Open access
Autor(in)
Datum
2020Typ
- Doctoral Thesis
ETH Bibliographie
yes
Altmetrics
Abstract
The objective of this thesis is to make it easier to understand, use, and deploy strong anonymization practices. We make progress towards this goal in three ways. First, we make it easier to understand what anonymization means, and lower the cost of entry for new practitioners. After a historical tour of a number of possible definitions, we introduce differential privacy, a central concept studied throughout this thesis. We then systematize and organize the existing literature on variants and extensions of differential privacy: we categorize them in seven dimensions, compare them with each other, and list some of their main properties.
Second, we consider a natural class of weaker variants of differential privacy: definitions that assume that the attacker only has partial knowledge over the original data. We raise some fundamental issues with existing definitions, and we establish strong theoretical foundations to solve these issues and clearly delineate between distinct attack models. We use these foundations to improve existing results on the privacy of common aggregations and draw links between our notions and older syntactic definitions of privacy. Then, we provide strong negative results for cardinality estimators, a class of algorithms that cannot be made private even under very weak assumptions.
Third, we focus on practical applications. We present novel algorithms to detect reidentifiability and joinability risks of large datasets, and we describe the design of a differentially private query engine designed to be usable to non-experts. We propose multiple possible improvements to this query engine, and discuss a number of trade-offs between privacy, utility, usability, and extensibility; we then discuss operational challenges arising when rolling out anonymization at scale, from choosing parameters to providing appropriate education and guidance to engineers working on anonymization pipelines. Mehr anzeigen
Persistenter Link
https://doi.org/10.3929/ethz-b-000508570Publikationsstatus
publishedExterne Links
Printexemplar via ETH-Bibliothek suchen
Beteiligte
Referent: Basin, David
Referent: Hofheinz, Dennis
Referent: Troncoso, Carmela
Referent: Machanavajjhala, Ashwin
Verlag
ETH ZurichThema
Differential privacy; Data privacy; PrivacyOrganisationseinheit
03634 - Basin, David / Basin, David
ETH Bibliographie
yes
Altmetrics