A logical model for privacy protection

Abstract

In this paper, we present a logical model for privacy protection problem in the database linking context. Assume in the data center, there are a large amount of data records. Each record has some public attributes the values of which are known to the public and some confidential attributes the values of which are to be protected. When a data table is released, the data manager must assure that the receiver would not know the confidential data of any particular individuals by linking the releasing data and the prior information he had before receiving the data. To solve the problem, we propose a simple epistemic logic to model the user’s knowledge. In the model, the concept of safety is rigorously defined and an effective approach is given to test the safety of the released data. It is shown that some generalization operations can be applied to the original data to make them less precise and the release of the generalized data may prevent the violation of privacy. Two kinds of generalization operations are considered. The level-based one is more restrictive, however, a bottom-up search method can be used to find the most informative data satisfying the safety requirement. On the other hand, the set-based one is more flexible, however, the computational complexity of searching through the whole spaces of this kinds of operations is much higher than the previous one though graph theory is used to simplify the discussion. As a result, heuristic methods may be needed to improve the efficiency.