Open access
Author
Date
2020Type
- Doctoral Thesis
ETH Bibliography
yes
Altmetrics
Abstract
The objective of this thesis is to make it easier to understand, use, and deploy strong anonymization practices. We make progress towards this goal in three ways. First, we make it easier to understand what anonymization means, and lower the cost of entry for new practitioners. After a historical tour of a number of possible definitions, we introduce differential privacy, a central concept studied throughout this thesis. We then systematize and organize the existing literature on variants and extensions of differential privacy: we categorize them in seven dimensions, compare them with each other, and list some of their main properties.
Second, we consider a natural class of weaker variants of differential privacy: definitions that assume that the attacker only has partial knowledge over the original data. We raise some fundamental issues with existing definitions, and we establish strong theoretical foundations to solve these issues and clearly delineate between distinct attack models. We use these foundations to improve existing results on the privacy of common aggregations and draw links between our notions and older syntactic definitions of privacy. Then, we provide strong negative results for cardinality estimators, a class of algorithms that cannot be made private even under very weak assumptions.
Third, we focus on practical applications. We present novel algorithms to detect reidentifiability and joinability risks of large datasets, and we describe the design of a differentially private query engine designed to be usable to non-experts. We propose multiple possible improvements to this query engine, and discuss a number of trade-offs between privacy, utility, usability, and extensibility; we then discuss operational challenges arising when rolling out anonymization at scale, from choosing parameters to providing appropriate education and guidance to engineers working on anonymization pipelines. Show more
Permanent link
https://doi.org/10.3929/ethz-b-000508570Publication status
publishedExternal links
Search print copy at ETH Library
Contributors
Examiner: Basin, David
Examiner: Hofheinz, Dennis
Examiner: Troncoso, Carmela
Examiner: Machanavajjhala, Ashwin
Publisher
ETH ZurichSubject
Differential privacy; Data privacy; PrivacyOrganisational unit
03634 - Basin, David / Basin, David
More
Show all metadata
ETH Bibliography
yes
Altmetrics