This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Multirelational k-Anonymity
August 2009 (vol. 21 no. 8)
pp. 1104-1117
Mehmet Ercan Nergiz, Sabanci University, Istanbul, Purdue University, West Lafayette
Christopher Clifton, Purdue University, West Lafayette
Ahmet Erhan Nergiz, Bilkent University, Istanbul, Purdue University, West Lafayette
k-Anonymity protects privacy by ensuring that data cannot be linked to a single individual. In a k-anonymous data set, any identifying information occurs in at least k tuples. Much research has been done to modify a single-table data set to satisfy anonymity constraints. This paper extends the definitions of k-anonymity to multiple relations and shows that previously proposed methodologies either fail to protect privacy or overly reduce the utility of the data in a multiple relation setting. We also propose two new clustering algorithms to achieve multirelational anonymity. Experiments show the effectiveness of the approach in terms of utility and efficiency.

[1] G. Agrawal, T. Feder, K. Kenthapadi, S. Khuller, R. Panigrahy, D. Thomas, and A. Zhu, “Achieving Anonymity via Clustering,” Proc. 25th ACM SIGMOD-SIGACT-SIGART Symp. Principles of Database Systems (PODS'06), pp. 153-162, June 2006.
[2] K.W.B. Fung and P. Yu, “Top-Down Specialization for Information and Privacy Preservation,” Proc. 21st Int'l Conf. Data Eng. (ICDE), 2005.
[3] R. Bayardo and R. Agrawal, “Data Privacy through Optimal $k$ -Anonymization,” Proc. 21st Int'l Conf. Data Eng. (ICDE), 2005.
[4] J.-W. Byun, A. Kamra, E. Bertino, and N. Li, “Efficient $k$ -Anonymization Using Clustering Techniques,” Proc. 12th Int'l Conf. Database Systems for Advanced Applications (DASFAA '07), Apr. 2007.
[5] B.-C. Chen, K. LeFevre, and R. Ramakrishnan, “Privacy Skyline: Privacy with Multidimensional Adversarial Knowledge,” Proc. 33rd Int'l Conf. Very Large Data Bases (VLDB '07), pp. 770-781, 2007.
[6] J. Domingo-Ferrer and V. Torra, “Ordinal, Continuous and Heterogeneous $k$ -Anonymity through Microaggregation,” Data Mining and Knowledge Discovery, vol. 11, no. 2, pp. 195-212, 2005.
[7] W. Du, Z. Teng, and Z. Zhu, “Privacy-MaxEnt: Integrating Background Knowledge in Privacy Quantification,” Proc. ACM SIGMOD '08, pp. 459-472, June 2008.
[8] A.O. Hrn and L. Ohno-Machado, “Using Boolean Reasoning to Anonymize Databases,” Artificial Intelligence in Medicine, vol. 15, no. 3, pp. 235-254, , Mar. 1999.
[9] A. Hundepool and L. Willenborg, “$\mu$ and t-argus: Software for Statistical Disclosure Control,” Proc. Third Int'l Seminar Statistical Confidentiality, 1996.
[10] V. Iyengar, “Transforming Data to Satisfy Privacy Constraints,” Proc. Eighth ACM SIGKDD Int'l Conf. Knowledge Discovery and Data Mining (KDD '02), pp. 279-288, 2002.
[11] W. Jiang and C. Clifton, “A Secure Distributed Framework for Achieving $k$ -Anonymity,” VLDB J. Privacy-Preserving Data Management, special issue, Sept. 2006.
[12] D. Kifer and J. Gehrke, “Injecting Utility into Anonymized Datasets,” Proc. ACM SIGMOD '06, pp. 217-228, 2006.
[13] K. LeFevre, D. DeWitt, and R. Ramakrishnan, “Incognito: Efficient Full-Domain $k$ -Anonymity,” Proc. ACM SIGMOD '05, June 2005.
[14] K. LeFevre, D.J. DeWitt, and R. Ramakrishnan, “Mondrian Multidimensional $k$ -Anonymity,” Proc. 22nd Int'l Conf. Data Eng. (ICDE'06), pp. 25-35, , Apr. 2006.
