| Crynodeb: | <p>Existing approaches to tackle the challenges of privacy-preserving data analysis and data release are subject to vulnerabilities from certain attacks (which is the case for syntactic privacy models) or suffer in terms of efficiency, scalability or utility (which is the case for techniques based on secure multi-party computation). In addition, definitions of privacy (or any associated properties and notions) remain open to different interpretations among various stakeholders due to privacy’s multi-dimensional and multi-faceted nature. In such environments, individuals who are not necessarily privacy experts, such as software developers or system designers, may struggle to select an appropriate privacy model or mechanism to protect their systems. This dissertation presents simplifications, analyses, considerations and promotions in the context of privacy-preserving data analysis and data release to support <em>utility, flexibility</em> and <em>privacy</em>.</p>
<p>As a first step, we facilitate understanding, application and analysis of syntactic privacy notions via abstraction to games. Via these games, we clarify understanding of, and relationships between, different privacy notions. Further, we give an unambiguous understanding of adversarial actions.</p>
<p>We analyse previously defined privacy games with regards to their applicability and relationships to each other, and define policies to support predominantly non- experts to establish an overview and to select the ‘fitting’ privacy notion / game for their applications. In this context, we utilise our game-based definitions to analyse and reason about privacy properties in a content-based clustering recommendation system as well as a collaborative-filtering based classification recommender system.</p>
<p>The second part is focused on the application to practice. Important in this context is the specification of requirements, which we derive from an analysis of multiple real world applications. Our use cases are predominately placed in distributed multi-party settings, where data remains split between mutually distrustful parties.</p>
<p>Given these real world constraints, we adapt and investigate a novel approach (based on trusted computing techniques) that remains resilient to many implementation-specific vulnerabilities, and increases efficiency and scalability. Our investigation comprises an advanced threat analysis covering high-level privacy model attacks to low-level side-channel vulnerabilities; furthermore, we present benchmarking results illustrating the superiority in performance of our approach compared to existing solutions.</p>
<p>Overall, we aim to foster understanding of privacy and applicability in data analysis and data release applications.</p>
|
|---|