On the design and quantification of privacy preserving data mining algorithms
PODS '01 Proceedings of the twentieth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
An Information Theoretic Approach to Rule Induction from Databases
IEEE Transactions on Knowledge and Data Engineering
Protecting Respondents' Identities in Microdata Release
IEEE Transactions on Knowledge and Data Engineering
Measuring information spatial densities
Neural Computation
\ell -Diversity: Privacy Beyond \kappa -Anonymity
ICDE '06 Proceedings of the 22nd International Conference on Data Engineering
Mechanism Design via Differential Privacy
FOCS '07 Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science
Using Anonymized Data for Classification
ICDE '09 Proceedings of the 2009 IEEE International Conference on Data Engineering
On the tradeoff between privacy and utility in data publishing
Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining
Measuring risk and utility of anonymized data using information theory
Proceedings of the 2009 EDBT/ICDT Workshops
Privacy-preserving data publishing: A survey of recent developments
ACM Computing Surveys (CSUR)
Expressing privacy metrics as one-symbol information
Proceedings of the 2010 EDBT/ICDT Workshops
From t-Closeness-Like Privacy to Postrandomization via Information Theory
IEEE Transactions on Knowledge and Data Engineering
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Calibrating noise to sensitivity in private data analysis
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Information-Theoretic foundations of differential privacy
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
| Hi-index | 0.00 |
Organizations often need to release microdata without revealing sensitive information. To this scope, data are anonymized and, to assess the quality of the process, various privacy metrics have been proposed, such as k-anonymity, l-diversity, and t-closeness. These metrics are able to capture different aspects of the disclosure risk, imposing minimal requirements on the association of an individual with the sensitive attributes. If we want to combine them in a optimization problem, we need a common framework able to express all these privacy conditions. Previous studies proposed the notion of mutual information to measure the different kinds of disclosure risks and the utility, but, since mutual information is an average quantity, it is not able to completely express these conditions on single records. We introduce here the notion of one-symbol information (i.e., the contribution to mutual information by a single record) that allows to express and compare the disclosure risk metrics. In addition, we obtain a relation between the risk values t and l, which can be used for parameter setting. We also show, by numerical experiments, how l-diversity and t-closeness can be represented in terms of two different, but equally acceptable, conditions on the information gain..