Beyond k-Anonymity: A Decision Theoretic Framework for Assessing Privacy Risk

Get BibTex-formatted data

Download

PDF

Author

Guy Lebanon, Monica Scannapieco, Mohamed Fouad, Elisa Bertino

Tech report number

CERIAS TR 2006-31

Entry type

article

Abstract

An important issue any organization or individual has to face when managing data containing sensitive information, is the risk that can be incurred when releasing such data. Even though data may be sanitized before being released, it is still possible for an adversary to reconstruct the original data using additional information thus resulting in privacy violations. To date, however, a systematic approach to quantify such risks is not available. In this paper we develop a framework, based on statistical decision theory, that assesses the relationship between the disclosed data and the resulting privacy risk. We model the problem of deciding which data to disclose, in terms of deciding which disclosure rule to apply to a database. We assess the privacy risk by taking into account both the entity identification and the sensitivity of the disclosed information. Furthermore, we prove that, under some conditions, the estimated privacy risk is an upper bound on the true privacy risk. Finally, we relate our framework with the k-anonymity disclosure method. The proposed framework makes the assumptions behind k-anonymity explicit, quantifies them, and extends them in several natural directions.

Download

PDF

Key alpha

Guy Lebanon

Affiliation

Purdue University, ISTAT

Publication Date

2001-01-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ Guy Lebanon,
	title = "Beyond k-Anonymity: A Decision Theoretic Framework for Assessing Privacy Risk",
	author = "Guy Lebanon, Monica Scannapieco, Mohamed Fouad, Elisa Bertino",
	abstract = "An important issue any organization or individual has to face when managing data containing sensitive
information, is the risk that can be incurred when releasing such data. Even though data may be sanitized before
being released, it is still possible for an adversary to reconstruct the original data using additional information thus
resulting in privacy violations. To date, however, a systematic approach to quantify such risks is not available. In
this paper we develop a framework, based on statistical decision theory, that assesses the relationship between the
disclosed data and the resulting privacy risk. We model the problem of deciding which data to disclose, in terms
of deciding which disclosure rule to apply to a database. We assess the privacy risk by taking into account both
the entity identification and the sensitivity of the disclosed information. Furthermore, we prove that, under some
conditions, the estimated privacy risk is an upper bound on the true privacy risk. Finally, we relate our framework
with the k-anonymity disclosure method. The proposed framework makes the assumptions behind k-anonymity
explicit, quantifies them, and extends them in several natural directions.",
	affiliation = "Purdue University, ISTAT ",
}