David Sánchez

Database Anonymization


Скачать книгу

que estimem, tant si són amb nosaltres com si perviuen en el nostre record.

      To all our loved ones, whether they are with us or stay alive in our memories.

       Contents

       Preface

       Acknowledgments

       1 Introduction

       2 Privacy in Data Releases

       2.1 Types of Data Releases

       2.2 Microdata Sets

       2.3 Formalizing Privacy

       2.4 Disclosure Risk in Microdata Sets

       2.5 Microdata Anonymization

       2.6 Measuring Information Loss

       2.7 Trading Off Information Loss and Disclosure Risk

       2.8 Summary

       3 Anonymization Methods for Microdata

       3.1 Non-perturbative Masking Methods

       3.2 Perturbative Masking Methods

       3.3 Synthetic Data Generation

       3.4 Summary

       4 Quantifying Disclosure Risk: Record Linkage

       4.1 Threshold-based Record Linkage

       4.2 Rule-based Record Linkage

       4.3 Probabilistic Record Linkage

       4.4 Summary

       5 The k-Anonymity Privacy Model

       5.1 Insufficiency of Data De-identification

       5.2 The k-Anonymity Model

       5.3 Generalization and Suppression Based k-Anonymity

       5.4 Microaggregation-based k-Anonymity

       5.5 Probabilistic k-Anonymity

       5.6 Summary

       6 Beyond k-Anonymity: l-Diversity and t-Closeness

       6.1 l-Diversity

       6.2 t-Closeness

       6.3 Summary

       7 t-Closeness Through Microaggregation

       7.1 Standard Microaggregation and Merging

       7.2 t-Closeness Aware Microaggregation: k-anonymity-first

       7.3 t-Closeness Aware Microaggregation: t-closeness-first

       7.4 Summary

       8 Differential Privacy

       8.1 Definition

       8.2 Calibration to the Global Sensitivity

       8.3 Calibration to the Smooth Sensitivity

       8.4 The Exponential Mechanism

       8.5 Relation to k-anonymity-based Models

       8.6 Differentially Private Data Publishing

       8.7 Summary

       9 Differential Privacy by Multivariate Microaggregation

       9.1 Reducing Sensitivity Via Prior Multivariate Microaggregation

       9.2 Differentially Private Data Sets by Insensitive Microaggregation

       9.3 General Insensitive Microaggregation

       9.4 Differential Privacy with Categorical Attributes

       9.5 A Semantic Distance for Differential Privacy

       9.6 Integrating Heterogeneous Attribute Types

       9.7 Summary

       10 Differential Privacy by Individual Ranking Microaggregation

       10.1 Limitations of Multivariate Microaggregation

       10.2 Sensitivity Reduction Via Individual Ranking

       10.3 Choosing the Microggregation Parameter k

       10.4 Summary

       11 Conclusions and Research Directions

       11.1 Summary and Conclusions

       11.2 Research Directions

       Bibliography

       Authors’ Biographies

       Preface

      If jet airplanes ushered in the first dramatic reduction of our world’s perceived size, the next shrinking came in the mid 1990s, when the Internet became widespread and the Information Age started to become a reality. We now live in a global village and some (often quite powerful) voices proclaim that maintaining one’s privacy is as hopeless as it used to be in conventional small villages. Should this be true, the ingenuity of humans would have created their own nightmare.

      Whereas security is essential for organizations to survive, individuals and sometimes even companies need also some privacy to develop comfortably and lead a free life. This is the reason individual privacy is mentioned in the Universal Declaration of Human