Advancing SCRAM: Privacy-Centric Approaches in Cyber Risk Measurement

The Secure Cyber Risk Aggregation and Measurement (SCRAM) framework allows multiple parties to compute aggregate cyber-risk measurements without the need to disclose publicly any information about their identity and their personal data. The framework, through the use of Multi-Party Computation (MPC) and Homomorphic Encryption (HE), guarantees each party that their participation in the computation is confidential and that the aggregated results will not be decrypted without their authorization [1]. However, the system fails to guarantee what the output of the aggregated computations reveals about their identity, their security posture, and their losses. In this work, we tackle the challenging problem of preserving privacy in small datasets while maximizing utility, a critical issue in the context of the SCRAM framework. We first construct a linear programming problem that demonstrates how the aggregate outputs of SCRAM do not provide adequate privacy, revealing sensitive information about individual parties. Then, we establish new privacy guarantees for the framework based on the concepts of Predicate Singling Out (PSO) and Differential Privacy (DP). These guarantees aim to protect the identity and data of the participating parties while still allowing for meaningful aggregate measurements. We then demonstrate the inadequacy of existing privacy solutions for small datasets and propose two novel techniques specifically designed for small datasets: integer-binary randomized response and clustering-based output perturbation. The integer-binary randomized response transforms integer inputs into binary questions, enabling the application of randomized response techniques while minimizing the impact on data utility. The clustering-based approach aggregates similar values into clusters and reports summary statistics, effectively obfuscating individual data points while preserving the overall distribution and relative magnitudes. These techniques offer a balance between privacy and utility, demonstrating the feasibility of privacy-preserving computation on small datasets. Our work highlights the limitations of existing privacy solutions for small datasets and the necessity of developing specialized techniques to address this challenge. The proposed methods not only enhance the privacy guarantees of the SCRAM framework but also contribute to the broader field of privacy-preserving computation, providing a foundation for future research and applications involving sensitive data aggregation and analysis in small dataset scenarios.