Slicing: A New Approach to Privacy Preserving Data Publishing

Several anonymity techniques, such as generalization and bucketization, have been designed for privacy preserving micro data publishing. Recent work has shown that generalization loses considerable amount of information, especially for high dimensional data. Bucketization, on the other hand, does not prevent membership disclosure and does not apply for data that do not have a clear separation between quasi-identifying attributes and sensitive attributes. In this paper, we present a novel technique called overlapping slicing, which partitions the data both horizontally and vertically. We show that overlapping slicing preserves better data utility than generalization and can be used for membership disclosure protection. Another important advantage of overlapping slicing is that it can handle high-dimensional data storage. We show how overlapping slicing can be used for attribute disclosure protection and develop an efficient algorithm for computing the sliced data that obey the '-diversity requirement. Our workload experiment confirm that overlapping slicing preserves better utility than generalization and is more effective than bucketization in workloads involving the sensitive attribute. Our experiments also demonstrate that overlapping slicing can be used to prevent membership disclosure. We consider the collaborative data publishing problem for anonymizing horizontally partitioned data at multiple data providers. We consider a new type of "insider attack" by colluding data providers who may use their own data records (a subset of the overall data) in addition to the external background knowledge to infer the data records contributed by other data providers. The paper addresses this new threat and makes several contributions. First, we introduce the notion of m-privacy, which guarantees that the anonymity data satisfies a given privacy constraint against any group of up to m colluding data providers. Second, we present heuristic algorithms exploiting the equivalence group monotonicity of privacy constraints and adaptive ordering techniques for efficiently checking m- privacy given a set of records. Finally, we present a data provider-aware anonymity algorithm with adaptive m- privacy checking strategies to ensure high utility and m- privacy of anonymity data with efficiency. Experiments on real-life datasets suggest that our approach achieves better or comparable utility and efficiency than existing and baseline algorithms while providing m-privacy guarantee.