Data outsourcing, also known as database-as-a-service, has been widely used in industry to provide better data management while lowering the cost. However data outsourcing is limited in the presence of sensitive data (e.g., medical records) due to the untrusted third party providing the data outsourcing service. In this thesis, we present a private data outsourcing model supporting both queries and updates by using anonymization.
Our private data outsourcing model is based on a data publishing technique called anatomization. Data are divided into identifying and sensitive data the same way in anatomization; however, the client can also reconstruct the original identifiable data from the separated data. Without the client, an adversary can link individuals to their actual sensitive values only to an extent specified by the underlying privacy preserving technique (such as k -anonymity or l -diversity). By exposing data where possible, the server can perform value-added services such as data analysis not possible with fully encrypted data, while still being unable to violate privacy constraints.
We first present a relational query processor limited to queries that minimize the client-side computation while ensuring that the server learns nothing violating the privacy constraints. We then focus on updates and present a dynamic private data outsourcing model on top of the query processor allowing the client to insert, delete and update tuples with the same privacy guarantees as our read-only model. Lastly, we present a prototype for our private data outsourcing model.
Recommendations
Query processing in private data outsourcing using anonymization
CERIAS '12: Proceedings of the 13th Annual Information Security SymposiumWe propose a model supporting privacy-preserving data manipulation for private data outsourcing. This builds on the model of anatomization, where identifying and sensitive information are separated, and linked only in groups such that the probability of ...
Query processing in private data outsourcing using anonymization
DBSec'11: Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacyWe present a query processing scheme in a private data outsourcing model. We assume data is divided into identifying and sensitive data using an anatomy approach; only the client is able to reconstruct the original identifiable data. The key ...
Spectral Anonymization of Data
The goal of data anonymization is to allow the release of scientifically useful data in a form that protects the privacy of its subjects. This requires more than simply removing personal identifiers from the data because an attacker can still use ...