ACM Transactions on Database Systems (TODS)
| Hi-index | 0.00 |
As an important privacy threat in anonymized data publication, the proximity breach is gaining increasing attention recently. Such breach occurs when an adversary concludes with high confidence that the sensitive value of a victim individual falls in a set of proximate values, even though with low confidence about the exact value. Most existing research efforts focus on the case of publishing data of specific types, e.g., (1) categorical sensitive data (different values have no sense of proximity) or (2) numerical sensitive data (different values can be strictly ordered), while failing to address the privacy threats for a much wider range of data models, where the similarity of specific values is defined by arbitrary functions. In this work, we study the problem of protecting \texts c{general proximity privacy}, with findings applicable to most existing data models. Specifically, we counter the attacks by introducing a novel privacy principle, ($\epsilon$, $\delta$)-dissimilarity. It requires that each sensitive value in a QI-group $G$ must be "dissimilar'' to at least $\delta$ percent of all other values in $G$, while the similarity is measured by $\epsilon$. We prove that ($\epsilon$, $\delta$)-dissimilarity, used in conjunction with $k$-anonymity, provides effective protection against linking attacks in terms of both exact-association and proximate-association. Furthermore, We present a theoretical analysis regarding the satisfiability of this principle.