACH TO BLOATING Epidemiology Very common symptom in primary care (10- 30% in population

APPROACH TO BLOATING Epidemiology Very common symptom in primary care (10- 30% in population

Dr Juanda Leo Hartono Associate Consultant Div Gastroenterology and Hepatology National University Hospital, Singapore APPROACH TO BLOATING Epidemiology Very common symptom in primary care (10- 30% in population based studies) Most

716 views • 25 slides
Antibiotics Macrolides/Fluoroquinolones Danita Dee Narciso Pharm D 1 2 Objectives Become

Antibiotics Macrolides/Fluoroquinolones Danita Dee Narciso Pharm D 1 2 Objectives Become

UH Hilo School of Nursing NURS 203 General Pharmacology Antibiotics Macrolides/Fluoroquinolones Danita Dee Narciso Pharm D 1 2 Objectives Become familiar with antibiotics that are commonly used and recognize areas of potential practical

469 views • 23 slides
M98-863 Trial Lopinavir-ritonavir versus Nelfinavir in Treatment-Nave M98-863: Study Design

M98-863 Trial Lopinavir-ritonavir versus Nelfinavir in Treatment-Nave M98-863: Study Design

Lopinavir-ritonavir versus Nelfinavir in Treatment-Nave M98-863 Trial Lopinavir-ritonavir versus Nelfinavir in Treatment-Nave M98-863: Study Design Study Design: M98-863 Background : Randomized, double-blind, phase 3 study comparing the

349 views • 6 slides
Reference Chuang-Stein C, Beltangady M. (2011 ) Reporting cumulative proportion of

Reference Chuang-Stein C, Beltangady M. (2011 ) Reporting cumulative proportion of

Reporting Cumulative Proportion of Subjects with an Adverse Event Based on Data from Multiple Studies Christy Chuang-Stein Statistical Research and Consulting Center Pfizer Inc 18 April 2012 PSI Journal Club 1 delete these guides from slide

125 views • 10 slides
Interstitial Pulmonary Fibrosis A Deadly Disease. Said Chaaban, MD Assistant Professor of

Interstitial Pulmonary Fibrosis A Deadly Disease. Said Chaaban, MD Assistant Professor of

Interstitial Pulmonary Fibrosis A Deadly Disease. Said Chaaban, MD Assistant Professor of Medicine Pulmonary and Critical Care Medicine University of Kentucky August, 2018 Disclosure This presentation has no: Conflicts of interest

1.04k views • 60 slides
CAPACITY Results Conference Call CAPACITY Results Conference Call February 3, 2009 Innovative

CAPACITY Results Conference Call CAPACITY Results Conference Call February 3, 2009 Innovative

CAPACITY Results Conference Call CAPACITY Results Conference Call February 3, 2009 Innovative Medicines for Pulmonology and Hepatology Legal Disclaimer This presentation contains forward looking statements pertaining to the ongoing discovery,

474 views • 18 slides
Oncology Grand Rounds New Agents and Strategies in PARP Inhibition in the Management of Common

Oncology Grand Rounds New Agents and Strategies in PARP Inhibition in the Management of Common

Oncology Grand Rounds New Agents and Strategies in PARP Inhibition in the Management of Common Cancers Thursday, June 25, 2020 5:00 PM 6:30 PM ET Faculty Emmanuel S Antonarakis, MD Joyce OShaughnessy, MD Gretchen Santos Fulgencio,

1.02k views • 75 slides
Assessing the Safety of Rosiglitazone for the Treatment of Type 2 Diabetes Konstantinos

Assessing the Safety of Rosiglitazone for the Treatment of Type 2 Diabetes Konstantinos

Assessing the Safety of Rosiglitazone for the Treatment of Type 2 Diabetes Konstantinos Vamvourellis with K. Kalogeropoulos and L. Phillips Department of Statistics at LSE ISBA 2018 Edinburgh, June 27 2018 Description of the Problem Current

