Working Paper ENGLISH ONLY UNITED NATIONS ECONOMIC COMMISSION FOR EUROPE (UNECE) CONFERENCE OF EUROPEAN STATISTICIANS EUROPEAN COMMISSION STATISTICAL OFFICE OF THE EUROPEAN

نویسندگان

  • Jordi Soria-Comas
  • Josep Domingo-Ferrer
چکیده

The usual approach to generate k-anonymous data sets, based on generalization of the quasi-identifier attributes, does not provide any control on the variability of the confidential attributes within the k-anonymous groups. If the latter variability is too small, privacy is not sufficiently protected, while, for large variabilities, data utility is substantially damaged. Some refinements to the basic k-anonymity privacy model, like ldiversity and t-closeness, seek to prevent the variability of the confidential attributes within a k-anonymous group from being too small. However, upper-bounding the variability of the confidential attributes to improve utility has not yet been considered. We propose a method to attain k-anonymity, based on microaggregation of the confidential data, that seeks the lowest possible variability for the confidential attributes, thereby maximizing utility. Our proposal can be combined with k-anonymity refinements such as l-diversity and t-closeness, hence yielding simultaneous utility and privacy guarantees. ε-Differential privacy is another popular privacy model that is often opposed to kanonymity like models. k-Anonymity is usually presented as a model that preserves data utility to a good extent but offers only limited privacy guarantees. In contrast, ε-differential privacy provides strong privacy guarantees but only limited data utility. We show that for microdata releases, ε-differential privacy can be seen as a kind of t-closeness with a specific distance measure. Hence, our proposal to minimize the variability of the confidential attributes can also be applied for ε-differential privacy.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Working Paper ENGLISH ONLY UNITED NATIONS ECONOMIC COMMISSION FOR EUROPE (UNECE) CONFERENCE OF EUROPEAN STATISTICIANS EUROPEAN COMMISSION STATISTICAL OFFICE OF THE EUROPEAN

Theoretical methods and software are available for performing optimal complementary cell suppression (CCS) in tables. The released resulting suppression patterns comprise algebraic circuits which define alternative tables for the original table while controlling variation between original and alternative cell values. For an important class of statistical tables including two-way tables, these c...

متن کامل

WP. 9 ENGLISH ONLY UNITED NATIONS STATISTICAL COMMISSION and ECONOMIC COMMISSION FOR EUROPE CONFERENCE OF EUROPEAN STATISTICIANS EUROPEAN COMMISSION STATISTICAL OFFICE OF THE EUROPEAN COMMUNITIES (EUROSTAT)

The concept of differential privacy has received considerable attention in the literature recently. In this paper we evaluate the masking mechanism based on Laplace noise addition to satisfy differential privacy. The results of this study indicate that the Laplace based noise addition procedure does not satisfy the requirements of differential privacy.

متن کامل

Working Paper No. 30 ENGLISH ONLY UNITED NATIONS STATISTICAL COMMISSION and ECONOMIC COMMISSION FOR EUROPE CONFERENCE OF EUROPEAN STATISTICIANS EUROPEAN COMMISSION STATISTICAL OFFICE OF THE EUROPEAN COMMUNITIES (EUROSTAT)

In this paper we give an overview of various approaches to the implementation of statistical disclosure control to tabular data released through the Web. We consider three generic groups of statistical disclosure control methods: source data perturbation, output perturbation and query-set restriction. Considering different types of Web-sites and implementation approaches we discuss the appropri...

متن کامل

Working Paper No. 2 ENGLISH ONLY UNITED NATIONS STATISTICAL COMMISSION and ECONOMIC COMMISSION FOR EUROPE CONFERENCE OF EUROPEAN STATISTICIANS EUROPEAN COMMISSION STATISTICAL OFFICE OF THE EUROPEAN COMMUNITIES (EUROSTAT)

In a statistical database, the query-answering system should leave unanswered sum-queries that could lead to the disclosure of confidential data. To this end, each sum-query and previously answered sum-queries should be audited. We give a general framework for controlling the amount of information released when sum-queries are answered, both from the viewpoint of the user and from the viewpoint...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2013