Epistemic privacy

We present a novel definition of privacy in the framework of offline (retroactive) database query auditing. Given information about the database, a description of sensitive data, and assumptions about users' prior knowledge, our goal is to determine if answering a past user's query could have led to a privacy breach. According to our definition, an audited property A is private, given the disclosure of property B, if no user can gain confidence in A by learning B, subject to prior knowledge constraints. Privacy is not violated if the disclosure of B causes a loss of confidence in A. The new notion of privacy is formalized using the well-known semantics for reasoning about knowledge, where logical properties correspond to sets of possible worlds (databases) that satisfy these properties. Database users are modelled as either possibilistic agents whose knowledge is a set of possible worlds, or as probabilistic agents whose knowledge is a probability distribution on possible worlds. We analyze the new privacy notion, show its relationship with the conventional approach, and derive criteria that allow the auditor to test privacy efficiently in some important cases. In particular, we prove characterization theorems for the possibilistic case, and study in depth the probabilistic case under the assumption that all database records are considered a-priori independent by the user, as well as under more relaxed (or absent) prior-knowledge assumptions. In the probabilistic case we show that for certain families of distributions there is no efficient algorithm to test whether an audited property A is private given the disclosure of a property B, assuming P ` NP. Nevertheless, for many interesting families, such as the family of product distributions, we obtain algorithms that are efficient both in theory and in practice.

[1]  N. Z. Shor Class of global minimum bounds of polynomial functions , 1987 .

[2]  H. Elsheshtawy,et al.  Personal Information Protection and Electronic Documents Act , 2015 .

[3]  Constantine Caramanis,et al.  Non-Convex Optimization via Real Algebraic Geometry , 2001 .

[4]  Rajeev Motwani,et al.  Towards robustness in query auditing , 2006, VLDB.

[5]  Ronald Fagin,et al.  A model-theoretic analysis of knowledge , 1991, JACM.

[6]  B. Bollobás Combinatorics: Set Systems, Hypergraphs, Families of Vectors and Combinatorial Probability , 1986 .

[7]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[8]  Günter Asser,et al.  Zeitschrift für mathematische Logik und Grundlagen der Mathematik , 1955 .

[9]  Irit Dinur,et al.  Revealing information while preserving privacy , 2003, PODS.

[10]  N. Z. Shor,et al.  Modifiedr-algorithm to find the global minimum of polynomial functions , 1997 .

[11]  Alan Ross Anderson Review: Georg H. v. Wright, An Essay in Modal Logic , 1953 .

[12]  John F. Canny Improved Algorithms for Sign Determination and Existential Quantifier Elimination , 1993, Comput. J..

[13]  Richard M. Karp,et al.  Reducibility Among Combinatorial Problems , 1972, 50 Years of Integer Programming.

[14]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[15]  Lynn A. Karoly,et al.  Health Insurance Portability and Accountability Act of 1996 (HIPAA) Administrative Simplification , 2010, Practice Management Consultant.

[16]  G. Pólya,et al.  How to Solve It. A New Aspect of Mathematical Method. , 1945 .

[17]  Pablo A. Parrilo,et al.  Minimizing Polynomial Functions , 2001, Algorithmic and Quantitative Aspects of Real Algebraic Geometry in Mathematics and Computer Science.

[18]  Dan Suciu,et al.  A formal analysis of information disclosure in data exchange , 2004, SIGMOD '04.

[19]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[20]  Nina Mishra,et al.  Simulatable auditing , 2005, PODS.

[21]  Cynthia Dwork,et al.  Privacy-Preserving Datamining on Vertically Partitioned Databases , 2004, CRYPTO.

[22]  R. L. Goodstein,et al.  An Essay in Modal Logic , 1953, The Mathematical Gazette.

[23]  P. Parrilo Structured semidefinite programs and semialgebraic geometry methods in robustness and optimization , 2000 .

[24]  Marie-Françoise Roy,et al.  On the combinatorial and algebraic complexity of Quanti erEliminationS , 1994 .

[25]  Dan Suciu,et al.  Journal of the ACM , 2006 .

[26]  G. Pólya,et al.  Mathematics and Plausible Reasoning: Vol. I: Induction and Analogy in Mathematics , 1979 .

[27]  P. Campbell How to Solve It: A New Aspect of Mathematical Method , 2005 .

[28]  László Lovász,et al.  Submodular functions and convexity , 1982, ISMP.

[29]  Saul A. Kripke,et al.  Semantical Analysis of Modal Logic I Normal Modal Propositional Calculi , 1963 .

[30]  R. Aharoni,et al.  Two and a Half Remarks on the Marica-Schönheim Inequality , 1993 .

[31]  Christos Faloutsos,et al.  Auditing Compliance with a Hippocratic Database , 2004, VLDB.

[32]  K. Schmüdgen TheK-moment problem for compact semi-algebraic sets , 1991 .

[33]  Fabio Gagliardi Cozman,et al.  Computing lower and upper expectations under epistemic independence , 2007, Int. J. Approx. Reason..

[34]  G. Stengle A nullstellensatz and a positivstellensatz in semialgebraic geometry , 1974 .

[35]  Satoru Fujishige,et al.  Submodular functions and optimization , 1991 .

[36]  BasuSaugata,et al.  On the combinatorial and algebraic complexity of quantifier elimination , 1996 .

[37]  Cynthia Dwork,et al.  Practical privacy: the SuLQ framework , 2005, PODS.

[38]  G. Polya,et al.  Mathematics and Plausible Reasoning. Volume I, Induction and Analogy in Mathematics. Volume II, Patterns of Plausible Inference. , 1955 .

[39]  D. E. Daykin,et al.  An inequality for the weights of two families of sets, their unions and intersections , 1978 .

[40]  J. Armstrong Knowledge and Belief , 1953 .

[41]  J. Marica,et al.  Differences of Sets and A Problem of Graham , 1969, Canadian Mathematical Bulletin.

[42]  Geoffrey E. Hinton,et al.  A Learning Algorithm for Boltzmann Machines , 1985, Cogn. Sci..

[43]  G. P. Henderson,et al.  An Essay in Modal Logic. , 1953 .

[44]  Rajeev Motwani,et al.  Auditing SQL Queries , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[45]  Alexandre V. Evfimievski,et al.  Limiting privacy breaches in privacy preserving data mining , 2003, PODS.

[46]  Ronald Fagin,et al.  Reasoning about knowledge , 1995 .

[47]  Phokion G. Kolaitis,et al.  Structure identification of Boolean relations and plain bases for co-clones , 2008, J. Comput. Syst. Sci..