Uncoordinated Syntactic Privacy: A New Composable Metric for Multiple, Independent Data Publishing

IF 6.3 1区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS

IEEE Transactions on Information Forensics and Security Pub Date : 2025-03-14 DOI:10.1109/TIFS.2025.3551645

Adrián Tobar Nicolau;Javier Parra-Arnau;Jordi Forné;Vicenç Torra

{"title":"Uncoordinated Syntactic Privacy: A New Composable Metric for Multiple, Independent Data Publishing","authors":"Adrián Tobar Nicolau;Javier Parra-Arnau;Jordi Forné;Vicenç Torra","doi":"10.1109/TIFS.2025.3551645","DOIUrl":null,"url":null,"abstract":"A privacy model is a privacy condition, dependent on a parameter, that guarantees an upper bound on the risk of reidentification disclosure and maybe also on the risk of attribute disclosure by an adversary. A privacy model is composable if the privacy guarantees of the model are preserved, possibly to a limited extent, after repeated independent application of the privacy model. From the opposite perspective, a privacy model is not composable if multiple independent data releases, each of them satisfying the requirements of the privacy model, may result in a privacy breach. Current privacy models are broadly classified into syntactic ones (such as k-anonymity and l-diversity) and semantic ones, which essentially refer to <inline-formula> <tex-math>$\\varepsilon $ </tex-math></inline-formula>-differential privacy (e-DP) and variations thereof. While e-DP and its variants offer strong composability properties, syntactic notions are not composable unless data releases are conducted by a single, centralized data holder that uses specialized notions such as m-invariance and <inline-formula> <tex-math>$\\tau $ </tex-math></inline-formula>-safety. In this work, we propose m-uncoordinated-syntactic-privacy (m-USP), the first syntactic notion with composability properties for the independent publication of nondisjoint data, in other words, without a centralized data holder. Theoretical results are formally proven, and experimental results demonstrate that the risk to individuals does not increase significantly, in contrast to non-composable methods, that are susceptible to attribute disclosure. In most cases, the utility degradation caused by the extra protection is less than 5% and decreases as the value of m increases.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"3362-3373"},"PeriodicalIF":6.3000,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10926580","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Information Forensics and Security","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10926580/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

A privacy model is a privacy condition, dependent on a parameter, that guarantees an upper bound on the risk of reidentification disclosure and maybe also on the risk of attribute disclosure by an adversary. A privacy model is composable if the privacy guarantees of the model are preserved, possibly to a limited extent, after repeated independent application of the privacy model. From the opposite perspective, a privacy model is not composable if multiple independent data releases, each of them satisfying the requirements of the privacy model, may result in a privacy breach. Current privacy models are broadly classified into syntactic ones (such as k-anonymity and l-diversity) and semantic ones, which essentially refer to

$\varepsilon $

-differential privacy (e-DP) and variations thereof. While e-DP and its variants offer strong composability properties, syntactic notions are not composable unless data releases are conducted by a single, centralized data holder that uses specialized notions such as m-invariance and

$\tau $

-safety. In this work, we propose m-uncoordinated-syntactic-privacy (m-USP), the first syntactic notion with composability properties for the independent publication of nondisjoint data, in other words, without a centralized data holder. Theoretical results are formally proven, and experimental results demonstrate that the risk to individuals does not increase significantly, in contrast to non-composable methods, that are susceptible to attribute disclosure. In most cases, the utility degradation caused by the extra protection is less than 5% and decreases as the value of m increases.

查看原文本刊更多论文

非协调语法隐私：用于多个独立数据发布的可组合新指标

隐私模型是一种依赖于参数的隐私条件，它保证了再标识披露风险的上限，也可能是攻击者披露属性风险的上限。如果在多次独立应用隐私模型后，该模型的隐私保证被保留（可能在有限程度上保留），则该隐私模型是可组合的。从相反的角度来看，如果多个独立的数据发布（每个数据都满足隐私模型的要求）可能导致隐私泄露，那么隐私模型是不可组合的。目前的隐私模型大致分为句法模型（如k-匿名和l-多样性）和语义模型，本质上是指$\varepsilon $ -差分隐私（e-DP）及其变体。虽然e-DP及其变体提供了强大的可组合性属性，但语法概念是不可组合的，除非数据发布是由使用m-不变性和$\tau $ -安全等专门概念的单个集中式数据持有者执行的。在这项工作中，我们提出了m-非协调句法隐私（m-USP），这是第一个具有可组合性属性的句法概念，用于独立发布非分离数据，换句话说，没有集中的数据持有者。理论结果得到了正式证明，实验结果表明，与易受属性披露影响的非组合方法相比，个体的风险没有显著增加。在大多数情况下，由额外保护引起的效用退化小于5% and decreases as the value of m increases.

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Information Forensics and Security 工程技术-工程：电子与电气

CiteScore

14.40

自引率

7.40%

发文量

234

审稿时长

6.5 months

期刊介绍： The IEEE Transactions on Information Forensics and Security covers the sciences, technologies, and applications relating to information forensics, information security, biometrics, surveillance and systems applications that incorporate these features