Strategic Modeling of Information Sharing among Data Privacy Attackers

Research in privacy-preserving data publishing has revealed the necessity of accounting for an adversary’s background knowledge when reasoning about the protection afforded by various anonymization schemes. Most existing work models the background knowledge of one individual adversary or privacy attacker, or makes a worst-case assumption that attackers will act as one: colluding through sharing of background information. We propose a framework for modeling multiple attackers with heterogeneous background knowledge, supporting analysis of their strategic incentives for sharing information prior to attack. The framework posits a decentralized mechanism by which agents decide whether and how much information to share, and defines a normal-form game representing their strategic choice setting. Through a simple example, we show that the efficacy of database generalization operations depends on the informationsharing strategies adopted by the attackers. Through analysis of the underlying game model, a database publisher can adopt a generalization level geared to the level of sharing expected among rational attackers. Povzetek: Predstavljen je model napadov na privatnost s heterogenim ozadjem.

[1]  C. Papadimitriou,et al.  On the value of private information , 2001 .

[2]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[3]  Luis E. Ortiz,et al.  Algorithms for Interdependent Security Games , 2003, NIPS.

[4]  H. Kunreuther,et al.  Interdependent Security , 2003 .

[5]  Jun Xu,et al.  Sustaining Availability of Web Services under Distributed Denial of Service Attacks , 2003, IEEE Trans. Computers.

[6]  Avanidhar Subrahmanyam,et al.  The Value of Private Information , 2005 .

[7]  Roberto J. Bayardo,et al.  Data privacy through optimal k-anonymization , 2005, 21st International Conference on Data Engineering (ICDE'05).

[8]  Evimaria Terzi,et al.  On Honesty in Sovereign Information Sharing , 2006, EDBT.

[9]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[10]  Ashwin Machanavajjhala,et al.  Worst-Case Background Knowledge in Privacy , 2006 .

[11]  Raghu Ramakrishnan,et al.  Privacy Skyline: Privacy with Multidimensional Adversarial Knowledge , 2007, VLDB.

[12]  Stefan Savage,et al.  An inquiry into the nature and causes of the wealth of internet miscreants , 2007, CCS '07.

[13]  Sarit Kraus,et al.  Deployed ARMOR protection: the application of a game theoretic model for security at the Los Angeles International Airport , 2008, AAMAS.

[14]  Michael P. Wellman,et al.  Knowledge Combination in Graphical Multiagent Models , 2008, UAI.

[15]  Sarit Kraus,et al.  Deployed ARMOR protection: the application of a game theoretic model for security at the Los Angeles International Airport , 2008, AAMAS 2008.

[16]  Nicolas Christin,et al.  Secure or insure?: a game-theoretic analysis of information security games , 2008, WWW.

[17]  Ninghui Li,et al.  Modeling and Integrating Background Knowledge in Data Anonymization , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[18]  Manish Jain,et al.  Computing optimal randomized resource allocations for massive security games , 2009, AAMAS 2009.

[19]  Michael P. Wellman,et al.  Generalization risk minimization in empirical game models , 2009, AAMAS.