Designing statistical privacy for your data

Preparing data for public release requires significant attention to fundamental principles of privacy. If a privacy definition is chosen wisely by the data curator, the sensitive information will be protected. Algorithms that satisfy the spec are called privacy mechanisms. The curator first chooses a privacy definition, then a privacy mechanism satisfying the definition. The curator will run a privacy mechanism on the sensitive data, then grant external users access to the output of privacy mechanism or the sanitized output. The data curator must also consider the effect on privacy when the mechanisms do not satisfy the same privacy definition. One difficulty in designing privacy definitions is accounting for public knowledge of constraints the input database must satisfy. Constraints may correlate the values of different records, arising due to functional dependencies across attributes or prior exact releases of histograms. Correlations arising from constraints provide inference channels attackers could use to learn sensitive information.

Duke Scholars

Author Ashwinkumar Venkatanaga Machanavajjhala Computer Science