A Model for Quan.fying Informa.on Leakage. Steven Whang, Hector Garcia Molina Stanford University

Size: px

Start display at page:

Download "A Model for Quan.fying Informa.on Leakage. Steven Whang, Hector Garcia Molina Stanford University"

Cornelia Fox
5 years ago
Views:

1 A Model for Quan.fying Informa.on Leakage Steven Whang, Hector Garcia Molina Stanford University

2 Mo.va.on Insurers Test Data Profiles to Iden7fy Risky Clients Steven E. Whang 2

3 Mo.va.on How Apple and Amazon Security Flaws Led to My Epic Hacking Steven E. Whang 3

4 Mo.va.on URL Gmail Addr Gmail Name.Me Addr TwiBer Homepage Amazon CC Last 4 Digits Apple icloud Whois Billing Addr Steven E. Whang 4

5 Outline Informa.on Leakage Model Applica.ons Comparison with Exis.ng Privacy Models Steven E. Whang 5

6 Outline Informa.on Leakage Model Applica.ons Comparison with Exis.ng Privacy Models Steven E. Whang 6

7 Informa.on Leakage Mat s Home Page Steven E. Whang 7

8 Informa.on Leakage Mat s Home Page Steven E. Whang 8

9 Model p D N C C P A n 1 c 1 c 2 p 1 a 1 N C s t u n 1 c 2 n 1 c 1 p 1 M(x,y) = true if same N,C or N,P μ(x,y) = x U y N C A n 1 c 1 a 1 Steven E. Whang 9

10 Record Leakage p N C C P A n 1 c 1 c 2 p 1 a 1 r n 1 c 1 x 1 Steven E. Whang 10

11 Record Leakage p r N C C P A n 1 c 1 c 2 p 1 a 1 n 1 c 1 x 1 Pr(p, r) = p r / r = 2/3 Re(p, r) = p r / p = 2/5 L r (p, r) = F 1 (p, r) = 2 Pr Re / Pr+Re = 1/2 Steven E. Whang 11

12 Database Leakage p N C C P A n 1 c 1 c 2 p 1 a 1 M(x,y) = true if same N,C or N,P μ(x,y) = x U y D N C n 1 c 2 s t u n 1 c 1 p 1 N C A n 1 c 1 a 1 Steven E. Whang 12

13 Database Leakage p N C C P A n 1 c 1 c 2 p 1 a 1 M(x,y) = true if same N,C or N,P μ(x,y) = x U y D N C n 1 c 2 s t u n 1 c 1 p 1 N C A n 1 c 1 a 1 μ(t,u) A n 1 c 1 p 1 a 1 Steven E. Whang 13

14 Database Leakage p N C C P A n 1 c 1 c 2 p 1 a 1 M(x,y) = true if same N,C or N,P μ(x,y) = x U y D N C n 1 c 2 s t u n 1 c 1 p 1 N C A n 1 c 1 a 1 L q (p, D) = max{l r (p,s), L r (p,μ(t,u))} = max{0.57, 0.89} = 0.89 μ(t,u) A n 1 c 1 p 1 a 1 Steven E. Whang 14

15 Key Features Privacy: NOT all or nothing No privacy Perfect privacy Incorporates Adversary Opera.on e.g., En.ty Resolu.on ABribute Weights Confidence Values Steven E. Whang 15

16 Outline Informa.on Leakage Model Applica.ons Comparison with Exis.ng Privacy Models Steven E. Whang 16

17 Releasing Cri.cal Informa.on p N C C P P A n 1 c 1 c 2 p 1 p 2 a 1 M(x,y) = true if same N,C or N,P μ(x,y) = x U y D s n 1 c 2 p 2 t n 1 c 1 p 1 u v n 1 c 1 p 1 n 1 c 2 p 1 Steven E. Whang 17

18 Releasing Cri.cal Informa.on p N C C P P A n 1 c 1 c 2 p 1 p 2 a 1 M(x,y) = true if same N,C or N,P μ(x,y) = x U y D s n 1 c 2 p 2 t n 1 c 1 p 1 u n 1 c 1 p 1 μ(t,u) n 1 c 1 p 1 Steven E. Whang 18

