Relationships and data sanitization: A study in scarlet

Matt Bishop, Justin Cummins, Sean Peisert, Anhad Singh, Bhume Bhumiratana, Deborah Agarwal, Deborah Frincke, Michael Hogarth

Research output: Chapter in Book/Report/Conference proceedingConference contribution

19 Citations (Scopus)

Abstract

Research in data sanitization (including anonymization) emphasizes ways to prevent an adversary from desanitizing data. Most work focuses on using mathematical mappings to sanitize data. A few papers examine incorporation of privacy requirements, either in the guise of templates or prioritization. Essentially these approaches reduce the information that can be gleaned from a data set. In contrast, this paper considers both the need to ''desanitize'' and the need to support privacy. We consider conflicts between privacy requirements and the needs of analysts examining the redacted data. Our goal is to enable an informed decision about the effects of redacting, and failing to redact data. We begin with relationships among the data being examined, including relationships with a known data set and other, additional, external data. By capturing these relationships, desanitization techniques that exploit them can be identified, and the information that must be concealed in order to thwart them can be determined. Knowing that, a realistic assessment of whether the information and relationships are already widely known or available will enable the sanitizers to assess whether irreversible sanitization is possible, and if so, what to conceal to prevent desanitization.

Original languageEnglish (US)
Title of host publicationProceedings New Security Paradigms Workshop
Pages151-163
Number of pages13
DOIs
StatePublished - 2010
EventNew Security Paradigms Workshop, NSPW 2010 - Concord, MA, United States
Duration: Sep 21 2010Sep 23 2010

Other

OtherNew Security Paradigms Workshop, NSPW 2010
CountryUnited States
CityConcord, MA
Period9/21/109/23/10

Keywords

  • data anonymization
  • ontology
  • privacy
  • sanitization

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Hardware and Architecture
  • Software
  • Information Systems

Cite this

Bishop, M., Cummins, J., Peisert, S., Singh, A., Bhumiratana, B., Agarwal, D., ... Hogarth, M. (2010). Relationships and data sanitization: A study in scarlet. In Proceedings New Security Paradigms Workshop (pp. 151-163) https://doi.org/10.1145/1900546.1900567

Relationships and data sanitization : A study in scarlet. / Bishop, Matt; Cummins, Justin; Peisert, Sean; Singh, Anhad; Bhumiratana, Bhume; Agarwal, Deborah; Frincke, Deborah; Hogarth, Michael.

Proceedings New Security Paradigms Workshop. 2010. p. 151-163.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Bishop, M, Cummins, J, Peisert, S, Singh, A, Bhumiratana, B, Agarwal, D, Frincke, D & Hogarth, M 2010, Relationships and data sanitization: A study in scarlet. in Proceedings New Security Paradigms Workshop. pp. 151-163, New Security Paradigms Workshop, NSPW 2010, Concord, MA, United States, 9/21/10. https://doi.org/10.1145/1900546.1900567
Bishop M, Cummins J, Peisert S, Singh A, Bhumiratana B, Agarwal D et al. Relationships and data sanitization: A study in scarlet. In Proceedings New Security Paradigms Workshop. 2010. p. 151-163 https://doi.org/10.1145/1900546.1900567
Bishop, Matt ; Cummins, Justin ; Peisert, Sean ; Singh, Anhad ; Bhumiratana, Bhume ; Agarwal, Deborah ; Frincke, Deborah ; Hogarth, Michael. / Relationships and data sanitization : A study in scarlet. Proceedings New Security Paradigms Workshop. 2010. pp. 151-163
@inproceedings{a0b4578851e54177b4ed97f9ab3ea389,
title = "Relationships and data sanitization: A study in scarlet",
abstract = "Research in data sanitization (including anonymization) emphasizes ways to prevent an adversary from desanitizing data. Most work focuses on using mathematical mappings to sanitize data. A few papers examine incorporation of privacy requirements, either in the guise of templates or prioritization. Essentially these approaches reduce the information that can be gleaned from a data set. In contrast, this paper considers both the need to ''desanitize'' and the need to support privacy. We consider conflicts between privacy requirements and the needs of analysts examining the redacted data. Our goal is to enable an informed decision about the effects of redacting, and failing to redact data. We begin with relationships among the data being examined, including relationships with a known data set and other, additional, external data. By capturing these relationships, desanitization techniques that exploit them can be identified, and the information that must be concealed in order to thwart them can be determined. Knowing that, a realistic assessment of whether the information and relationships are already widely known or available will enable the sanitizers to assess whether irreversible sanitization is possible, and if so, what to conceal to prevent desanitization.",
keywords = "data anonymization, ontology, privacy, sanitization",
author = "Matt Bishop and Justin Cummins and Sean Peisert and Anhad Singh and Bhume Bhumiratana and Deborah Agarwal and Deborah Frincke and Michael Hogarth",
year = "2010",
doi = "10.1145/1900546.1900567",
language = "English (US)",
isbn = "9781450304153",
pages = "151--163",
booktitle = "Proceedings New Security Paradigms Workshop",

