Chen Luo,Fei He,Fei Peng,Dong Yan,Dan Zhang,Xin Zhou

DOI: https://doi.org/10.1109/tdsc.2019.2914209

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Business organizations regularly collect customer data to improve their services. Organizations may want to share data within themselves or even with third-parties to maximize data utility. Since business data contain lots of customer data, organizations must respect customers' privacy expounded by privacy laws. In this paper, we present PSpec-SQL, a distributed data analytics system that automatically enforces privacy compliance for SQL queries. Our system provides a high-level language PSpec for the data owner to specify her data usage policy. As usual, the data analyst queries data to perform data analysis, but our system checks each query to ensure only policy-compliant queries are executed. We have implemented a prototype of PSpec-SQL on top of Spark-SQL, and carried out a case study on the TPC benchmarks. The results show the practicability of our system with negligible overhead over query processing.

Xuyang Ding,Xin Tian,Xiaohui Liu,Yanjiao Chen

DOI: https://doi.org/10.1109/jiot.2020.2988694

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:The explosive growth of the Internet of Things (IoT) is posing a high pressure on the spectrum resources. Dynamic spectrum allocation is an effective solution for supporting massive IoT devices with limited spectrum resources, often implemented in the form of spectrum auction. Among diverse auction formats, double auctions feature multiple buyers and multiple sellers, which is applicable to a wide range of IoT scenarios. Nevertheless, the existing double auction mechanisms mostly focus on the design of truthfulness and ignore the importance of privacy preservation. Hence, in this article, we propose PP-SPEC, a truthful and privacy-preserving double auction mechanism that takes spatial reuse, spectrum heterogeneity, and multiminded bidders into account, and provides full privacy in terms of asking prices, bidding values, and locations. To tackle the challenge of privacy-preserving comparison over ciphertext field, we carefully designed a set of generic privacy-preserving ciphertext comparison protocols (PIC), including basic PIC (B-PIC) and extended PIC (E-PIC), by integrating additive homomorphic encryption and garbled circuits. Furthermore, we have theoretically proved the truthfulness and security of PP-SPEC. We have implemented and evaluated PP-SPEC, whose experimental results show high performance and practicability of PP-SPEC for real-life applications.

Fan Wang,Xiaohu Yang,Xiaochun Zhu

DOI: https://doi.org/10.1109/ITCS.2009.126

2009-01-01

Abstract:In this paper a framework for test data generation from business specification is presented. This framework separates data definition from their implementation and enables user to define logic and manage test data in a structural way. Data generation logic can be maintained and reused in different test scenarios. Test data with different format will be generated to integrate with other test automation tools. The internal mechanism is introduced and enhancement point is discussed then.

Chenghong Wang,Lina Qiu,Johes Bater,Yukui Luo

2024-04-29

Abstract:Secure collaborative analytics (SCA) enable the processing of analytical SQL queries across multiple owners' data, even when direct data sharing is not feasible. Although essential for strong privacy, the large overhead from data-oblivious primitives in traditional SCA has hindered its practical adoption. Recent SCA variants that permit controlled leakages under differential privacy (DP) show a better balance between privacy and efficiency. However, they still face significant challenges, such as potentially unbounded privacy loss, suboptimal query planning, and lossy processing. To address these challenges, we introduce SPECIAL, the first SCA system that simultaneously ensures bounded privacy loss, advanced query planning, and lossless processing. SPECIAL employs a novel synopsis-assisted secure processing model, where a one-time privacy cost is spent to acquire private synopses (table statistics) from owner data. These synopses then allow SPECIAL to estimate (compaction) sizes for secure operations (e.g., filter, join) and index encrypted data without extra privacy loss. Crucially, these estimates and indexes can be prepared before runtime, thereby facilitating efficient query planning and accurate cost estimations. Moreover, by using one-sided noise mechanisms and private upper bound techniques, SPECIAL ensures strict lossless processing for complex queries (e.g., multi-join). Through a comprehensive benchmark, we show that SPECIAL significantly outperforms cutting-edge SCAs, with up to 80X faster query times and over 900X smaller memory for complex queries. Moreover, it also achieves up to an 89X reduction in privacy loss under continual processing.

