The Case for Personalized Anonymization of Database Query Results

  • Axel MichelEmail author
  • Benjamin Nguyen
  • Philippe Pucheral
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 814)


The benefit of performing Big data computations over individual’s microdata is manifold, in the medical, energy or transportation fields to cite only a few, and this interest is growing with the emergence of smart disclosure initiatives around the world. However, these computations often expose microdata to privacy leakages, explaining the reluctance of individuals to participate in studies despite the privacy guarantees promised by statistical institutes.

In this paper, we consolidate our previous results to show how it is possible to push personalized privacy guarantees in the processing of database queries. By doing so, individuals can disclose different amounts of information (i.e. data at different levels of accuracy) depending on their own perception of the risk, and we discuss the different possible semantics of such models.

Moreover, we propose a decentralized computing infrastructure based on secure hardware enforcing these personalized privacy guarantees all along the query execution process. A complete performance analysis and implementation of our solution show the effectiveness of the approach to tackle generic large scale database queries.


  1. 1.
    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance)Google Scholar
  2. 2.
    Michel, A., Nguyen, B., Pucheral, P.: Managing distributed queries under personalized anonymity constraints. In: Sixth International Conference on Data Science, Technology and Applications, DATA 2017 (2017)Google Scholar
  3. 3.
    Anciaux, N., Bonnet, P., Bouganim, L., Nguyen, B., Popa, I.S., Pucheral, P.: Trusted cells: a sea change for personal data services. In: Online Proceedings of Sixth Biennial Conference on Innovative Data Systems Research, CIDR 2013, Asilomar, CA, USA, 6–9 January 2013 (2013)Google Scholar
  4. 4.
    Sweeney, L.: k-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl. Based Syst. 10, 557–570 (2002)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Machanavajjhala, A., Gehrke, J., Kifer, D., Venkitasubramaniam, M.: l-diversity: privacy beyond k-anonymity. In: Proceedings of the 22nd International Conference on Data Engineering, ICDE 2006, Atlanta, GA, USA, 3–8 April 2006, p. 24 (2006)Google Scholar
  6. 6.
    Li, N., Li, T., Venkatasubramanian, S.: Closeness: a new privacy measure for data publishing. IEEE Trans. Knowl. Data Eng. 22, 943–956 (2010)CrossRefGoogle Scholar
  7. 7.
    Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006). Scholar
  8. 8.
    Trabelsi, S., Neven, G., Raggett, D., Ardagna, C., et al.: Report on design and implementation. Technical report, PrimeLife Deliverable (2011)Google Scholar
  9. 9.
    Gedik, B., Liu, L.: Location privacy in mobile systems: a personalized anonymization model. In: 25th IEEE International Conference on Distributed Computing Systems (ICDCS 2005), pp. 620–629 (2005)Google Scholar
  10. 10.
    Mokbel, M.F., Chow, C.Y., Aref, W.G.: The new casper: query processing for location services without compromising privacy. In: Proceedings of the 32nd International Conference on Very Large Data Bases, VLDB 2006, pp. 763–774. VLDB Endowment (2006)Google Scholar
  11. 11.
    Bamba, B., Liu, L., Pesti, P., Wang, T.: Supporting anonymous location queries in mobile environments with privacygrid. In: Proceedings of the 17th International Conference on World Wide Web, WWW 2008, pp. 237–246. ACM, New York (2008)Google Scholar
  12. 12.
    Jorgensen, Z., Yu, T., Cormode, G.: Conservative or liberal? Personalized differential privacy. In: 2015 IEEE 31st International Conference on Data Engineering, pp. 1023–1034 (2015)Google Scholar
  13. 13.
    Li, H., Xiong, L., Ji, Z., Jiang, X.: Partitioning-based mechanisms under personalized differential privacy. In: Kim, J., Shim, K., Cao, L., Lee, J.-G., Lin, X., Moon, Y.-S. (eds.) PAKDD 2017. LNCS (LNAI), vol. 10234, pp. 615–627. Springer, Cham (2017). Scholar
  14. 14.
    Xiao, X., Tao, Y.: Personalized privacy preservation. In: Proceedings of the 2006 ACM SIGMOD International Conference on Management of Data, SIGMOD 2006, pp. 229–240. ACM, New York (2006)Google Scholar
  15. 15.
    Abiteboul, S., André, B., Kaplan, D.: Managing your digital life. Commun. ACM 58, 32–35 (2015)CrossRefGoogle Scholar
  16. 16.
    To, Q., Nguyen, B., Pucheral, P.: SQL/AA: executing SQL on an asymmetric architecture. PVLDB 7, 1625–1628 (2014)Google Scholar
  17. 17.
    To, Q.C., Nguyen, B., Pucheral, P.: Private and scalable execution of SQL aggregates on a secure decentralized architecture. ACM Trans. Database Syst. 41, 16:1–16:43 (2016)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Flajolet, P., Fusy, É., Gandouet, O., Meunier, F.: Hyperloglog: The analysis of a near-optimal cardinality estimation algorithm. In: Proceedings of the 2007 International conference on Analysis of Algorithms (AOFA 2007) (2007)Google Scholar
  19. 19.
    Lichman, M.: UCI machine learning repository (2013)Google Scholar
  20. 20.
    Wu, Z., Palmer, M.: Verbs semantics and lexical selection. In: Proceedings of the 32nd Annual Meeting on Association for Computational Linguistics, ACL 1994, pp. 133–138. Association for Computational Linguistics, Stroudsburg (1994)Google Scholar
  21. 21.
    Lallali, S., Anciaux, N., Sandu Popa, I., Pucheral, P.: A secure search engine for the personal cloud. In: Proceedings of the 2015 ACM SIGMOD International Conference on Management of Data, SIGMOD 2015, pp. 1445–1450. ACM, New York (2015)Google Scholar
  22. 22.
    Iyengar, V.S.: Transforming data to satisfy privacy constraints. In: Proceedings of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2002, pp. 279–288. ACM, New York (2002)Google Scholar
  23. 23.
    Bayardo, R.J., Agrawal, R.: Data privacy through optimal k-anonymization. In: Proceedings of the 21st International Conference on Data Engineering, ICDE 2005, pp. 217–228. IEEE Computer Society, Washington, DC (2005)Google Scholar
  24. 24.
    Ge, T., Zdonik, S.: Answering aggregation queries in a secure system model. In: Proceedings of the 33rd International Conference on Very Large Data Bases, VLDB 2007, pp. 519–530. VLDB Endowment (2007)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Axel Michel
    • 1
    • 2
    Email author
  • Benjamin Nguyen
    • 1
    • 2
  • Philippe Pucheral
    • 2
  1. 1.LIFO, INSA-CVLBourgesFrance
  2. 2.PETRUS Team, INRIA Saclay & DAVID, UVSQVersaillesFrance

Personalised recommendations