}

TY - GEN

T1 - Relationships and data sanitization

T2 - A study in scarlet

AU - Bishop, Matt

AU - Cummins, Justin

AU - Peisert, Sean

AU - Singh, Anhad

AU - Bhumiratana, Bhume

AU - Agarwal, Deborah

AU - Frincke, Deborah

AU - Hogarth, Michael

PY - 2010

Y1 - 2010

N2 - Research in data sanitization (including anonymization) emphasizes ways to prevent an adversary from desanitizing data. Most work focuses on using mathematical mappings to sanitize data. A few papers examine incorporation of privacy requirements, either in the guise of templates or prioritization. Essentially these approaches reduce the information that can be gleaned from a data set. In contrast, this paper considers both the need to ''desanitize'' and the need to support privacy. We consider conflicts between privacy requirements and the needs of analysts examining the redacted data. Our goal is to enable an informed decision about the effects of redacting, and failing to redact data. We begin with relationships among the data being examined, including relationships with a known data set and other, additional, external data. By capturing these relationships, desanitization techniques that exploit them can be identified, and the information that must be concealed in order to thwart them can be determined. Knowing that, a realistic assessment of whether the information and relationships are already widely known or available will enable the sanitizers to assess whether irreversible sanitization is possible, and if so, what to conceal to prevent desanitization.

AB - Research in data sanitization (including anonymization) emphasizes ways to prevent an adversary from desanitizing data. Most work focuses on using mathematical mappings to sanitize data. A few papers examine incorporation of privacy requirements, either in the guise of templates or prioritization. Essentially these approaches reduce the information that can be gleaned from a data set. In contrast, this paper considers both the need to ''desanitize'' and the need to support privacy. We consider conflicts between privacy requirements and the needs of analysts examining the redacted data. Our goal is to enable an informed decision about the effects of redacting, and failing to redact data. We begin with relationships among the data being examined, including relationships with a known data set and other, additional, external data. By capturing these relationships, desanitization techniques that exploit them can be identified, and the information that must be concealed in order to thwart them can be determined. Knowing that, a realistic assessment of whether the information and relationships are already widely known or available will enable the sanitizers to assess whether irreversible sanitization is possible, and if so, what to conceal to prevent desanitization.

KW - data anonymization

KW - ontology

KW - privacy

KW - sanitization

UR - http://www.scopus.com/inward/record.url?scp=78751497789&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=78751497789&partnerID=8YFLogxK

U2 - 10.1145/1900546.1900567

DO - 10.1145/1900546.1900567

M3 - Conference contribution

AN - SCOPUS:78751497789

SN - 9781450304153

SP - 151

EP - 163

BT - Proceedings New Security Paradigms Workshop

ER -