Databases Reference
In-Depth Information
anatomy publishes anonymized tables with higher utility (e.g., allowing more
accurate aggregate analysis), by releasing the QI-values directly. However,
there are applications where precise publication of QI-values is inappropriate.
For instance, if the
presence
of an individual in the microdata is also con-
sidered sensitive, then anatomy should not be deployed since, as explained
in Section 4.5, it may allow an adversary to assert that an individual defi-
nitely exists in the microdata (even though the adversary is not able to derive
the individual's sensitive information confidently). In that case, generalization
should be applied instead.
We also reviewed two most popular anonymization principles:
k
-anonymity
and
l
-diversity. Due to its pioneering role in the literature,
k
-anonymity has
several serious shortcomings, and does not provide good privacy guarantees.
l
-diversity offers much stronger protection, as mathematically elaborated in
Section 3. Nevertheless,
l
-diversity also has some weaknesses, which have moti-
vated the development of several other generalization principles. For example,
a weakness of
l
-diversity is that it is not suitable for handling numeric sensitive
attributes, as explained in [10], which alleviates the problem with an alterna-
tive principle called
t-closeness
. Another weakness of
l
-diversity is that it does
not take into account the discrepancies of the privacy requirements from var-
ious data owners. A personalized approach [19] has been proposed to address
this issue.
References
1. C. C. Aggarwal. On k-anonymity and the curse of dimensionality. In
Proc. of
Very Large Data Bases (VLDB)
, pages 901-909, 2005.
2. G. Aggarwal, T. Feder, K. Kenthapadi, R. Motwani, R. Panigrahy, D. Thomas,
and A. Zhu. Anonymizing tables. In
Proc. of International Conference on
Database Theory (ICDT)
, pages 246-258, 2005.
3. R. Bayardo and R. Agrawal. Data privacy through optimal k-anonymization. In
Proc. of International Conference on Data Engineering (ICDE)
, pages 217-228,
2005.
4. V. Ciriani, D. C. di Vimercati, S. Foresti, and P. Samarati.
k-anonymity.
Springer, 2006.
5. Y. Du, T. Xia, Y. Tao, D. Zhang, and F. Zhu. On multidimensional k-anonymity
with local recoding generalization. In
Proc. of International Conference on Data
Engineering (ICDE)
, 2007.
6. B. C. M. Fung, K. Wang, and P. S. Yu. Top-down specialization for informa-
tion and privacy preservation. In
Proc. of International Conference on Data
Engineering (ICDE)
, pages 205-216, 2005.
7. V. Iyengar. Transforming data to satisfy privacy constraints. In
Proc. of ACM
Knowledge Discovery and Data Mining (SIGKDD)
, pages 279-288, 2002.
8. K. LeFevre, D. J. DeWitt, and R. Ramakrishnan. Incognito: E
cient full-
domain
k
-anonymity. In
Proc. of ACM Management of Data (SIGMOD)
, pages
49-60, 2005.
