Closeness: A New Privacy Measure for Data Publishing

The k-anonymity privacy requirement for publishing microdata requires that each equivalence class (i.e., a set of records that are indistinguishable from each other with respect to certain "identifying" attributes) contains at least k records. Recently, several authors have recognized that...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:IEEE transactions on knowledge and data engineering Ročník 22; číslo 7; s. 943 - 956
Hlavní autoři: Ninghui Li, Tiancheng Li, Venkatasubramanian, Suresh
Médium: Journal Article
Jazyk:angličtina
Vydáno: New York, NY IEEE 01.07.2010
IEEE Computer Society
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Témata:
Applied sciences
Computer science; control theory; systems
data anonymization
Data privacy
Data processing. List processing. Character string processing
data publishing
Data security
Diseases
Exact sciences and technology
Information security
Mathematical models
Memory and file management (including protection and security)
Memory organisation. Data processing
Privacy
Privacy preservation
Probability distribution
Publishing
Remuneration
Software
Tables (data)
Thresholds
Utilities
Private life
Data privacy
Privacy preservation
Microdata
data security
Anonymity
Probability distribution
data anonymization
Modeling
Equivalence classes
Statistical databases
data publishing
Computer security
Probability measure
ISSN:1041-4347, 1558-2191
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:The k-anonymity privacy requirement for publishing microdata requires that each equivalence class (i.e., a set of records that are indistinguishable from each other with respect to certain "identifying" attributes) contains at least k records. Recently, several authors have recognized that k-anonymity cannot prevent attribute disclosure. The notion of ℓ-diversity has been proposed to address this; ℓ-diversity requires that each equivalence class has at least ℓ well-represented (in Section 2) values for each sensitive attribute. In this paper, we show that ℓ-diversity has a number of limitations. In particular, it is neither necessary nor sufficient to prevent attribute disclosure. Motivated by these limitations, we propose a new notion of privacy called "closeness." We first present the base model t-closeness, which requires that the distribution of a sensitive attribute in any equivalence class is close to the distribution of the attribute in the overall table (i.e., the distance between the two distributions should be no more than a threshold t). We then propose a more flexible privacy model called (n,t)-closeness that offers higher utility. We describe our desiderata for designing a distance measure between two probability distributions and present two distance measures. We discuss the rationale for using closeness as a privacy measure and illustrate its advantages through examples and experiments.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ObjectType-Article-2
ObjectType-Feature-1
content type line 23
ISSN:1041-4347
1558-2191
DOI:10.1109/TKDE.2009.139