Valentina Ciriani

Combining fragmentation and encryption to protect privacy in data storage

The impact of privacy requirements in the development of modern applications is increasing very quickly. Many commercial and legal regulations are driving the need to develop reliable solutions for protecting sensitive information whenever it is stored, processed, or communicated to external parties. To this purpose, encryption techniques are currently used in many scenarios where data protection is required since they provide a layer of protection against the disclosure of personal information, which safeguards companies from the costs that may arise from exposing their data to privacy breaches. However, dealing with encrypted data may make query processing more expensive. In this article, we address these issues by proposing a solution to enforce the privacy of data collections that combines data fragmentation with encryption. We model privacy requirements as confidentiality constraints expressing the sensitivity of attributes and their associations. We then use encryption as an underlying (conveniently available) measure for making data unintelligible while exploiting fragmentation as a way to break sensitive associations among attributes. We formalize the problem of minimizing the impact of fragmentation in terms of number of fragments and their affinity and present two heuristic algorithms for solving such problems. We also discuss experimental results, comparing the solutions returned by our heuristics with respect to optimal solutions, which show that the heuristics, while guaranteeing a polynomial-time computation cost are able to retrieve solutions close to optimum.

Keep a few: outsourcing data while maintaining confidentiality

We put forward a novel paradigm for preserving privacy in data outsourcing which departs from encryption. The basic idea behind our proposal is to involve the owner in storing a limited portion of the data, and maintaining all data (either at the owner or at external servers) in the clear. We assume a relational context, where the data to be outsourced is contained in a relational table. We then analyze how the relational table can be fragmented, minimizing the load for the data owner. We propose several metrics and present a general framework capturing all of them, with a corresponding algorithm finding a heuristic solution to a family of NP-hard problems.

Fragmentation and encryption to enforce privacy in data storage

Privacy requirements have an increasing impact on the realization of modern applications. Technical considerations and many significant commercial and legal regulations demand today that privacy guarantees be provided whenever sensitive information is stored, processed, or communicated to external parties. It is therefore crucial to design solutions able to respond to this demand with a clear integration strategy for existing applications and a consideration of the performance impact of the protection measures. In this paper we address this problem and propose a solution to enforce privacy over data collections by combining data fragmentation with encryption. The idea behind our approach is to use encryption as an underlying (conveniently available) measure for making data unintelligible, while exploiting fragmentation as a way to break sensitive associations between information.

Fragmentation Design for Efficient Query Execution over Sensitive Distributed Databases

The balance between privacy and utility is a classical problem with an increasing impact on the design of modern information systems. On the one side it is crucial to ensure that sensitive information is properly protected; on the other side, the impact of protection on the workload must be limited as query efficiency and system performance remain a primary requirement. We address this privacy/efficiency balance proposing an approach that, starting from a flexible definition of confidentiality constraints on a relational schema, applies encryption on information in a parsimonious way and mostly relies on fragmentation to protect sensitive associations among attributes. Fragmentation is guided by workload considerations so to minimize the cost of executing queries over fragments. We discuss the minimization problem when fragmenting data and provide a heuristic approach to its solution.

k -Anonymous Data Mining: A Survey

Data mining technology has attracted significant interest as a means of identifying patterns and trends from large collections of data. It is however evident that the collection and analysis of data that include personal information may violate the privacy of the individuals to whom information refers. Privacy protection in data mining is then becoming a crucial issue that has captured the attention of many researchers. In this chapter, we first describe the concept of k-anonymity and illustrate different approaches for its enforcement. We then discuss how the privacy requirements characterized by k-anonymity can be violated in data mining and introduce possible approaches to ensure the satisfaction of k-anonymity in data mining.