Cryptography and Security,Databases

Taeho Jung,Junze Han,Xiang-Yang Li

DOI: https://doi.org/10.1109/tdsc.2016.2577034

2018-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Third-party analysis on private records is becoming increasingly important due to the widespread data collection for various analysis purposes. However, the data in its original form often contains sensitive information about individuals, and its publication will severely breach their privacy. In this paper, we present a novel Privacy-preserving Data Analytics framework PDA, which allows a third-party aggregator to obliviously conduct many different types of polynomial-based analysis on private data records provided by a dynamic sub-group of users. Notably, every user needs to keep only $O(n)$ keys to join data analysis among $O(2^n)$ different groups of users, and any data analysis that is represented by polynomials is supported by our framework. Besides, a real implementation shows the performance of our framework is comparable to the peer works who present ad-hoc solutions for specific data analysis applications. Despite such nice properties of PDA, it is provably secure against a very powerful attacker (chosen-plaintext attack) even in the Dolev-Yao network model where all communication channels are insecure.

Tianpei Lu,Bingsheng Zhang,Kui Ren

DOI: https://doi.org/10.1109/tdsc.2023.3284565

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Privacy concerns often raise when sensitive data are collected, traded, and processed. The data owner typically loses her ultimate control of the data after data-outsourcing. In this work, we present the PrivData Network – a community-controlled privacy-preserving data factory and trading market. It can be viewed as a standalone data ecosystem that enables privacy-preserving data-driven workflows in a controlled environment for orchestrating and automating data movement and data transformation. In particular, we design a data encapsulation mechanism with privacy assurance, which can guarantee data privacy, usage policy compliance and metadata validity. We also design a privacy policy language and utilize a static analysis library that transfers the program to the defined policy language. To ensure the correctness of data processing, we propose a publicly verifiable secure multiparty computation protocol for mixed circuits, which guarantees the output correctness even if all parties are corrupted. Its online efficiency is comparable to conventional semi-honest secret-sharing-based MPC schemes. Finally, we implemented a prototype of our system in C++ and benchmark it on various tasks, such as biometric matching, logistic regression, and decision trees, etc.

Shufan Zhang,Xi He

2023-09-19

Abstract:Recent years have witnessed the adoption of differential privacy (DP) in practical database systems like PINQ, FLEX, and PrivateSQL. Such systems allow data analysts to query sensitive data while providing a rigorous and provable privacy guarantee. However, the existing design of these systems does not distinguish data analysts of different privilege levels or trust levels. This design can have an unfair apportion of the privacy budget among the data analyst if treating them as a single entity, or waste the privacy budget if considering them as non-colluding parties and answering their queries independently. In this paper, we propose DProvDB, a fine-grained privacy provenance framework for the multi-analyst scenario that tracks the privacy loss to each single data analyst. Under this framework, when given a fixed privacy budget, we build algorithms that maximize the number of queries that could be answered accurately and apportion the privacy budget according to the privilege levels of the data analysts.

