accuracy-constrained privacy-preserving access control mechanism for relational data
TRANSCRIPT
![Page 1: Accuracy-Constrained Privacy-Preserving Access Control Mechanism For Relational Data](https://reader033.vdocuments.site/reader033/viewer/2022052400/55a615ba1a28abff328b4795/html5/thumbnails/1.jpg)
![Page 2: Accuracy-Constrained Privacy-Preserving Access Control Mechanism For Relational Data](https://reader033.vdocuments.site/reader033/viewer/2022052400/55a615ba1a28abff328b4795/html5/thumbnails/2.jpg)
Overview
Introduction
Types Of Access Control
Access Control For Relational Data
Anonymity Definitions
Predicate Evaluation And Imprecision
Algorithm
Anonymization With Imprecision Bounds
Accuracy-Constrained Privacy-Preserving Access
Control
Conclusion
![Page 3: Accuracy-Constrained Privacy-Preserving Access Control Mechanism For Relational Data](https://reader033.vdocuments.site/reader033/viewer/2022052400/55a615ba1a28abff328b4795/html5/thumbnails/3.jpg)
INTRODUCTION
ACCESS CONTROL MECHANISM:
Access Control is a set of controls to restrict access
to certain resources.
![Page 4: Accuracy-Constrained Privacy-Preserving Access Control Mechanism For Relational Data](https://reader033.vdocuments.site/reader033/viewer/2022052400/55a615ba1a28abff328b4795/html5/thumbnails/4.jpg)
Types of Access Control
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Role Based Access Control (RBAC)
![Page 5: Accuracy-Constrained Privacy-Preserving Access Control Mechanism For Relational Data](https://reader033.vdocuments.site/reader033/viewer/2022052400/55a615ba1a28abff328b4795/html5/thumbnails/5.jpg)
Access Control For Relational Data
Column-level access control
Cell-level access control
Role-based access control
![Page 6: Accuracy-Constrained Privacy-Preserving Access Control Mechanism For Relational Data](https://reader033.vdocuments.site/reader033/viewer/2022052400/55a615ba1a28abff328b4795/html5/thumbnails/6.jpg)
Motivational Scenario
![Page 7: Accuracy-Constrained Privacy-Preserving Access Control Mechanism For Relational Data](https://reader033.vdocuments.site/reader033/viewer/2022052400/55a615ba1a28abff328b4795/html5/thumbnails/7.jpg)
Anonymity Definitions
Equivalence Class (EC) - An equivalence class is
a set of tuples having the same Quasi-identifier attribute values.
k-anonymity Property - A table T satisfies the
k-anonymity property if each equivalence class has k or more
tuples.
Query Imprecision - Query Imprecision is defined as the
difference between the number of tuples returned by a query
evaluated on an anonymized relation T and the number of
tuples for the same query on the original relation T.
![Page 8: Accuracy-Constrained Privacy-Preserving Access Control Mechanism For Relational Data](https://reader033.vdocuments.site/reader033/viewer/2022052400/55a615ba1a28abff328b4795/html5/thumbnails/8.jpg)
QI1 QI2 S1
ID Age Zip Disease
1 5 15 Flu
2 15 28 Fever
3 28 45 Diarrhea
4 25 60 Fever
5 38 74 Flu
6 32 89 Diarrhea
Sensitive Table
![Page 9: Accuracy-Constrained Privacy-Preserving Access Control Mechanism For Relational Data](https://reader033.vdocuments.site/reader033/viewer/2022052400/55a615ba1a28abff328b4795/html5/thumbnails/9.jpg)
QI1 QI2 S1
Age Zip Disease
0-20 10-30 Flu
0-20 10-30 Fever
20-40 30-60 Diarrhea
20-40 30-60 Fever
40-60 60-90 Flu
40-60 60-90 Diarrhea
2-anonymous Table
![Page 10: Accuracy-Constrained Privacy-Preserving Access Control Mechanism For Relational Data](https://reader033.vdocuments.site/reader033/viewer/2022052400/55a615ba1a28abff328b4795/html5/thumbnails/10.jpg)
Predicate Evaluation and Imprecision
Uniform - includes all tuples from all partitions according
to the ratio of overlap between the query and the partition.
Overlap - includes all tuples in all partitions that overlap
the query region.