19 Releasing Cri.cal Informa.on p N C C P P A n 1 c 1 c 2 p 1 p 2 a 1 M(x,y) = true if same N,C or N,P μ(x,y) = x U y D s n 1 c 2 p 2 t n 1 c 1 p 1 u n 1 c 1 p 1 μ(t,u) n 1 c 1 p 1 L d (p, DU{u}) = max{l r (p,s), L r (p, μ(t,u)} = 0.67 Steven E. Whang 19

20 Releasing Cri.cal Informa.on p N C C P P A n 1 c 1 c 2 p 1 p 2 a 1 M(x,y) = true if same N,C or N,P μ(x,y) = x U y D s n 1 c 2 p 2 t n 1 c 1 p 1 v n 1 c 2 p 1 L d (p, DU{u}) = max{l r (p,s), L r (p, μ(t,u)} = 0.67 Steven E. Whang 20

21 Releasing Cri.cal Informa.on p N C C P P A n 1 c 1 c 2 p 1 p 2 a 1 M(x,y) = true if same N,C or N,P μ(x,y) = x U y D s n 1 c 2 p 2 t n 1 c 1 p 1 v n 1 c 2 p 1 μ(s,t,v) N C C P P n 1 c 1 c 2 p 1 p 2 L d (p, DU{u}) = max{l r (p,s), L r (p, μ(t,u)} = 0.67 Steven E. Whang 21

22 Releasing Cri.cal Informa.on p N C C P P A n 1 c 1 c 2 p 1 p 2 a 1 M(x,y) = true if same N,C or N,P μ(x,y) = x U y D s n 1 c 2 p 2 t n 1 c 1 p 1 v n 1 c 2 p 1 μ(s,t,v) N C C P P n 1 c 1 c 2 p 1 p 2 L d (p, DU{u}) = max{l r (p,s), L r (p, μ(t,u)} = 0.67 L d (p, DU{v}) = max{l r (p,μ(s,t,v)} = 0.91 Steven E. Whang 22

23 Releasing Disinforma.on Mat s Home Page Steven E. Whang 23

24 Releasing Disinforma.on Mat s Home Page Steven E. Whang 24

25 Releasing Disinforma.on Mat s Home Page XXX Steven E. Whang 25

26 Releasing Disinforma.on Mat s Home Page XXX YYY Steven E. Whang 26

27 Releasing Disinforma.on Minimize L d (p, DUS) s.t. Cost(r) B r S Steven E. Whang 27

28 Outline Informa.on Leakage Model Applica.ons Comparison with Exis.ng Privacy Models Steven E. Whang 28

29 k anonymity Guarantees that any record is indis.nguishable from k 1 others In comparison, informa.on leakage is user specific (i.e., fine grained) can incorporate background knowledge Steven E. Whang 29

30 Example D N Z A S Alice Heart Bob Cancer Carol Flu Dave Flu Steven E. Whang 30

31 Example D N Z A S Alice Heart Bob Cancer Carol Flu Dave Flu D (k=2) Z A S 1** 3* Heart 1** 3* Cancer Steven E. Whang 31

32 Individual Informa.on Leakage D (k=2) N Z A S r 1 r 2 r 3 r 4 Z A S 1** 3* Heart 1** 3* Cancer p 1 Alice Heart Steven E. Whang 32

33 Individual Informa.on Leakage r 1 r 2 r 3 r 4 D (k=2) Z A S 1** 3* Heart 1** 3* Cancer p 1 N Z A S Alice Heart L d (p 1, D) = L r (p 1, r 1 Ur 2 ) 0.75 Steven E. Whang 33

34 Individual Informa.on Leakage r 1 r 2 r 3 r 4 D (k=2) Z A S 1** 3* Heart 1** 3* Cancer p 1 L d (p 1, D) = L r (p 1, r 1 Ur 2 ) 0.75 p 2 N Z A S Alice Heart N Z A S Carol Flu Steven E. Whang 34

35 Individual Informa.on Leakage r 1 r 2 r 3 r 4 D (k=2) Z A S 1** 3* Heart 1** 3* Cancer p 1 L d (p 1, D) = L r (p 1, r 1 Ur 2 ) 0.75 p 2 N Z A S Alice Heart N Z A S Carol Flu L d (p 2, D) = L r (p 2, r 3 Ur 4 ) 0.86 Steven E. Whang 35