374 views • 21 slides
NUTRITION AND COMBINED NUTRITION PLUS PHYSICAL ACTIVITY INTERVENTIONS FOR OLDER ADULTS LIVING

NUTRITION AND COMBINED NUTRITION PLUS PHYSICAL ACTIVITY INTERVENTIONS FOR OLDER ADULTS LIVING

NUTRITION AND COMBINED NUTRITION PLUS PHYSICAL ACTIVITY INTERVENTIONS FOR OLDER ADULTS LIVING WITH FRAILTY: A SYSTEMATIC REVIEW AND META-ANALYSIS PREPARED AND PRESENTED FOR: NUTRITION AND PHYSICAL ACTIVITY CLINICAL PRACTICE GUIDELINES FOR OLDER

310 views • 20 slides
Orophary ryngeal Dysphaga And Frail ility: Can It It Be Rela lated? Glistan BAHAT, zlem

Orophary ryngeal Dysphaga And Frail ility: Can It It Be Rela lated? Glistan BAHAT, zlem

Orophary ryngeal Dysphaga And Frail ility: Can It It Be Rela lated? Glistan BAHAT, zlem YILMAZ , kran DURMAZOLU, Cihan KILI, Baar AYKENT, Mehmet Akif KARAN CONFLICT OF INTEREST DISCLOSURE I have no potential conflict of

280 views • 27 slides
Update for Nursing Homes: COVID-19 Sarah Rowland, Speech and Language Therapist Common Causes of

Update for Nursing Homes: COVID-19 Sarah Rowland, Speech and Language Therapist Common Causes of

Project ECHO AIIHPC &amp; TUH ARHC webinars for Nursing Homes during COVID-19 Speech and Language Therapy Update for Nursing Homes: COVID-19 Sarah Rowland, Speech and Language Therapist Common Causes of Orophary ryngeal Dysphagia (1)

666 views • 22 slides
Dysphagia: Recreation Therapy and Speech-Language Pathology Collaborations at the Sunnybrook

Dysphagia: Recreation Therapy and Speech-Language Pathology Collaborations at the Sunnybrook

Improving Quality of Life for Residents with Dysphagia: Recreation Therapy and Speech-Language Pathology Collaborations at the Sunnybrook Veterans Centre Jennifer Wong Jennifer Ashby Speech-Language Pathologist Recreation therapist MHSc,

804 views • 42 slides
Dysphagia: decisions, decisions, decisions Sean White Home Enteral Feed Dietitian Sheffield

Dysphagia: decisions, decisions, decisions Sean White Home Enteral Feed Dietitian Sheffield

Dysphagia: decisions, decisions, decisions Sean White Home Enteral Feed Dietitian Sheffield Teaching Hospitals NHS Foundation Trust Alali et al 2018 Lets get inside the mind of a person with dysphagia: Consider the impact of having

699 views • 31 slides
Therapy in Pediatrics Erin n Reier er, OTD, OTR/L, CBIS Pediatric Program Leader Michell

Therapy in Pediatrics Erin n Reier er, OTD, OTR/L, CBIS Pediatric Program Leader Michell

Role of Occupational Therapy in Pediatrics Erin n Reier er, OTD, OTR/L, CBIS Pediatric Program Leader Michell helle e Wiggins ins, OTD OTR/L, CBIS, ATP Oc Occu cupa pation tional al Th Ther erap apy y De Defi finit nition ion

489 views • 20 slides
Bulbar Features Swallowing Jodi Allen, Dietitian, National Hospital for Neurology and

Bulbar Features Swallowing Jodi Allen, Dietitian, National Hospital for Neurology and

Bulbar Features Swallowing Jodi Allen, Dietitian, National Hospital for Neurology and Neurosurgery Swallowing Two thirds of people with MND will experience difficulty swallowing Eat and drink less Food avoidance Reduced intake

258 views • 8 slides
Disfagia tardiva riportata dal paziente dopo tra7amento cura:vo

Disfagia tardiva riportata dal paziente dopo tra7amento cura:vo

Disfagia tardiva riportata dal paziente dopo tra7amento cura:vo con IMRT e chemioterapia concomitante in una serie di pazien: affe@ da carcinoma

538 views • 21 slides

More recommend