TY - GEN
T1 - ℓ-Diversity
T2 - 22nd International Conference on Data Engineering, ICDE '06
AU - Machanavajjhala, Ashwin
AU - Gehrke, Johannes
AU - Kifer, Daniel
AU - Venkitasubramaniam, Muthuramakrishnan
PY - 2006
Y1 - 2006
N2 - Publishing data about individuals without revealing sensitive information about them is an important problem. In recent y ears, a new definition of privacy called k-anonymity has gained popularity. In a k-anonymized dataset, each record is indistinguishable from at least k - 1 other records with respect to certain "identifying" attributes. In this paper we show with two simple attacks that a k-anonymized dataset has some subtle, but severe privacy problems. First, we show that an attacker can discover the values of sensitive attributes when there is little diversity in those sensitive attributes. Second, attackers often have background knowledge, and we show that k-anonymity does not guarantee privacy against attackers using background knowledge. We give a detailed analysis of these two attacks and we propose a novel and powerful privacy definition called ℓ-diversity. In addition to building a formal foundation/or ℓ-diversity, we show in an experimental evaluation that ℓ-diversity is practical and can be implemented efficiently.
AB - Publishing data about individuals without revealing sensitive information about them is an important problem. In recent y ears, a new definition of privacy called k-anonymity has gained popularity. In a k-anonymized dataset, each record is indistinguishable from at least k - 1 other records with respect to certain "identifying" attributes. In this paper we show with two simple attacks that a k-anonymized dataset has some subtle, but severe privacy problems. First, we show that an attacker can discover the values of sensitive attributes when there is little diversity in those sensitive attributes. Second, attackers often have background knowledge, and we show that k-anonymity does not guarantee privacy against attackers using background knowledge. We give a detailed analysis of these two attacks and we propose a novel and powerful privacy definition called ℓ-diversity. In addition to building a formal foundation/or ℓ-diversity, we show in an experimental evaluation that ℓ-diversity is practical and can be implemented efficiently.
UR - http://www.scopus.com/inward/record.url?scp=33749607006&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33749607006&partnerID=8YFLogxK
U2 - 10.1109/ICDE.2006.1
DO - 10.1109/ICDE.2006.1
M3 - Conference contribution
AN - SCOPUS:33749607006
SN - 0769525709
SN - 9780769525709
T3 - Proceedings - International Conference on Data Engineering
SP - 24
BT - Proceedings of the 22nd International Conference on Data Engineering, ICDE '06
Y2 - 3 April 2006 through 7 April 2006
ER -