• Documents
  • Authors
  • Tables
  • Log in
  • Sign up
  • MetaCart
  • DMCA
  • Donate

CiteSeerX logo

Advanced Search Include Citations
Advanced Search Include Citations | Disambiguate

Cryptography and Data Security (1982)

by Dorothy Denning
Add To MetaCart

Tools

Sorted by:
Results 1 - 10 of 615
Next 10 →

k-anonymity: a model for protecting privacy.

by Latanya Sweeney - International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, , 2002
"... Consider a data holder, such as a hospital or a bank, that has a privately held collection of person-specific, field structured data. Suppose the data holder wants to share a version of the data with researchers. How can a data holder release a version of its private data with scientific guarantees ..."
Abstract - Cited by 1313 (15 self) - Add to MetaCart
Consider a data holder, such as a hospital or a bank, that has a privately held collection of person-specific, field structured data. Suppose the data holder wants to share a version of the data with researchers. How can a data holder release a version of its private data with scientific guarantees that the individuals who are the subjects of the data cannot be re-identified while the data remain practically useful? The solution provided in this paper includes a formal protection model named k-anonymity and a set of accompanying policies for deployment. A release provides k-anonymity protection if the information for each person contained in the release cannot be distinguished from at least k-1 individuals whose information also appears in the release. This paper also examines re-identification attacks that can be realized on releases that adhere to kanonymity unless accompanying policies are respected. The k-anonymity protection model is important because it forms the basis on which the real-world systems known as Datafly, µ-Argus and k-Similar provide guarantees of privacy protection.
(Show Context)

Citation Context

...t is the subject of this paper is not so much whether the recipient can get access or not to the information as much as what values will constitute the information the recipient will receive. A general doctrine of the work presented herein is to release all the information but to do so such that the identities of the people who are the subjects of the data (or other sensitive properties found in the data) are protected. Therefore, the goal of the work presented in this paper lies outside of traditional work on access control and authentication. 2.4. Multiple queries can leak inference Denning [17] and others [18, 19] were among the first to explore inferences realized from multiple queries to a database. For example, consider a table containing only (physician, patient, medication). A query listing the patients seen by each physician, i.e., a relation R(physician, patient), may not be sensitive. Likewise, a query itemizing medications prescribed by each physician may also not be sensitive. But the query associating patients with their prescribed medications may be sensitive because medications typically correlate with diseases. One common solution, called query restriction, prohibits q...

Applied Cryptography -- Protocols, Algorithms, and Source Code in C

by Bruce Schneier
"... ..."
Abstract - Cited by 1002 (1 self) - Add to MetaCart
Abstract not found

A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks

by Shafi Goldwasser, Silvio Micali, Ronald L. Rivest , 1995
"... We present a digital signature scheme based on the computational diculty of integer factorization. The scheme possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice (where each message may be chosen in a ..."
Abstract - Cited by 959 (40 self) - Add to MetaCart
We present a digital signature scheme based on the computational diculty of integer factorization. The scheme possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice (where each message may be chosen in a way that depends on the signatures of previously chosen messages) can not later forge the signature of even a single additional message. This may be somewhat surprising, since the properties of having forgery being equivalent to factoring and being invulnerable to an adaptive chosen-message attack were considered in the folklore to be contradictory. More generally, we show how to construct a signature scheme with such properties based on the existence of a "claw-free" pair of permutations - a potentially weaker assumption than the intractibility of integer factorization. The new scheme is potentially practical: signing and verifying signatures are reasonably fast, and signatures are compact.

