Methods to Mitigate Risk of Composition Attack in Independent Data Publications

Li, Jiuyong; Sattar, Sarowar A.; Baig, Muzammil M.; Liu, Jixue; Tang, Qiang; Malin, Bradley

Reference : Methods to Mitigate Risk of Composition Attack in Independent Data Publications


	Document type :	Parts of books : Contribution to collective works
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Security, Reliability and Trust
	To cite this reference:	http://hdl.handle.net/10993/26451

Title :	Methods to Mitigate Risk of Composition Attack in Independent Data Publications
Language :	English
Author, co-author :	Li, Jiuyong []
	Sattar, Sarowar A. []
	Baig, Muzammil M. []
	Liu, Jixue []
	Tang, Qiang [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Malin, Bradley []
Publication date :	2015
Main document title :	Medical Data Privacy Handbook 2015
Publisher :	Springer
Peer reviewed :	Yes
Abstract :	[en] Data publication is a simple and cost-effective approach for data sharing across organizations. Data anonymization is a central technique in privacy preserving data publications. Many methods have been proposed to anonymize individual datasets and multiple datasets of the same data publisher. In real life, a dataset is rarely isolated and two datasets published by two organizations may contain the records of the same individuals. For example, patients might have visited two hospitals for follow-up or specialized treatment regarding a disease, and their records are independently anonymized and published. Although each published dataset poses a small privacy risk, the intersection of two datasets may severely compromise the privacy of the individuals. The attack using the intersection of datasets published by different organizations is called a composition attack. Some research work has been done to study methods for anonymizing data to prevent a composition attack for independent data releases where one data publisher has no knowledge of records of another data publisher. In this chapter, we discuss two exemplar methods, a randomization based and a generalization based approaches, to mitigate risks of composition attacks. In the randomization method, noise is added to the original values to make it difficult for an adversary to pinpoint an individual’s record in a published dataset. In the generalization method, a group of records according to potentially identifiable attributes are generalized to the same so that individuals are indistinguishable. We discuss and experimentally demonstrate the strengths and weaknesses of both types of methods. We also present a mixed data publication framework where a small proportion of the records are managed and published centrally and other records are managed and published locally in different organizations to reduce the risk of the composition attack and improve the overall utility of the data.
Research centres :	snt
Funders :	Fonds National de la Recherche - FnR
Name of the research project :	BRAIDS
Target :	Researchers
Permalink :	http://hdl.handle.net/10993/26451
FnR project :	FnR ; FNR5856658 > Qiang Tang > BRAIDS > Boosting Security and Efficiency in Recommender Systems > 15/04/2014 > 14/04/2017 > 2013

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Limited access	Methods to Mitigate Risk of Composition Attack in Independent Data Publications.pdf		Publisher postprint	867.33 kB	Request a copy

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices