Abstract
We assume a database consists of records of individuals with private or sensitive fields. Queries on the distribution of a sensitive field within a selected population in the database can be submitted to the data center. The answers to the queries leak private information of individuals though no identification information is provided. Inspired by decision theory, we present a quantitative model for the privacy protection problem in such a database query or linkage environment in this paper. In the model, the value of information is estimated from the viewpoint of the querier.
To estimate the value, we define the information state of the data user by a class of probability distributions on the set of possible confidential values. We further define the usefulness of information based on how easy the data user can locate individuals that fit the description given in the queries. These states and the usefulness of information can be modified and refined by the user’s knowledge acquisition actions. The value of information is then defined as the expected gain of the privacy receiver and the privacy is protected by imposing costs on the answers of the queries for balancing the gain.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Y.-C. Chiang. Protecting privacy in public database (in Chinese). Master’s thesis, Graduate Institute of Information Management, National Taiwan University, 2000.
Y.-C. Chiang, T.-s. Hsu, S. Kuo, and D.-W. Wang. Preserving confidentially when sharing medical data. In Proceedings of Asia Pacific Medical Informatics Conference, 2000.
Y.T. Chiang, Y.C. Chiang, T.-s. Hsu, C.-J. Liau, and D.-W. Wang. How much privacy?-a system to safe guard personal privacy while releasing database. In Proceedings of the 3rd International Conference on Rough Sets and Current Trends in Computing, LNCS. Springer-Verlag, 2002.
F. Y. Chin and G. Özsoyoğlu. Auditing and inference control in statistical databases. IEEE Transactions Software Engineering, 8:574–582, 1982.
L. H. Cox. Suppression methodology and statistical disclosure control. Journal of the American Statistical Association, 75:377–385, 1980.
D. E. R. Denning. Cryptography and Data Security. Addison-Wesley, 1982.
G.D. Eppen and F.J. Gould. Quantitative Concepts for Management. Prentice Hall, 1985.
F. Duarte de Carvalho, N. P. Dellaert, and M. de Sanches Osório. Statistical disclosure in two-dimensional tables: General tables. Journal of the American Statistical Association, 428:1547–1557, 1994.
D. Gusfield. A graph theoretic approach to statistical data security. SIAM Journal on Computing, 17:552–571, 1988.
T.-s. Hsu and M. Y. Kao. Security problems for statistical databases with general cell suppressions. In Proceedings of the 9th International Conference on Scientific and Statistical Database Management, pages 155–164, 1997.
T.-s. Hsu, C.-J. Liau, and D.-W. Wang. A logical model for privacy protection. In Proceedings of the 4th International Conference on Information Security, LNCS 2200, pages 110–124. Springer-Verlag, 2001.
A.J. Hundepool and L.C.R.J. Willenborg. “μ-and τ-ARGUS: Software for statistical disclosure control”. In Proceedings of the 3rd International Seminar on Statistical Confidentiality, 1996.
J. Kleinberg, C.H. Papadimitriou, and P. Raghavan. “On the value of private information”. In Proc. 8th Conf. on Theoretical Aspects of Rationalityand Knowledge, 2001.
D.V. Lindley. Making Decisions. John Wiley & Sons, 1985.
T.S. Mayer. Privacy and confidentiality research and the u.s. census bureau recommendations based on a review of the literature. Technical Report RSM2002/01, U.S. Bureau of the Census, 2002.
T. Mitchell. Machine Learning. McGraw-Hill, 1997.
Z. Pawlak. Rough Sets-Theoretical Aspects of Reasoning about Data. Kluwer Academic Publishers, 1991.
P. Samarati. “Protecting respondents' identities in microdata release”. IEEE Transactions on Knowledge and Data Engineering, 13(6):1010–1027, 2001.
P. Samarati and L. Sweeney. Protecting privacy when disclosing information: kanonymity and its enforcement through generalization and suppression. Technical report SRI-CSL-98-04, Computer Science Laboratory, SRI International, 1998.
C.E. Shannon. “The mathematical theory of communication”. The Bell System Technical Journal, 27(3&4):379–423,623-656, 1948.
L. Sweeney. “Guaranteeing anonymity when sharing medical data, the Datafly system”. In Proceedings of American Medical Informatics Association, 1997.
W. E. Winkler. The state of record linkage and current research problems. Technical Report RR99/04, U.S. Bureau of the Census, 1999.
W. E. Winkler. Record linkage software and methods for merging administrative lists. Technical Report RR01/03, U.S. Bureau of the Census, 2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tsan-sheng, H., Churn-Jung, L., Da-Wei, W., Chen, J.KP. (2002). Quantifying Privacy Leakage through Answering Database Queries. In: Chan, A.H., Gligor, V. (eds) Information Security. ISC 2002. Lecture Notes in Computer Science, vol 2433. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45811-5_12
Download citation
DOI: https://doi.org/10.1007/3-540-45811-5_12
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44270-7
Online ISBN: 978-3-540-45811-1
eBook Packages: Springer Book Archive