Counteracting Inferences from Sensitive Value Distributions

  • Giovanni Livraga
Part of the Advances in Information Security book series (ADIS, volume 57)


At a first sight, excluding sensitive data from the release (i.e., releasing only a collection of non sensitive data), might seem a safe approach for protecting data confidentiality. Unfortunately, the possible correlations and dependencies existing among data can introduce inference channels in the data release process, causing sensitive information to be leaked even if such information is not explicitly released. In this chapter, we consider a scenario where data are incrementally released and we address the privacy problem arising when sensitive and non released information depends on (and can therefore be inferred from) non sensitive released data. We propose a model capturing this inference problem, where sensitive information is characterized by peculiar value distributions of non sensitive released data. We then describe how to counteract possible inferences that an observer can draw by applying different statistical metrics on released data. Finally, we perform an experimental evaluation of our solution, showing its efficacy.


  1. 1.
    N.R. Adam, J.C. Wortmann, Security-control methods for statistical databases: a comparative study. ACM Comput. Surv. 21(4), 515–556 (1989)CrossRefGoogle Scholar
  2. 2.
    C. Aggarwal, P.S. Yu (eds.), Privacy-Preserving Data Mining: Models and Algorithms (Springer, New York, 2008)Google Scholar
  3. 8.
    L. Batina, B. Gierlichs, E. Prouff, M. Rivain, F. Standaert, N. Veyrat-Charvillon, Mutual information analysis: a comprehensive study. J. Cryptol. 24(2), 269–291 (2011)CrossRefzbMATHMathSciNetGoogle Scholar
  4. 14.
    M. Bezzi, S. De Capitani di Vimercati, S. Foresti, G. Livraga, P. Samarati, R. Sassi, Modeling and preventing inferences from sensitive value distributions in data release. JCS 20(4), 393–436 (2012)Google Scholar
  5. 17.
    E. Brier, C. Clavier, F. Olivier, Correlation power analysis with a leakage model, in Proceedings of CHES 2004, Cambridge, MA, 2004Google Scholar
  6. 20.
    F. Cayre, C. Fontaine, T. Furon, Watermarking security: Theory and practice. IEEE TSP 53(10), 3976–3987 (2005)MathSciNetGoogle Scholar
  7. 22.
    P.E. Cheng, J.W. Liou, M. Liou, J.A.D. Aston, Data information in contingency tables: a fallacy of hierarchical loglinear models. JDS 4(4), 387–398 (2006)Google Scholar
  8. 24.
    V. Ciriani, S. De Capitani di Vimercati, S. Foresti, P. Samarati, k-anonymity, in Secure Data Management in Decentralized Systems, ed. by T. Yu, S. Jajodia (Springer, New York, 2007)Google Scholar
  9. 25.
    V. Ciriani, S. De Capitani di Vimercati, S. Foresti, P. Samarati. Microdata protection, in Secure Data Management in Decentralized Systems, ed. by T. Yu, S. Jajodia (Springer, New York, 2007)Google Scholar
  10. 35.
    S. Dawson, S. De Capitani di Vimercati, P. Lincoln, P. Samarati, Maximizing sharing of protected information. JCSS 64(3), 496–541 (2002)zbMATHGoogle Scholar
  11. 48.
    W.J. Dixon, Analysis of extreme values, Ann. Math. Stat. 21(4), 488–506 (1950)CrossRefGoogle Scholar
  12. 49.
    W.J. Dixon, Ratios involving extreme values. Ann. Math. Stat. 22(1), 58–78 (1951)CrossRefGoogle Scholar
  13. 54.
    R.M. Fano, Transmission of Information; A Statistical Theory of Communications (MIT University Press, New York, 1961)Google Scholar
  14. 57.
    B. Gierlichs, L. Batina, P. Tuyls, B. Preneel, Mutual information analysis - a generic side-channel distinguisher. in Proceedings of CHES 2008, Washington, 2008Google Scholar
  15. 66.
    S. Jajodia, C. Meadows, Inference problems in multilevel secure database management systems, in Information Security: An Integrated Collection of Essays, ed. by M. Abrams, S. Jajodia, H. Podell (IEEE Computer Sociery Press, Los Alamitos, 1995)Google Scholar
  16. 90.
    W.H. Press, S.A. Teukolsky, W.T. Vetterling, B.P. Flannery, Numerical Recipes: The Art of Scientific Computing, 3rd edn. (Cambridge University Press, Cambridge, 2007)Google Scholar
  17. 94.
    P. Samarati, Protecting respondents’ identities in microdata release. IEEE TKDE 13(6), 1010–1027 (2001)Google Scholar
  18. 103.
    TSP 8 - Age distribution of UK regular forces, Edition - 01 Apr 2006Google Scholar
  19. 105.
    N. Veyrat-Charvillon, F. Standaert, Mutual information analysis: How, when and why? in Proceedings of CHES 2009, Lausanne, 2009Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Giovanni Livraga
    • 1
  1. 1.Universita degli Studi di MilanoCremaItaly

Personalised recommendations