TR - 2011 - 004 m - privacy for collaborative data publishing

In this paper, we consider the collaborative data publishingproblem for anonymizing horizontally partitioned data atmultiple data providers. We consider a new type of “in-sider attack” by colluding data providers who may use theirown data records (a subset of the overall data) in addition tothe external background knowledge to infer the data recordscontributed by other data providers. The paper addressesthis new threat and makes several contributions. First, weintroduce the notion ofm-privacy, which guarantees that theanonymized data satisfies a given privacy constraint againstany group of up to m colluding data providers. Second, wepresent heuristic algorithms exploiting the EG monotonicityof privacy constraints, and adaptive ordering techniques forefficiently checking m-privacy given a group of records. Forremaining privacy constraints we present a verification algo-rithm with the minimal number of privacy checks. Third,we present a data provider-aware anonymization algorithmwith adaptive m-privacy checking strategies to ensure highutility, and m-privacy of anonymized data with efficiency.Finally, we implement all algorithms (verification and ano-nymization) for settings with a trusted third party and in-troduce secure computation protocols for scenarios withoutsuch party. All protocols are extensively analyzed, their se-curity and efficiency is formally proved. Experiments onreal-life datasets suggest that our approach achieves betteror comparable utility and efficiency than existing and baseline algorithms while satisfying m-privacy.