Checking for k-Anonymity Violation by Views

When a private relational table is published using views, secrecy or privacy may be violated. This paper uses a formally-defined notion of k-anonymity to measure disclosure by views, where k >1 is a positive integer. Intuitively, violation of k-anonymity occurs when a particular attribute value of an entity can be determined to be among less than k possibilities by using the views together with the schema information of the private table. The paper shows that, in general, whether a set of views violates k-anonymity is a computationally hard problem. Subcases are identified and their computational complexities discussed. Especially interesting are those subcases that yield polynomial checking algorithms (in the number of tuples in the views). The paper also provides an efficient conservative algorithm that checks for necessary conditions for k-anonymity violation.