Databases

Xinyu He,Yuan Zhang,Shiyu Li,Yaqing Song,Hongwei Li

DOI: https://doi.org/10.1109/pimrc56721.2023.10294035

2023-01-01

Abstract:In this paper, we investigate actual exchange-assisted data trading systems and point out that the increment of data content in a sensitive dataset always results in the increment of its privacy level, i.e., making the dataset more sensitive than before. As a consequence, data trading always follows an incremental privacy-driven paradigm, where (1) buyers with various requirements would purchase subsets of the data with different privacy levels, and (2) when a buyer purchases a subset of the entire dataset with a higher level of privacy, the subsets with all lower levels of privacy are required (in other words, there is a containment relationship between subsets with different levels of privacy). A notable example is attribute-value type datasets. Based on these observations, we propose a new concept of privacy-driven and fine-grained data trading, which enables sellers and buyers to trade in data in an efficient and flexible way. We propose a concrete instantiation, dubbed PDFG, which enables sellers and buyers to conduct fine-grained data trading with minimal costs in terms of computation and communication. We prove that PDFG is indistinguishable against the chosen plaintext attack (CPA) under the real-or-random (RoR) model. We also conduct a comprehensive performance evaluation to demonstrate the practicality and efficiency of PDFG.

Wenjun Lin,Jiahao Qian,Wenwen Liu,Lang Wu

2023-12-19

Abstract:The exponential growth of collected, processed, and shared data has given rise to concerns about individuals' privacy. Consequently, various laws and regulations have been established to oversee how organizations handle and safeguard data. One such method is Statistical Disclosure Control, which aims to minimize the risk of exposing confidential information by de-identifying it. This de-identification is achieved through specific privacy-preserving techniques. However, a trade-off exists: de-identified data can often lead to a loss of information, which might impact the accuracy of data analysis and the predictive capability of models. The overarching goal remains to safeguard individual privacy while preserving the data's interpretability, meaning its overall usefulness. Despite advances in Statistical Disclosure Control, the field continues to evolve, with no definitive solution that strikes an optimal balance between privacy and utility. This survey delves into the intricate processes of de-identification. We outline the current privacy-preserving techniques employed in microdata de-identification, delve into privacy measures tailored for various disclosure scenarios, and assess metrics for information loss and predictive performance. Herein, we tackle the primary challenges posed by privacy constraints, overview predominant strategies to mitigate these challenges, categorize privacy-preserving techniques, offer a theoretical assessment of current comparative research, and highlight numerous unresolved issues in the domain.

Cryptography and Security

Jeremy Seeman,William Sexton,David Pujol,Ashwin Machanavajjhala

2023-10-19

Abstract:We consider the problem of the private release of statistics (like aggregate payrolls) where it is critical to preserve the contribution made by a small number of outlying large entities. We propose a privacy formalism, per-record zero concentrated differential privacy (PzCDP), where the privacy loss associated with each record is a public function of that record's value. Unlike other formalisms which provide different privacy losses to different records, PzCDP's privacy loss depends explicitly on the confidential data. We define our formalism, derive its properties, and propose mechanisms which satisfy PzCDP that are uniquely suited to publishing skewed or heavy-tailed statistics, where a small number of records contribute substantially to query answers. This targeted relaxation helps overcome the difficulties of applying standard DP to these data products.

Databases,Cryptography and Security

Weidong Li,Mengxiao Zhang,Libo Zhang,Jiamou Liu

DOI: https://doi.org/10.48550/arXiv.2307.16317

2023-07-31

Abstract:In the digital age, data is a valuable commodity, and data marketplaces offer lucrative opportunities for data owners to monetize their private data. However, data privacy is a significant concern, and differential privacy has become a popular solution to address this issue. Private data trading systems (PDQS) facilitate the trade of private data by determining which data owners to purchase data from, the amount of privacy purchased, and providing specific aggregation statistics while protecting the privacy of data owners. However, existing PDQS with separated procurement and query processes are prone to over-perturbation of private data and lack trustworthiness. To address this issue, this paper proposes a framework for PDQS with an integrated procurement and query process to avoid excessive perturbation of private data. We also present two instances of this framework, one based on a greedy approach and another based on a neural network. Our experimental results show that both of our mechanisms outperformed the separately conducted procurement and query mechanism under the same budget regarding accuracy.

