14-02-2012, 11:00 AM
Privacy-Preserving Updates to Anonymous and Confidential Databases -
JAVA
ABSTRACT
Suppose Alice owns a k-anonymous database and needs to determine whether her database, when inserted with a
tuple owned by Bob, is still k-anonymous. Also, suppose that access to the database is strictly controlled, because
for example data are used for certain experiments that need to be maintained confidential. Clearly, allowing Alice
to directly read the contents of the tuple breaks the privacy of Bob (e.g., a patient’s medical record); on the other
hand, the confidentiality of the database managed by Alice is violated once Bob has access to the contents of the
database. Thus, the problem is to check whether the database inserted with the tuple is still k-anonymous, without
letting Alice and Bob know the contents of the tuple and the database respectively. In this paper, we propose two
protocols solving this problem on suppression-based and generalization-based k-anonymous and confidential
databases. The protocols rely on well-known cryptographic assumptions, and we provide theoretical analyses to
proof their soundness and experimental results to illustrate their efficiency.