Databases Reference
In-Depth Information
19
Privacy in Database Publishing: A Bayesian
Perspective
Alin Deutsch
Department of Computer Science and Engineering
University of California San Diego
9500 Gilman Dr., La Jolla, CA, 92093-0404, USA
deutsch@cs.ucsd.edu
Summary.
We present a unifying perspective of privacy guarantees in view-based
and generalization-based publishing. This perspective uses a generic Bayesian pri-
vacy model which generalizes both types of publishing scenarios and allows us to
relate seemingly disparate privacy guarantees found in the literature.
1 Introduction
Database publishing systems export parts of a proprietary database for con-
sumption by client applications. The design of a publishing system is subject
to two conflicting requirements. On one hand, the data owner needs to publish
appropriate parts of the proprietary data to support various interactions with
her clients. On the other hand she must protect certain sensitive data from
being disclosed to clients.
In this chapter, we discuss data
privacy
which pertains to defense against
attackers who access the data legally. These attackers are regular clients who
inspect the published data and potentially combine it with external knowledge
to infer information about the secret data. Note that privacy is orthogonal
to data
security
, whose goal is defense against unauthorized access to the
database using access control mechanisms.
We focus on two classes of publishing systems. In
view-based
publishing,
the owner specifies the data to be released by means of views defined in
some standard query language. In
generalization-based
publishing, the released
data is specified using a formalism of incomparable expressive power, namely
anonymization using generalization functions. Examples of anonymization via
generalization include replacing a person's actual age by an age range, remov-
ing the least significant digits of the zip code, etc.
Funded by an Alfred P. Sloan fellowship and by NSF CAREER award IIS-
0347968.
