Privacy-Preserving Updates to Anonymous and Confidential Databases

Get BibTex-formatted data

Author

Alberto Trombetta, Wei Jiang, Elisa Bertino, Lorenzo Bossi

Entry type

article

Abstract

Suppose Alice owns a k-anonymous database and needs to determine whether her database, when inserted with a tuple owned by Bob, is still k-anonymous. Also, suppose that access to the database is strictly controlled, because for example data are used for certain experiments that need to be maintained confidential. Clearly, allowing Alice to directly read the contents of the tuple breaks the privacy of Bob (e.g., a patientâ€™s medical record); on the other hand, the confidentiality of the database managed by Alice is violated once Bob has access to the contents of the database. Thus, the problem is to check whether the database inserted with the tuple is still k-anonymous, without letting Alice and Bob know the contents of the tuple and the database respectively. In this paper, we propose two protocols solving this problem on suppression-based and generalization-based k-anonymous and confidential databases. The protocols rely on well-known cryptographic assumptions, and we provide theoretical analyses to proof their soundness and experimental results to illustrate their efficiency.

Date

2008 – 9 – 17

Key alpha

Bertino

Publication Date

2008-09-17

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ Bertino,
	title = "Privacy-Preserving Updates to Anonymous and Confidential Databases",
	author = "Alberto Trombetta, Wei Jiang, Elisa Bertino, Lorenzo Bossi",
	year = "2008",
	month = "9",
	day = "17",
	abstract = "Suppose Alice owns a k-anonymous database and needs to determine whether her database, when inserted with a tuple
owned by Bob, is still k-anonymous. Also, suppose that access to the database is strictly controlled, because for example data are used for certain experiments that need to be maintained confidential. Clearly, allowing Alice to directly read the contents of the tuple breaks the privacy of Bob (e.g., a patientâ€™s medical record); on the other hand, the confidentiality of the database managed by Alice
is violated once Bob has access to the contents of the database. Thus, the problem is to check whether the database inserted with the tuple is still k-anonymous, without letting Alice and Bob know the contents of the tuple and the database respectively. In this paper, we propose two protocols solving this problem on suppression-based and generalization-based k-anonymous and confidential databases. The protocols rely on well-known cryptographic assumptions, and we provide theoretical analyses to proof their soundness
and experimental results to illustrate their efficiency.",
}