Advertisement

Protecting Information Privacy in the Electronic Society

  • Sabrina De Capitani di Vimercati
  • Sara Foresti
  • Pierangela Samarati
Part of the Communications in Computer and Information Science book series (CCIS, volume 130)

Abstract

The privacy of users, the confidentiality of organizations, and the protection of huge collections of sensitive information, possibly related to data that might be released publicly or semi-publicly for various purposes, are essential requirements for the today’s Electronic Society. In this chapter, we discuss the main privacy concerns that arise when releasing information to third parties. In particular, we focus on the data publication and data outsourcing scenarios, illustrating the emerging trends in terms of privacy and data protection and identifying some research directions to be investigated.

Keywords

Access Control Range Query External Knowledge Data Owner Sensitive Attribute 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Golle, P.: Revisiting the uniqueness of simple demographics in the us population. In: Proc. of the 5th Workshop on Privacy in the Electronic Society (WPES 2006), Alexandria, VA, USA (October 2006)Google Scholar
  2. 2.
    Samarati, P.: Protecting respondents’ identities in microdata release. IEEE Transactions on Knowledge and Data Engineering 13(6), 1010–1027 (2001)CrossRefGoogle Scholar
  3. 3.
    Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Samarati, P.: Microdata protection. In: Yu, T., Jajodia, S. (eds.) Security in Decentralized Data Management. Springer, Heidelberg (2007)Google Scholar
  4. 4.
    Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Samarati, P.: k-anonymity. In: Yu, T., Jajodia, S. (eds.) Security in Decentralized Data Management. Springer, Heidelberg (2007)Google Scholar
  5. 5.
    Aggarwal, G., Feder, T., Kenthapadi, K., Motwani, R., Panigrahy, R., Thomas, D., Zhu, A.: Anonymizing tables. In: Eiter, T., Libkin, L. (eds.) ICDT 2005. LNCS, vol. 3363, pp. 246–258. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Aggarwal, G., Feder, T., Kenthapadi, K., Motwani, R., Panigrahy, R., Thomas, D., Zhu, A.: Approximation algorithms for k-anonymity. Journal of Privacy Technology (November 2005)Google Scholar
  7. 7.
    Meyerson, A., Williams, R.: On the complexity of optimal k-anonymity. In: Proc. of the 24th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS 2004), Paris, France (June 2004)Google Scholar
  8. 8.
    Bayardo, R., Agrawal, R.: Data privacy through optimal k-anonymization. In: Proc. of the 21st IEEE International Conference on Data Engineering (ICDE 2005), Tokyo, Japan (April 2005)Google Scholar
  9. 9.
    LeFevre, K., DeWitt, D., Ramakrishnan, R.: Incognito: Efficient full-domain k-anonymity. In: Proc. of the ACM SIGMOD International Conference on Management of Data (SIGMOD 2005), Baltimore, MD, USA (June 2005)Google Scholar
  10. 10.
    Iyengar, V.: Transforming data to satisfy privacy constraints. In: Proc. of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (SIGKDD 2002), Alberta, Canada (July 2002)Google Scholar
  11. 11.
    Machanavajjhala, A., Gehrke, J., Kifer, D.: ℓ-density: Privacy beyond k-anonymity. In: Proc. of the 22nd IEEE International Conference on Data Engineering (ICDE 2006), Atlanta, GA, USA (April 2006)Google Scholar
  12. 12.
    Li, N., Li, T., Venkatasubramanian, S.: t-closeness: Privacy beyond k-anonymity and ℓ-diversity. In: Proc. of the 23rd IEEE International Conference on Data Engineering (ICDE 2007), Istanbul, Turkey (April 2007)Google Scholar
  13. 13.
    Truta, T., Vinay, B.: Privacy protection: p-sensitive k-anonymity property. In: Proc. of the 22nd International Conference on Data Engineering Workshop (ICDEW 2006), Atlanta, Georgia, USA (April 2006)Google Scholar
  14. 14.
    Wong, R., Li, J., Fu, A., Wang, K. (α, k)-anonymity: an enhanced k-anonymity model for privacy preserving data publishing. In: Proc. of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (SIGKDD 2006), Philadelphia, PA, USA (August 2006)Google Scholar
  15. 15.
    Chen, B., Ramakrishnan, R., LeFevre, K.: Privacy skyline: Privacy with multidimensional adversarial knowledge. In: Proc. of the 33rd International Conference on Very Large Data Bases (VLDB 2007), Vienna, Austria (September 2007)Google Scholar
  16. 16.
    Martin, D., Kifer, D., Machanavajjhala, A., Gehrke, J., Halpern, J.: Worst-case background knowledge for privacy-preserving data publishing. In: Proc. of the 23rd IEEE International Conference on Data Engineering (ICDE 2007), Istanbul, Turkey (April 2007)Google Scholar
  17. 17.
    Chi-Wing, R., Fu, A., Wang, K., Pei, J.: Minimality attack in privacy preserving data publishing. In: Proc. of the 33rd International Conference on Very Large Data Bases (VLDB 2007), Vienna, Austria (September 2007)Google Scholar
  18. 18.
    Xiao, X., Tao, Y.: Personalized privacy preservation. In: Proc. of the ACM SIGMOD International Conference on Management of Data (SIGMOD 2006), Chicago, Illinois, USA (June 2006)Google Scholar
  19. 19.
    Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., Xu, Y.: Two can keep a secret: a distributed architecture for secure database services. In: Proc. of the Second Biennial Conference on Innovative Data Systems Research (CIDR 2005), Asilomar, CA, USA (January 2005)Google Scholar