Privacy-Preserving Data Mining

by Rakesh Agrawal , Ramakrishnan Srikant , 2000
"... A fruitful direction for future data mining research will be the development of techniques that incorporate privacy concerns. Specifically, we address the following question. Since the primary task in data mining is the development of models about aggregated data, can we develop accurate models with ..."
Abstract - Cited by 844 (3 self) - Add to MetaCart
A fruitful direction for future data mining research will be the development of techniques that incorporate privacy concerns. Specifically, we address the following question. Since the primary task in data mining is the development of models about aggregated data, can we develop accurate models without access to precise information in individual data records? We consider the concrete case of building a decision-tree classifier from tredning data in which the values of individual records have been perturbed. The resulting data records look very different from the original records and the distribution of data values is also very different from the original distribution. While it is not possible to accurately estimate original values in individual data records, we propose a-novel reconstruction procedure to accurately estimate the distribution of original data values. By using these reconstructed distributions, we are able to build classifiers whose accuracy is comparable to the accuracy of classifiers built with the original data.
(Show Context)

Citation Context

...on of data cells of small size (e.g. [Cox80]), and clustering entities into mutually exclusive atomic populations (e.g. [YC77]). The perturbation family includes swapping values between records (e.g. =-=[Den82]-=-), replacing the original database by a sample from the same distribution (e.g. [LST83] [LCL85] [Rei84]), adding noise to the values in the database (e.g. [TYW84] [War65]), adding noise to the results...

Language-Based Information-Flow Security

by Andrei Sabelfeld , Andrew C. Myers - IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS , 2003
"... Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important security policies such as confidentiality. An end-to-end confidentiality policy might assert that secret input data cannot be inferred by an attacker throug ..."
Abstract - Cited by 827 (57 self) - Add to MetaCart
Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important security policies such as confidentiality. An end-to-end confidentiality policy might assert that secret input data cannot be inferred by an attacker through the attacker's observations of system output; this policy regulates information flow.

Jflow: Practical mostly-static information flow control.

by Andrew C Myers - In Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, , 1999
"... Abstract A promising technique for protecting privacy and integrity of sensitive data is to statically check information flow within programs that manipulate the data. While previous work has proposed programming language extensions to allow this static checking, the resulting languages are too res ..."
Abstract - Cited by 584 (33 self) - Add to MetaCart
Abstract A promising technique for protecting privacy and integrity of sensitive data is to statically check information flow within programs that manipulate the data. While previous work has proposed programming language extensions to allow this static checking, the resulting languages are too restrictive for practical use and have not been implemented. In this paper, we describe the new language JFlow, an extension to the Java language that adds statically-checked information flow annotations. JFlow provides several new features that make information flow checking more flexible and convenient than in previous models: a decentralized label model, label polymorphism, run-time label checking, and automatic label inference. JFlow also supports many language features that have never been integrated successfully with static information flow control, including objects, subclassing, dynamic type tests, access control, and exceptions. This paper defines the JFlow language and presents formal rules that are used to check JFlow programs for correctness. Because most checking is static, there is little code space, data space, or run-time overhead in the JFlow implementation.
(Show Context)

Citation Context

...n flow control systems provide the ability to declassify data because strict information flow control is too restrictive to write real applications. More complex mechanisms such as inference controls =-=[Den82]-=- often are used to decide when declassification is appropriate. In previous systems, declassification is performed by a trusted subject: code having the authority of a highly trusted principal. One ke...

Private Information Retrieval

by Benny Chor, et al.
"... We describe schemes that enable a user to access k replicated copies of a database ( k * 2) and privately retrieve informationstored in the database. This means that each individual database gets no information on the identity of the item retrieved by the user. For a single database, achieving thi ..."
Abstract - Cited by 558 (14 self) - Add to MetaCart
We describe schemes that enable a user to access k replicated copies of a database ( k * 2) and privately retrieve informationstored in the database. This means that each individual database gets no information on the identity of the item retrieved by the user. For a single database, achieving this type of privacy requires communicating the whole database, or n bits (where n is the number of bits in the database). Our schemes use the replication to gain substantial saving. In particular, we have ffl A two database scheme with communication complexity of O(n1=3).ffl
(Show Context)

Citation Context

...nst a “curious” user. For example, there are methods that enable a user to ask queries to a statistical database in a way that prevents him from reconstructing the value of particular entities (e.g., =-=[2, 9, 13, 14, 26]-=- and [27, Section 10.5]). It may seem surprising at first glance that there are no methods to protect the privacy of the user. For example, an investor that queries the stock-market database for the v...