Multiagent Systems

Zirong Chen,Issa Li,Haoxiang Zhang,Sarah Preum,John A. Stankovic,Meiyi Ma

DOI: https://doi.org/10.48550/arXiv.2302.09665

2023-03-31

Abstract:An increasing number of monitoring systems have been developed in smart cities to ensure that the real-time operations of a city satisfy safety and performance requirements. However, many existing city requirements are written in English with missing, inaccurate, or ambiguous information. There is a high demand for assisting city policymakers in converting human-specified requirements to machine-understandable formal specifications for monitoring systems. To tackle this limitation, we build CitySpec, the first intelligent assistant system for requirement specification in smart cities. To create CitySpec, we first collect over 1,500 real-world city requirements across different domains (e.g., transportation and energy) from over 100 cities and extract city-specific knowledge to generate a dataset of city vocabulary with 3,061 words. We also build a translation model and enhance it through requirement synthesis and develop a novel online learning framework with shielded validation. The evaluation results on real-world city requirements show that CitySpec increases the sentence-level accuracy of requirement specification from 59.02% to 86.64%, and has strong adaptability to a new city and a new domain (e.g., the F1 score for requirements in Seattle increases from 77.6% to 93.75% with online learning). After the enhancement from the shield function, CitySpec is now immune to most known textual adversarial inputs (e.g., the attack success rate of DeepWordBug after the shield function is reduced to 0% from 82.73%). We test the CitySpec with 18 participants from different domains. CitySpec shows its strong usability and adaptability to different domains, and also its robustness to malicious inputs.

Artificial Intelligence

Kai Zhang,Xiwen Wang,Jianting Ning,Junqing Gong,Xinyi Huang

DOI: https://doi.org/10.1109/tifs.2023.3303720

IF: 7.231

2023-09-01

IEEE Transactions on Information Forensics and Security

Abstract:Secure cloud-assisted data publish/subscribe (Pub/Sub) service provides an asynchronous method for publishers and subscribers to non-interactively exchange encrypted messages. Besides performing conjunctive subscription policy, numerous data Pub/Sub systems have recently been proposed to provide dynamic access control enforced from the publisher side to the subscriber side. However, these solutions fail to consider the following properties: (i) bilateral access control for both publishers and subscribers; (ii) the anonymity of the publisher; (iii) high matching time cost between publication and subscription. Therefore, we present P/S-BiAC, a secure and boolean cloud-assisted data Pub/Sub system with attribute-based bilateral access control that achieves authenticity and anonymity of publishers. In particular, P/S-BiAC enables cloud-based brokers to use the subscriber's trapdoor to match published data with sub-linear time complexity. Technically, we introduce a "BiAC-and-Hidden" technique to refine publication tuples and trapdoor in classic searchable symmetric encryption solutions. Moreover, we implement P/S-BiAC and evaluate its practical performance based on Enron dataset in real cloud environment. To deal with a conjunctive subscription policy, P/S-BiAC runs faster for matching time cost (with -term=10) compared to state-of-the-art solutions, which demonstrates its feasibility in practical data Pub/Sub services with strong security properties.

computer science, theory & methods,engineering, electrical & electronic

Shaowei Wang,Liusheng Huang,Yiwen Nie,Pengzhan Wang,Hongli Xu,Wei Yang

DOI: https://doi.org/10.1109/infocom.2018.8486234

2018-01-01

Abstract:Set-valued data is useful for representing a rich family of information in numerous areas, such as market basket data of online shopping, apps on mobile phones and web browsing history. By analyzing set-valued data that are collected from users, service providers could learn the demographics of the users, the patterns of their usages, and finally, improve the quality of services for them. However, privacy has been an increasing concern in collecting and analyzing users' set-valued data, since these data may reveal sensitive information (e.g., identities, preferences and diseases) about individuals. In this work, we propose a privacy preserving aggregation mechanism for set-valued data: PrivSet. It provides rigorous data privacy protection locally (e.g., on mobile phones or wearable devices) and efficiently (its computational overhead is linear to the item domain size) for each user, and meanwhile allowing effective statistical analyses (e.g., distribution estimation of items, distribution estimation of set cardinality) on set-valued data for service providers. More specifically, in PrivSet, within the constraints of local E-differential privacy, each user independently responses with a subset of the set-valued data domain with calibrated probabilities, hence the true positive/false positive rate of each item is balanced and the performance of distribution estimation is optimized. Besides presenting theoretical error bounds of PrivSet and proving its optimality over existing approaches, we experimentally validate the mechanism, the experimental results illustrate that the estimation error in PrivSet has been reduced by half when compared to state-of-the-art approaches.