Synthesis of SPP three-level logic networks using affine spaces

Recently defined, three-level logic sum of pseudo-products (SPP) forms are EXOR-AND-OR networks representing Boolean functions, and are much shorter than standard two-level sum of products (SOP) expressions (Luccio and Pagli, 1999). The main disadvantages of SPP networks are their cumbersome theory in the original formulation and their high minimization time. In addition, the current technology cannot efficiently implement the unbounded fanin EXOR gates of SPP expressions. In this paper, we rephrase SPP theory in an algebraic context to obtain an easier description of the networks. We define a new model of SPP networks (k-SPP) with bounded fanin EXOR gates, whose minimization time is strongly reduced and whose minimal forms are still very compact. In the Boolean space {0,1}/sup n/, a k-SPP form contains EXOR gates with at most k literals, where 1 /spl les/ k /spl les/ n. The limit case k = n corresponds to SPP networks and k = 1 to SOPs. Finally, we perform an extensive set of experiments on classical benchmarks. In order to validate our approach, the results are compared with those obtained for the major two- and three-level forms using standard metrics.

Selective data outsourcing for enforcing privacy

Existing approaches for protecting sensitive information outsourced at external “honest-but-curious” servers are typically based on an overlying layer of encryption applied to the whole database, or on the combined use of fragmentation and encryption. In this paper, we put forward a novel paradigm for preserving privacy in data outsourcing, which departs from encryption. The basic idea is to involve the owner in storing a limited portion of the data, while storing the remaining information in the clear at the external server. We analyze the problem of computing a fragmentation that minimizes the owners workload, which is represented using different metrics and corresponding weight functions, and prove that this minimization problem is NP-hard. We then introduce the definition of locally minimal fragmentation that is used to efficiently compute a fragmentation via a heuristic algorithm. The algorithm translates the problem of finding a locally minimal fragmentation in terms of a hypergraph 2-coloring problem. Finally, we illustrate the execution of queries on fragments and provide experimental results comparing the fragmentations returned by our heuristics with respect to optimal fragmentations. The experiments show that the heuristics guarantees a low computation cost and is able to compute a fragmentation close to optimum.

Logic Minimization and Testability of 2-SPP Networks

The 2-SPP networks are three-level EXOR-AND-OR forms, with EXOR gates being restricted to fan-in 2. This paper presents a heuristic algorithm for the synthesis of these networks in a form that is fully testable in the stuck-at fault model (SAFM). The algorithm extends the EXPAND-IRREDUNDANT-REDUCE paradigm of ESPRESSO in heuristic mode, and it iterates local minimization and reshape of a solution until no further improvement can be achieved. This heuristic could escape from local minima using a LAST_GASP-like procedure. Moreover, the testability of 2-SPP networks under the SAFM is studied, and the notion of EXOR-irredundancy is introduced to prove that the computed 2-SPP networks are fully testable under the SAFM. Finally, this paper reports a large set of experiments showing high-quality results with affordable run times, handling also examples whose exact solutions could not be computed.

An OBDD approach to enforce confidentiality and visibility constraints in data publishing

With the growing needs for data sharing and dissemination, privacy-preserving data publishing is becoming an important issue that still requires further investigation. In this paper, we make a step towards private data publication by proposing a solution based on the release of vertical views fragments over a relational table that satisfy confidentiality and visibility constraints expressing requirements for information protection and release, respectively. We translate the problem of computing a fragmentation composed of the minimum number of fragments into the problem of computing a maximum weighted clique over a fragmentation graph. The fragmentation graph models fragments, efficiently computed using Ordered Binary Decision Diagrams OBDDs, that satisfy all the confidentiality constraints and a subset of the visibility constraints defined in the system. We then show an exact and a heuristic algorithm for computing a minimal and a locally minimal fragmentation, respectively. Finally, we provide experimental results comparing the execution time and the fragmentations returned by the exact and heuristic algorithms. The experiments show that the heuristic algorithm has low computation cost and computes a fragmentation close to optimum.

On Projecting Sums of Products

This paper introduces a new bounded multi-level algebraic form, called projected sum of products (P-SOP), based on projections of minimal SOP forms onto subsets of the Boolean space. After a standard two-level logic minimization, this technique can be used as a very fast postprocessing step for further minimizing the circuit area, increasing the depth of the network by only a constant value. The proposed synthesis algorithms have been implemented and tested with interesting results, which show how about 75% of standard Espresso benchmarks benefit from this postprocessing phase.