02-02-2013, 01:47 PM
ACHIEVING k-ANONYMITY PRIVACY PROTECTIONUSING GENERALIZATION AND SUPPRESSION
ACHIEVING k-ANONYMITY.ppt (Size: 1.51 MB / Downloads: 372)
Need for Privacy
Suppose that a medical institution, public health agency, or financial organization wants to publish person-specific records
They want to publish such that:
Information remains practically useful
Identity of an individual cannot be determined
Adversary might infer the secret/sensitive data from the published database
K-anonymity privacy protection
Even if we remove the direct uniquely identifying attributes
There are some fields that may still uniquely identify some individual!
The attacker can join them with other sources and identify individuals
Methods for K-anonymity privacy protection
There are many k-anonymizations – which one to pick?
Intuition: The one that does not generalize the data more than needed (decrease in utility of the published dataset!)
K-minimal generalization: A k-anonymized table that is not a generalization of another k-anonymized table
Real-world results--Datafly Systems
Datafly system: The data holder
declares specific attributes and tuples in the original private table (PT) as being eligible for release.
groups a subset of attributes of PT into one or more quasi-identifiers (QIi)
a weight from 0 to 1 to each attribute to specify the likelihood the attribute will be used for linking; a 0 value means not likely and a value of 1 means highly probable.
specifies a minimum anonymity level that computes to a value for k.
Assign a weight from 0 to 1 to each attribute to state a preference of which attributes to distort; a 0 value means the recipient of the data would prefer the values not to be changed and a value of 1 means maximum distortion could be tolerated.