Conference Paper

Epistemic privacy.

DOI: 10.1145/1376916.1376941 Conference: Proceedings of the Twenty-Seventh ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, PODS 2008, June 9-11, 2008, Vancouver, BC, Canada
Source: DBLP
Download full-text


Available from: Ronald Fagin, Nov 06, 2014
18 Reads
  • [Show abstract] [Hide abstract]
    ABSTRACT: Imagine a data set consisting of private information about individuals. The online query auditing problem is: given a sequence of queries that have already been posed about the data, their corresponding answers and given a new query, deny the answer if privacy can be breached or give the true answer otherwise. We investigate the fundamental problem that query denials leak information. This problem was largely overlooked in previous work on auditing. Because of this oversight, some of the previously suggested auditors can be used by an attacker to compromise the privacy of a large fraction of the individuals in the data. To overcome this problem, we introduce a new model called simulatable auditing where query denials provably do not leak information. We present a simulatable auditing algorithm for max queries under the classical definition of privacy where a breach occurs if a sensitive value is fully compromised. Because of the known limitations of the classical definition of compromise, we describe a probabilistic notion of (partial) compromise, closely related to the notion of semantic security. We demonstrate that sum queries can be audited in a simulatable fashion under probabilistic compromise, making some distributional assumptions.
    Journal of Computer and System Sciences 12/2013; 79(8):1322–1340. DOI:10.1016/j.jcss.2013.06.004 · 1.14 Impact Factor