36 Background Knowledge D (k=2) Z A S r 1 r 2 r 3 r 4 1** 3* Heart 1** 3* Cancer s 1 D N Z A Alice Steven E. Whang 36

37 Background Knowledge r 1 r 2 r 3 r 4 D (k=2) Z A S 1** 3* Heart 1** 3* Cancer N Z A S p 1 Alice Heart L d (p 1, D) = L r (p 1, r 1 Ur 2 ) 0.75 s 1 D N Z A Alice Steven E. Whang 37

38 Background Knowledge r 1 r 2 r 3 r 4 D (k=2) Z A S 1** 3* Heart 1** 3* Cancer N Z A S p 1 Alice Heart L d (p 1, D) = L r (p 1, r 1 Ur 2 ) 0.75 s 1 L d (p 1, D U D ) D N Z A Alice Steven E. Whang 38

39 Background Knowledge r 1 r 2 r 3 r 4 D (k=2) Z A S 1** 3* Heart 1** 3* Cancer p 1 s 1 N Z A S Alice Heart L d (p 1, D) = L r (p 1, r 1 Ur 2 ) 0.75 D N Z A Alice L d (p 1, D U D ) = L r (p 1, r 1 Ur 2 Us 1 ) 0.86 Steven E. Whang 39

40 l diversity Other Comparison Seman.c Similarity Steven E. Whang 40

41 Conclusion We formalized informa.on leakage Privacy: NOT all or nothing We listed several applica.ons for quan.fying informa.on leakage We compared informa.on leakage with exis.ng privacy models In paper, we propose efficient algorithms for compu.ng leakage Steven E. Whang 41

42 Thanks! Steven E. Whang 42

43 l diversity D N Z A S Alice Heart Bob Cancer Carol Flu Dave Flu D (k=2) Z A S 1** 3* Heart 1** 3* Cancer Steven E. Whang 43

44 l diversity D N Z A S Alice Heart Bob Cancer Carol Flu Dave Influenza D (l=2) Z A S 1** 3* Heart 1** 3* Cancer 2** 50 Influenza Steven E. Whang 44

45 Seman.c Similarity D (l=2) N Z A S r 1 r 2 r 3 r 4 Z A S 1** 3* Heart 1** 3* Cancer 2** 50 Influenza p Carol Flu Steven E. Whang 45

46 Seman.c Similarity r 1 r 2 r 3 r 4 D (l=2) Z A S 1** 3* Heart 1** 3* Cancer 2** 50 Influenza p N Z A S Carol Flu L d (p, D) = L r (p, r 3 Ur 4 ) 0.75 Steven E. Whang 46

47 Seman.c Similarity r 1 r 2 r 3 r 4 D (l=2) Z A S 1** 3* Heart 1** 3* Cancer 2** 50 Influenza p N Z A S Carol Flu L d (p, D) = L r (p, r 3 Ur 4 ) 0.75 If merge func.on μ replaces Influenza with Flu, Steven E. Whang 47

48 Seman.c Similarity r 1 r 2 r 3 r 4 D (l=2) Z A S 1** 3* Heart 1** 3* Cancer 2** 50 Influenza p N Z A S Carol Flu L d (p, D) = L r (p, r 3 Ur 4 ) 0.75 If merge func.on μ replaces Influenza with Flu, L d (p, D) = L r (p, r 3 Ur 4 {<S, Influenza>}) 0.86 Steven E. Whang 48

49 Seman.c Similarity r 1 r 2 r 3 r 4 D (l=2) Z A S 1** 3* Heart 1** 3* Cancer 2** 50 Influenza p N Z A S Carol Flu L d (p, D) = L r (p, r 3 Ur 4 ) 0.75 If merge func.on μ replaces Influenza with Flu, L d (p, D) = L r (p, r 3 Ur 4 {<S, Influenza>}) 0.86 Steven E. Whang 49

DYNAMIC DIFFERENTIAL LOCATION PRIVACY WITH PERSONALIZED ERROR BOUNDS

DYNAMIC DIFFERENTIAL LOCATION PRIVACY WITH PERSONALIZED ERROR BOUNDS LEI YU, LING LIU AND CALTON PU COLLEGE OF COMPUTING GEORGIA INSTITUTE OF TECHNOLOGY Loca%on based services and Privacy issues Marke%ng