L -diversity
- 1 March 2007
- journal article
- Published by Association for Computing Machinery (ACM) in ACM Transactions on Knowledge Discovery From Data
- Vol. 1 (1), 3
- https://doi.org/10.1145/1217299.1217302
Abstract
Publishing data about individuals without revealing sen- sitive information about them is an important problem. In recent years, a new definition of privacy calledk-anonymity has gained popularity. In a k-anonymized dataset, each record is indistinguishable from at leastk −1 other records with respect to certain "identifying" attributes. In this paper we show with two simple attacks that a k-anonymized dataset has some subtle, but severe privacy problems. First, we show that an attacker can discover the values of sensitive attributes when there is little diversi ty in those sensitive attributes. Second, attackers often hav e background knowledge, and we show thatk-anonymity does not guarantee privacy against attackers using background knowledge. We give a detailed analysis of these two at- tacks and we propose a novel and powerful privacy defi- nition called ℓ-diversity. In addition to building a formal foundation forℓ-diversity, we show in an experimental eval- uation that ℓ-diversity is practical and can be implemented efficiently.This publication has 47 references indexed in Scilit:
- Network Models for Complementary Cell SuppressionJournal of the American Statistical Association, 1995
- Security problems on inference control for SUM, MAX, and MIN queriesJournal of the ACM, 1986
- The statistical security of a statistical databaseACM Transactions on Database Systems, 1984
- A security machanism for statistical databaseACM Transactions on Database Systems, 1980
- Secure statistical databases with random sample queriesACM Transactions on Database Systems, 1980
- Suppression Methodology and Statistical Disclosure ControlJournal of the American Statistical Association, 1980
- The trackerACM Transactions on Database Systems, 1979
- On the Question of Statistical ConfidentialityJournal of the American Statistical Association, 1972
- The Linear Randomized Response ModelJournal of the American Statistical Association, 1971
- Randomized Response: A Survey Technique for Eliminating Evasive Answer BiasJournal of the American Statistical Association, 1965