  20. 20.
    Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Fragmentation and encryption to enforce privacy in data storage. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 171–186. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  21. 21.
    Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Keep a few: Outsourcing data while maintaining confidentiality. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 440–455. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  22. 22.
    Samarati, P., De Capitani di Vimercati, S.: Data protection in outsourcing scenarios: Issues and directions. In: Proc. of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2010), Beijing, China (April 2010)Google Scholar
  23. 23.
    Hacigümüş, H., Iyer, B., Mehrotra, S.: Providing database as a service. In: Proc. of the 18th IEEE International Conference on Data Engineering (ICDE 2002), San Jose, CA (February 2002)Google Scholar
  24. 24.
    Hacigümüş, H., Iyer, B., Mehrotra, S., Li, C.: Executing SQL over encrypted data in the database-service-provider model. In: Proc. of the ACM SIGMOD International Conference on Management of Data (SIGMOD 2002), Madison, WI, USA (June 2002)Google Scholar
  25. 25.
    Damiani, E., De Capitani di Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational DBMSs. In: Proc. of the 10th ACM Conference on Computer and Communications Security (CCS 2003), Washington, VA, USA (October 2003)Google Scholar
  26. 26.
    Agrawal, R., Kierman, J., Srikant, R., Xu, Y.: Order preserving encryption for numeric data. In: Proc. of the ACM SIGMOD International Conference on Management of Data (SIGMOD 2004), Paris, France (June 2004)Google Scholar
  27. 27.
    Wang, H., Lakshmanan, L.V.S.: Efficient secure query evaluation over encrypted XML databases. In: Proc. of 32nd International Conference on Very Large Data Bases (VLDB 2006), Seoul, Korea (September 2006)Google Scholar
  28. 28.
    Wang, Z., Dai, J., Wang, W., Shi, B.: Fast query over encrypted character data in database. Communications in Information and Systems 4(4), 289–300 (2004)CrossRefzbMATHGoogle Scholar
  29. 29.
    Hacıgümüş, H., Iyer, B., Mehrotra, S.: Efficient execution of aggregation queries over encrypted relational databases. In: Lee, Y., Li, J., Whang, K.-Y., Lee, D. (eds.) DASFAA 2004. LNCS, vol. 2973, pp. 125–136. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  30. 30.
    Ceselli, A., Damiani, E., De Capitani di Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Modeling and assessing inference exposure in encrypted databases. ACM Transactions on Information and System Security (TISSEC) 8(1), 119–152 (2005)CrossRefGoogle Scholar
  31. 31.
    De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Encryption policies for regulating access to outsourced data. ACM Transactions on Database Systems (TODS) 35(2), 12:1–12:46 (2010)Google Scholar
  32. 32.
    Akl, S., Taylor, P.: Cryptographic solution to a problem of access control in a hierarchy. ACM Transactions on Computer Systems 1(3), 239–248 (1983)CrossRefGoogle Scholar
  33. 33.
    Atallah, M., Frikken, K., Blanton, M.: Dynamic and efficient key management for access hierarchies. In: Proc. of the 12th ACM Conference on Computer and Communications Security (CCS 2005), Alexandria, VA, USA (November 2005)Google Scholar
  34. 34.
    Crampton, J., Martin, K., Wild, P.: On key assignment for hierarchical access control. In: Proc. of IEEE Computer Security Foundation Workshop (CSFW 2006), Venice, Italy (July 2006)Google Scholar
  35. 35.
    Sandhu, R.: Cryptographic implementation of a tree hierarchy for access control. Information Processing Letters 27(2), 95–98 (1988)CrossRefGoogle Scholar
  36. 36.
    De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Over-encryption: Management of access control evolution on outsourced data. In: Proc. of the 33rd International Conference on Very Large Data Bases (VLDB 2007), Vienna, Austria (September 2007)Google Scholar
  37. 37.
    De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Pelosi, G., Samarati, P.: Preserving confidentiality of security policies in data outsourcing. In: Proc. of the 7th Workshop on Privacy in the Electronic Society (WPES 2008), Alexandria, VA (October 2008)Google Scholar
  38. 38.
    Hacigümüş, H., Iyer, B., Mehrotra, S.: Ensuring integrity of encrypted databases in database as a service model. In: Proc. of the 17th IFIP WG11.3 Working Conference on Data and Application Security, Estes Park, CO, USA (August 2003)Google Scholar
  39. 39.
    Mykletun, E., Narasimha, M., Tsudik, G.: Authentication and integrity in outsourced databases. ACM Transactions on Storage 2(2), 107–138 (2006)CrossRefGoogle Scholar
  40. 40.
    Narasimha, M., Tsudik, G.: DSAC: integrity for outsourced databases with signature aggregation and chaining. In: Proc. of the 14th ACM Conference on Information and Knowledge Management (CIKM 2005), Bremen, Germany (October-November 2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Sabrina De Capitani di Vimercati
    • 1
  • Sara Foresti
    • 1
  • Pierangela Samarati
    • 1
  1. 1.Dipartimento di Tecnologie dell’InformazioneUniversità degli Studi di MilanoCremaItaly

Personalised recommendations