The Community for Technology Leaders

Privacy-Preserving Sharing of Sensitive Information

Salvatore J. Stolfo, Columbia University
Gene Tsudik, University of California, Irvine

Pages: pp. 16-17

Confidentiality is a fundamental security property. Many security researchers and practitioners believe that it must be available on each OS and hardware platform to provide personal data privacy. However, personal data privacy is a complex notion that a

general-purpose confidentiality service alone can't guarantee. What is also needed is a clearly defined policy that governs how entities use, store, and transmit personal data, as well as who is permitted to access it. Furthermore, accountability must be enforced to allow for a posteriori tracing of sensitive information flow, whenever private information has been leaked.

One timely and important question (and challenge) is whether it's viable to attain reasonable trade-offs between legitimate (or permitted) need to access certain sensitive information and the need to keep information private as much as possible.

Privacy- preserving sharing of sensitive information (PPSSI) is motivated by the increasing need for entities (organizations or individuals) that don't fully trust each other to share sensitive information. Many types of entities need to collect, analyze, and disseminate data rapidly and accurately, without exposing sensitive information to unauthorized or untrusted parties. For example, census-takers collect private data with the understanding that it won't be released in a form traceable to the individual who provided it. Companies might be willing to divulge sensitive financial data to organizations that release only aggregate data for an industry sector. A hospital might share patient information with a state health agency only to let the latter determine the number (but not identifying information) of uninsured patients. Although statistical methods have been used to protect data for decades, they aren't foolproof and generally involve a trusted third party.

More recently, researchers have studied—and, in a few cases, deployed—techniques using secure, multiparty function evaluation, encrypted keywords, and private information retrieval. However, few practical tools and technologies provide data privacy, especially when entities have certain common goals and require (or are mandated) some sharing of sensitive information. To this end, PPSSI technology aims to enable sharing information, without exposing more than the minimum necessary to complete a common task.

This special issue contains four articles, selected from 24 total submissions, that consider various privacy aspects of information sharing and describe several interesting and elegant PPSSI approaches.

Of the four accepted articles, two deal with general mechanisms for sharing private information, as directed by a formal policy governing this sharing. "Some Like It Private: Sharing Confidential Information Based on Oblivious Authorization," by Emiliano De Cristofaro and Jihye Kim, provides a general cryptographic framework for efficiently sharing private information—for instance, via privacy-preserving keyword queries. The article by Lalana Kagal and Joseph Pato, "Preserving Privacy Based on Semantic Policy Tools," teases out—from a formal policy framework—the semantics and consequences of formal sharing policies, stated in a formal language. Policy analysis provides confidence that a data provider's privacy policy is actually enforced.

We can't adequately advance research in network analytics and security without sharing sensitive network traces. In "Dialing Privacy and Utility: A Proposed Data-Sharing Framework to Advance Internet Research," Erin E. Kenneally and Kimberly Claffy provide an excellent example of how this important research area is enabled when private information is shared among reputable organizations. Going further, the final article, "The Phish-Market Protocol: Secure Sharing Between Competitors," by Tal Moran and Tyler Moore, describes an excellent framework for competitive entities to squeeze more value from their private information. Sharing and permitting the use of proprietary information in a privacy-preserving manner increases the value of that data to all collaborators. This general framework might be applicable to a range of applications and industry sectors. Thus, PPSSI is not only intellectually interesting and sometimes mandated by laws and regulations; it also makes economic sense.

As this issue demonstrates, PPSSI is a broad concept strongly motivated by several current and emerging scenarios. The security research community is vigorously pursuing cryptographic concepts, systems, and applications that enable or take advantage of PPSSI. Despite advances exemplified by the articles in this issue, much work remains. We hope that readers will be interested in digging in further.


Several dedicated people have contributed to the completion of this special issue. We owe a great deal of thanks to the hard-working expert reviewers who did their jobs under severe time constraints. We're very grateful to EIC Carl Landwehr and editorial administrator Mercy Frederickson for their help throughout this special issue's lifetime. Last, but not least, we thank the authors of all submitted articles.

About the Authors

Salvatore J. Stolfo is a professor of computer science at Columbia University. His research interests include computer security, intrusion detection, machine learning, and parallel computing. Stolfo has a PhD in computer science from New York University's Courant Institute. Contact him at
Gene Tsudik is a "Lois and Peter Griffin" professor of computer science at the University of California, Irvine. His research interests are in computer/network security and privacy as well as applied cryptography. Tsudik has a PhD in computer science from the University of Southern California. Contact him at
69 ms
(Ver 3.x)