Enclosed - discard all tuples in all partitions that partially
overlap the query region
![Page 11: Accuracy-Constrained Privacy-Preserving Access Control Mechanism For Relational Data](https://reader033.vdocuments.site/reader033/viewer/2022052400/55a615ba1a28abff328b4795/html5/thumbnails/11.jpg)
Comparison of Median cut and Query cut
![Page 12: Accuracy-Constrained Privacy-Preserving Access Control Mechanism For Relational Data](https://reader033.vdocuments.site/reader033/viewer/2022052400/55a615ba1a28abff328b4795/html5/thumbnails/12.jpg)
Algorithm: Top Down Selection
Mondrian
The objective of TDSM is to minimize the total imprecision for
all queries.
TDSM starts with the whole tuple space as one partition and
then partitions are recursively divided till the time new
partitions meet the privacy requirement.
NOTE: To divide a partition, two decisions need to be made,
i) Choosing a split value along each dimension, and
ii) Choosing a dimension along which to split.
![Page 13: Accuracy-Constrained Privacy-Preserving Access Control Mechanism For Relational Data](https://reader033.vdocuments.site/reader033/viewer/2022052400/55a615ba1a28abff328b4795/html5/thumbnails/13.jpg)
Algorithm: Top Down Selection
Mondrian conti…
In the TDSM algorithm, the split value is chosen along the
median and then the dimension is selected along which the sum
of imprecision for all queries is minimum.
The time complexity of TDSM is O(d|Q|nlogn) where d is the
number of dimensions of a tuple, Q is the set of queries, and n
is the total number of tuples.
![Page 14: Accuracy-Constrained Privacy-Preserving Access Control Mechanism For Relational Data](https://reader033.vdocuments.site/reader033/viewer/2022052400/55a615ba1a28abff328b4795/html5/thumbnails/14.jpg)
Accuracy-Constrained Privacy-
Preserving Access Control
![Page 15: Accuracy-Constrained Privacy-Preserving Access Control Mechanism For Relational Data](https://reader033.vdocuments.site/reader033/viewer/2022052400/55a615ba1a28abff328b4795/html5/thumbnails/15.jpg)
CONCLUSIONS
The framework is a combination of access control and privacy
protection mechanisms.
The access control mechanism allows only authorized query
predicates on sensitive data.
The privacy preserving module anonymizes the data to meet
privacy requirements and imprecision constraints on predicates
set by the access control mechanism.
![Page 16: Accuracy-Constrained Privacy-Preserving Access Control Mechanism For Relational Data](https://reader033.vdocuments.site/reader033/viewer/2022052400/55a615ba1a28abff328b4795/html5/thumbnails/16.jpg)
[1] E. Bertino and R. Sandhu, “Database Security-Concepts, Approaches, and
Challenges,” IEEE Trans. Dependable and Secure Computing, vol. 2, no. 1, pp. 2-19,
Jan.-Mar. 2005.
[2] P. Samarati, “Protecting Respondents’ Identities in Microdata Release,” IEEE
Trans. Knowledge and Data Eng., vol. 13, no. 6, pp. 1010-1027, Nov. 2001.
[3] B. Fung, K. Wang, R. Chen, and P. Yu, “Privacy-Preserving Data Publishing: A
Survey of Recent Developments,” ACM Computing Surveys, vol. 42, no. 4, article 14,
2010.
[4] A. Machanavajjhala, D. Kifer, J. Gehrke, and M. Venkitasubramaniam, “L-
Diversity: Privacy Beyond k-anonymity,” ACM Trans. Knowledge Discovery from
Data, vol. 1, no. 1, article 3, 2007.
[5] K. LeFevre, D. DeWitt, and R. Ramakrishnan, “Workload-Aware Anonymization
Techniques for Large-Scale Datasets,” ACM Trans. Database Systems, vol. 33, no. 3,
pp. 1-47, 2008.
[6] T. Iwuchukwu and J. Naughton, “K-Anonymization as Spatial Indexing: Toward Scalable and Incremental Anonymization,” Proc. 33rd Int’l Conf. Very Large Data Bases, pp. 746-757, 2007.
References
![Page 17: Accuracy-Constrained Privacy-Preserving Access Control Mechanism For Relational Data](https://reader033.vdocuments.site/reader033/viewer/2022052400/55a615ba1a28abff328b4795/html5/thumbnails/17.jpg)