Jianwei Qian,Fudong Qiu,Fan Wu,Na Ruan,Guihai Chen,Shaojie Tang

DOI: https://doi.org/10.1109/tc.2016.2595562

IF: 3.183

2016-01-01

IEEE Transactions on Computers

Abstract:Tons of online user behavior data are being generated every day on the booming and ubiquitous Internet. Growing efforts have been devoted to mining the abundant behavior data to extract valuable information for research purposes or business interests. However, online users’ privacy is thus under the risk of being exposed to third-parties. The last decade has witnessed a body of research works trying to perform data aggregation in a privacy-preserving way. Most of existing methods guarantee strong privacy protection yet at the cost of very limited aggregation operations, such as allowing only summation, which hardly satisfies the need of behavior analysis. In this paper, we propose a scheme PPSA, which encrypts users’ sensitive data to prevent privacy disclosure from both outside analysts and the aggregation service provider, and fully supports selective aggregate functions for online user behavior analysis while guaranteeing differential privacy. We have implemented our method and evaluated its performance using a trace-driven evaluation based on a real online behavior dataset. Experiment results show that our scheme effectively supports both overall aggregate queries and various selective aggregate queries with acceptable computation and communication overheads.

Di Zhuang,J. Morris Chang

DOI: https://doi.org/10.48550/arXiv.2005.04369

2020-05-09

Abstract:In the big data era, more and more cloud-based data-driven applications are developed that leverage individual data to provide certain valuable services (the utilities). On the other hand, since the same set of individual data could be utilized to infer the individual's certain sensitive information, it creates new channels to snoop the individual's privacy. Hence it is of great importance to develop techniques that enable the data owners to release privatized data, that can still be utilized for certain premised intended purpose. Existing data releasing approaches, however, are either privacy-emphasized (no consideration on utility) or utility-driven (no guarantees on privacy). In this work, we propose a two-step perturbation-based utility-aware privacy-preserving data releasing framework. First, certain predefined privacy and utility problems are learned from the public domain data (background knowledge). Later, our approach leverages the learned knowledge to precisely perturb the data owners' data into privatized data that can be successfully utilized for certain intended purpose (learning to succeed), without jeopardizing certain predefined privacy (training to fail). Extensive experiments have been conducted on Human Activity Recognition, Census Income and Bank Marketing datasets to demonstrate the effectiveness and practicality of our framework.

Cryptography and Security,Artificial Intelligence,Machine Learning

M.A.P. Chamikara,P. Bertok,I. Khalil,D. Liu,S. Camtepe

DOI: https://doi.org/10.1016/j.comcom.2021.04.006

IF: 5.047

2021-05-01

Computer Communications

Abstract:<p>Personally identifiable information (PII) can find its way into cyberspace through various channels, and many potential sources can leak such information. Data sharing (e.g. cross-agency data sharing) for machine learning and analytics is one of the important components in data science. However, due to privacy concerns, data should be enforced with strong privacy guarantees before sharing. Different privacy-preserving approaches were developed for privacy preserving data sharing; however, identifying the best privacy-preservation approach for the privacy-preservation of a certain dataset is still a challenge. Different parameters can influence the efficacy of the process, such as the characteristics of the input dataset, the strength of the privacy-preservation approach, and the expected level of utility of the resulting dataset (on the corresponding data mining application such as classification). This paper presents a framework named <u>P</u>rivacy <u>P</u>reservation <u>a</u>s <u>a</u><u>S</u>ervice (PPaaS) to reduce this complexity. The proposed method employs selective privacy preservation via data perturbation and looks at different dynamics that can influence the quality of the privacy preservation of a dataset. PPaaS includes pools of data perturbation methods, and for each application and the input dataset, PPaaS selects the most suitable data perturbation approach after rigorous evaluation. It enhances the usability of privacy-preserving methods within its pool; it is a generic platform that can be used to sanitize big data in a granular, application-specific manner by employing a suitable combination of diverse privacy-preserving algorithms to provide a proper balance between privacy and utility.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic

Mengxiao Zhang,Fernando Beltran,Jiamou Liu

DOI: https://doi.org/10.48550/arXiv.2005.09248

2020-05-19

Abstract:Private data query combines mechanism design with privacy protection to produce aggregated statistics from privately-owned data records. The problem arises in a data marketplace where data owners have personalised privacy requirements and private data valuations. We focus on the case when the data owners are single-minded, i.e., they are willing to release their data only if the data broker guarantees to meet their announced privacy requirements. For a data broker who wants to purchase data from such data owners, we propose the SingleMindedQuery (SMQ) mechanism, which uses a reverse auction to select data owners and determine compensations. SMQ satisfies interim incentive compatibility, individual rationality, and budget feasibility. Moreover, it uses purchased privacy expectation maximisation as a principle to produce accurate outputs for commonly-used queries such as counting, median and linear predictor. The effectiveness of our method is empirically validated by a series of experiments.

Computer Science and Game Theory

Du Nguyen Duy,Ramin Nikzad-Langerodi

2024-01-26

Abstract:Modern manufacturing value chains require intelligent orchestration of processes across company borders in order to maximize profits while fostering social and environmental sustainability. However, the implementation of integrated, systems-level approaches for data-informed decision-making along value chains is currently hampered by privacy concerns associated with cross-organizational data exchange and integration. We here propose Privacy-Preserving Partial Least Squares (P3LS) regression, a novel federated learning technique that enables cross-organizational data integration and process modeling with privacy guarantees. P3LS involves a singular value decomposition (SVD) based PLS algorithm and employs removable, random masks generated by a trusted authority in order to protect the privacy of the data contributed by each data holder. We demonstrate the capability of P3LS to vertically integrate process data along a hypothetical value chain consisting of three parties and to improve the prediction performance on several process-related key performance indicators. Furthermore, we show the numerical equivalence of P3LS and PLS model components on simulated data and provide a thorough privacy analysis of the former. Moreover, we propose a mechanism for determining the relevance of the contributed data to the problem being addressed, thus creating a basis for quantifying the contribution of participants.

Machine Learning,Cryptography and Security

Zuxing Gu,Min Zhou,Jiecheng Wu,Yu Jiang,Jiaxiang Liu,Ming Gu

DOI: https://doi.org/10.1109/tase.2019.00006

2019-01-01

Abstract:Application Programming Interfaces (APIs) usually have usage constraints, such as call conditions or call orders. Incorrect usage of these constraints, called API misuse, will result in system crashes, bugs, and even security problems. It is crucial to detect such misuses early in the development process. Though many approaches have been proposed over the last years, recent studies show that API misuses are still prevalent, especially the ones specific to individual projects. In this paper, we strive to improve current API-misuse detection capability for large-scale C programs. First, We propose IMSpec, a lightweight domain-specific language enabling developers to specify API usage constraints in three different aspects (i.e., parameter validation, error handling, and causal calling), which are the majority of API-misuse bugs. Then, we have tailored a constraint guided static analysis engine to automatically parse IMSpec rules and detect API-misuse bugs with rich semantics. We evaluate our approach on widely used benchmarks and real-world projects. The results show that our easily extensible approach performs better than state-of-the-art tools. We also discover 19 previously unknown bugs in real-world open-source projects, all of which have been confirmed by the corresponding developers.