A SOUND TYPE SYSTEM FOR SECURE FLOW ANALYSIS

by Dennis Volpano, Geoffrey Smith, Cynthia Irvine , 1996
"... Ensuring secure information ow within programs in the context of multiple sensitivity levels has been widely studied. Especially noteworthy is Denning's work in secure ow analysis and the lattice model [6][7]. Until now, however, the soundness of Denning's analysis has not been established ..."
Abstract - Cited by 540 (21 self) - Add to MetaCart
Ensuring secure information ow within programs in the context of multiple sensitivity levels has been widely studied. Especially noteworthy is Denning's work in secure ow analysis and the lattice model [6][7]. Until now, however, the soundness of Denning's analysis has not been established satisfactorily. Weformulate Denning's approach as a type system and present a notion of soundness for the system that can be viewed as a form of noninterference. Soundness is established by proving, with respect to a standard programming language semantics, that all well-typed programs have this noninterference property.

Protecting respondents’ identities in microdata release

by Pierangela Samarati - In IEEE Transactions on Knowledge and Data Engineering (TKDE , 2001
"... Today’s globally networked society places great demand on the dissemination and sharing of information. While in the past released information was mostly in tabular and statistical form, many situations call today for the release of specific data (microdata). In order to protect the anonymity of the ..."
Abstract - Cited by 512 (32 self) - Add to MetaCart
Today’s globally networked society places great demand on the dissemination and sharing of information. While in the past released information was mostly in tabular and statistical form, many situations call today for the release of specific data (microdata). In order to protect the anonymity of the entities (called respondents) to which information refers, data holders often remove or encrypt explicit identifiers such as names, addresses, and phone numbers. De-identifying data, however, provides no guarantee of anonymity. Released information often contains other data, such as race, birth date, sex, and ZIP code, that can be linked to publicly available information to re-identify respondents and inferring information that was not intended for disclosure. In this paper we address the problem of releasing microdata while safeguarding the anonymity of the respondents to which the data refer. The approach is based on the definition of k-anonymity. A table provides k-anonymity if attempts to link explicitly identifying information to its content map the information to at least k entities. We illustrate how k-anonymity can be provided without compromising the integrity (or truthfulness) of the information released by using generalization and suppression techniques. We introduce the concept of minimal generalization that captures the property of the release process not to distort the data more than needed to achieve k-anonymity, and present an algorithm for the computation of such a generalization. We also discuss possible preference policies to choose among different minimal generalizations. Index terms:
(Show Context)

Citation Context

...of protecting against the ability of data recipients to determine sensitive information from other information released to them has been considerably studied in the framework of statistical databases =-=[1, 6]-=-. However, most attention has been devoted to the protection of inference in aggregate statistics and tabular data in contrast to microdata. As a consequence, while a good set of methodologies exist f...

Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks

by Steven M. Bellovin, Michael Merritt - IEEE SYMPOSIUM ON RESEARCH IN SECURITY AND PRIVACY , 1992
"... Classical cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. We introduce a novel combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenti ..."
Abstract - Cited by 436 (5 self) - Add to MetaCart
Classical cryptographic protocols based on user-chosen keys allow an attacker to mount password-guessing attacks. We introduce a novel combination of asymmetric (public-key) and symmetric (secret-key) cryptography that allow two parties sharing a common password to exchange confidential and authenticated information over an insecure network. These protocols are secure against active attacks, and have the property that the password is protected against off-line "dictionary" attacks. There are a number of other useful applications as well, including secure public telephones.
(Show Context)

Citation Context

...nown n be distinguished from a valid public key e? Assume that p and q are chosen to be of the form 2p 0 + 1 and 2q 0 + 1, where p 0 and q 0 are primes, a choice that is recommended for other reasons =-=[9]-=-. Then an overwhelming majority of the odd integers (mod n) will be relatively prime to (p \Gamma 1)(q \Gamma 1) = 4p 0 q 0 , and hence will be valid candidate public keys e. Consequently, a dictionar...

Powered by: Apache Solr
  • About CiteSeerX
  • Submit and Index Documents
  • Privacy Policy
  • Help
  • Data
  • Source
  • Contact Us

Developed at and hosted by The College of Information Sciences and Technology

© 2007-2019 The Pennsylvania State University