[15] N. Li and T. Li, “T-Closeness: Privacy beyond $k$ -Anonymity and $l$ -Diversity,” Proc. 23rd Int'l Conf. Data Eng. (ICDE '07), Apr. 2007.
[16] A. Machanavajjhala, J. Gehrke, D. Kifer, and M. Venkitasubramaniam, “$l$ -Diversity: Privacy beyond $k$ -Anonymity,” Proc. 22nd Int'l Conf. Data Eng. (ICDE '06), Apr. 2006.
[17] D.J. Martin, D. Kifer, A. Machanavajjhala, J. Gehrke, and J.Y. Halpern, “Worst-Case Background Knowledge for Privacy-Preserving Data Publishing,” Proc. 23rd Int'l Conf. Data Eng. (ICDE'07), Apr. 2007.
[18] M.E. Nergiz, M. Atzori, and C. Clifton, “Hiding the Presence of Individuals in Shared Databases,” Proc. ACM SIGMOD '07, June 2007.
[19] M.E. Nergiz and C. Clifton, “Thoughts on $k$ -Anonymization,” Proc. 22nd Int'l Conf. Data Eng. Workshops (ICDEW '06), p. 96, 2006.
[20] P. Samarati, “Protecting Respondents' Identities in Microdata Release,” IEEE Trans. Knowledge and Data Eng., vol. 13, no. 6, pp.1010-1027, Nov./Dec. 2001.
[21] L. Sweeney, “Guaranteeing Anonymity When Sharing Medical Data, the Datafly System,” Proc., J. Am. Medical Informatics Assoc., Hanley & Belfus, 1997.
[22] L. Sweeney, “Achieving $k$ -Anonymity Privacy Protection Using Generalization and Suppression,” Int'l J. Uncertainty, Fuzziness and Knowledge-Based Systems, vol. 10, no. 5, 2002.
[23] L. Sweeney, “$k$ -Anonymity: A Model for Protecting Privacy,” Int'l J. Uncertainty, Fuzziness and Knowledge-Based Systems, vol. 10, no. 5, pp. 557-570, 2002.
[24] R.C.-W. Wong, A.W.-C. Fu, K. Wang, and J. Pei, “Minimality Attack in Privacy Preserving Data Publishing,” Proc. 33rd Int'l Conf. Very Large Data Bases (VLDB '07), pp.543-554, 2007.
[25] X. Xiao and Y. Tao, “Anatomy: Simple and Effective Privacy Preservation,” Proc. 32nd Int'l Conf. Very Large Data Bases (VLDB'06), Sept. 2006.
[26] X. Xiao and Y. Tao, “Personalized Privacy Preservation,” Proc. ACM SIGMOD '06, pp. 229-240, 2006.
[27] C. Yao, X.S. Wang, and S. Jajodia, “Checking for $k$ -Anonymity Violation by Views,” Proc. 31st Int'l Conf. Very Large Data Bases (VLDB '05), pp. 910-921, 2005.
[28] Q. Zhang, N. Koudas, D. Srivastava, and T. Yu, “Aggregate Query Answering on Anonymized Tables,” Proc. 23rd Int'l Conf. Data Eng. (ICDE '07), pp. 116-125, Apr. 2007.
[29] S. Zhong, Z. Yang, and R.N. Wright, “Privacy-Enhancing $k$ -Anonymization of Customer Data,” Proc. 24th ACM SIGMOD-SIGACT-SIGART Symp. Principles of Database Systems (PODS '05), pp. 139-147, 2005.

Index Terms:
Privacy, relational database, security, integrity, protection.
Citation:
Mehmet Ercan Nergiz, Christopher Clifton, Ahmet Erhan Nergiz, "Multirelational k-Anonymity," IEEE Transactions on Knowledge and Data Engineering, vol. 21, no. 8, pp. 1104-1117, Aug. 2009, doi:10.1109/TKDE.2008.210
Usage of this product signifies your acceptance of the Terms of Use.