差分隐私的隐私观与隐私目标

doi:10.11959/j.issn.2096-109x.2023071

网络与信息安全学报 ›› 2023, Vol. 9 ›› Issue (5): 82-91.doi: 10.11959/j.issn.2096-109x.2023071

• 学术论文 • 上一篇

差分隐私的隐私观与隐私目标

贾靖宇¹^,², 谭畅¹^,², 刘哲伟²^,³, 李鑫豪²^,³, 刘哲理²^,³, 张涛⁴

¹ 南开大学计算机学院，天津 300350
² 南开大学数据与智能系统安全教育部重点实验室，天津 300350
³ 南开大学网络空间安全学院，天津 300350
⁴ 中国工程物理研究院激光聚变研究中心，四川绵阳 621900

修回日期:2023-03-31 出版日期:2023-10-01 发布日期:2023-10-01
作者简介:贾靖宇（1996− ），男，天津人，南开大学博士生，主要研究方向为差分隐私
谭畅（1996− ），男，天津人，南开大学博士生，主要研究方向为差分隐私
刘哲伟（2000− ），男，吉林松原人，南开大学硕士生，主要研究方向为差分隐私
李鑫豪（2000− ），男，山东泰安人，南开大学硕士生，主要研究方向为差分隐私
刘哲理（1978− ），男，山东潍坊人，南开大学教授、博士生导师，主要研究方向为基于密码学的数据隐私保护、密文数据库、密文集合运算、差分隐私、人工智能安全
张涛（1990− ），男，四川苍溪人，中国工程物理研究院激光聚变研究中心高级工程师，主要研究方向为信息安全、数据融合分析与应用
基金资助:
国家自然科学基金(62032012)

Privacy view and target of differential privacy

Jingyu JIA¹^,², Chang TAN¹^,², Zhewei LIU²^,³, Xinhao LI²^,³, Zheli LIU²^,³, Tao ZHANG⁴

¹ College of Computer Science, Nankai University, Tianjin 300350, China
² Key Laboratory of Data and Intelligent System Security, Ministry of Education, Nankai University, Tianjin 300350, China
³ College of Cyber Science, Nankai University, Tianjin 300350, China
⁴ Laser Fusion Research Center, China Academy of Engineering Physics, Mianyang 621900, China

Revised:2023-03-31 Online:2023-10-01 Published:2023-10-01
Supported by:
The National Natural Science Foundation of China(62032012)

摘要/Abstract

摘要：

为了解决差分隐私中“隐私目标”难以理解的问题，研究差分隐私在多个领域中存在的隐私争议。从数据相关性场景的具体示例展开，研究学者对差分隐私保护目标的不同观点。当数据集中的记录具有相关性时，敌手能利用记录间相关性从差分隐私机制中准确推理用户的某些敏感信息。这种现象是否违反隐私保护，引起学者的长期讨论。借助法学领域的研究，调研计算机领域两种主流隐私理论对隐私定义的影响。限制访问个人信息理论强调阻止他人获取个人的敏感信息。该理论认为隐私机制应当阻止敌手通过获取用户的真实信息。对个人信息的控制理论则强调个人向他人传达有关自身信息的权利。该理论认为因他人分享数据的相关性，个人的信息泄露不应该被视为隐私泄露。分析计算机科学、社会科学、伦理道德以及人机交互领域中学者对于隐私概念的不同理解而对差分隐私产生的争议。从多学科视角分析差分隐私的隐私观，帮助读者正确认识差分隐私的隐私观与隐私目标，并增进读者对“隐私”的理解。

关键词: 差分隐私, 数据相关性, 隐私风险, 隐私理论

Abstract:

The study aimed to address the challenges in understanding the privacy goals of differential privacy by analyzing the privacy controversies surrounding it in various fields.It began with the example of data correlation and highlighted the differing perspectives among scholars regarding the targets of privacy protection.In cases where records in a dataset were correlated, adversaries can exploit this correlation to infer sensitive information about individuals, thereby sparking a debate on whether this violates privacy protection.To investigate the influence of privacy theories in the legal domain on defining privacy, two mainstream privacy theories in the computer field were examined.The first theory, limited access to personal information, focuses on preventing others from accessing an individual’s sensitive information.According to this theory, privacy mechanisms should aim to prevent adversaries from accessing a user’s actual information.In contrast, the second theory, control over personal information, emphasizes an individual’s right to communicate personal information to others.This theory suggests that the disclosure of personal information due to the relevance of others sharing data should not be considered a breach of privacy.Then the controversies of differential privacy were analyzed in the fields of computer science, social science, ethics and human-computer interaction due to their different understandings of privacy.By exploring the privacy concept of differential privacy from a multidisciplinary perspective, this study helps readers gain a correct understanding of the privacy viewpoint and goals of differential privacy while enhancing their understanding of the concept of “privacy” itself.

Key words: differential privacy, data correlation, privacy risk, privacy theory

中图分类号:

TP3-05

贾靖宇, 谭畅, 刘哲伟, 李鑫豪, 刘哲理, 张涛. 差分隐私的隐私观与隐私目标[J]. 网络与信息安全学报, 2023, 9(5): 82-91.

Jingyu JIA, Chang TAN, Zhewei LIU, Xinhao LI, Zheli LIU, Tao ZHANG. Privacy view and target of differential privacy[J]. Chinese Journal of Network and Information Security, 2023, 9(5): 82-91.

图/表 2

参考文献 41

[1]	PRICE W N , COHEN I G . Privacy in the age of medical big data[J]. Nature Medicine, 2019,25(1): 37-43.
[2]	WANG Z , SONG M , ZHANG Z ,et al. Beyond inferring class representatives:User-level privacy leakage from federated learning[C]// IEEE INFOCOM 2019-IEEE Conference on Computer Communications. 2019: 2512-2520.
[3]	AYABURI E W , TREKU D N . Effect of penitence on social media trust and privacy concerns:The case of Facebook[J]. International Journal of Information Management, 2020,50: 171-181.
[4]	DWORK C , MCSHERRY F , NISSIM K ,et al. Calibrating noise to sensitivity in private data analysis[C]// Theory of Cryptography Conference. 2006: 265-284.
[5]	DWORK C , ROTH A . The algorithmic foundations of differential privacy[J]. Found Trends Theor Comput SCI, 2014,9(3-4): 211-407.
[6]	ERLINGSSON ú , PIHUR V , KOROLOVA A . Rappor:randomized aggregatable privacy-preserving ordinal response[C]// Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 2014: 1054-1067.
[7]	BITTAU A , ERLINGSSON ú , MANIATIS P ,et al. Prochlo:strong privacy for analytics in the crowd[C]// Proceedings of the 26th Symposium on Operating Systems Principles. 2017: 441-459.
[8]	Differential Privacy Team,Apple. Learning with privacy at scale[S]. 2017.
[9]	DING B , KULKARNI J , YEKHANIN S . Collecting telemetry data privately[C]// Proceedings of the 31st International Conference on Neural Information Processing Systems. 2017: 3574-3583.
[10]	JOHNSON N , NEAR J P , SONG D . Towards practical differential privacy for SQL queries[J]. Proceedings of the VLDB Endowment, 2018,11(5): 526-539.
[11]	NISSIM K , WOOD A . Is privacy privacy[J]. Philosophical Transactions of the Royal Society A:Mathematical,Physical and Engineering Sciences, 2018,376(2128): 20170358.
[12]	KIFER D , MACHANAVAJJHALA A . No free lunch in data privacy[C]// Proceedings of the 2011 ACM SIGMOD International Conference on Management of Data. 2011: 193-204.
[13]	COHEN A , NISSIM K . Towards formalizing the GDPR’s notion of singling out[J]. Proceedings of the National Academy of Sciences, 2020,117(15): 8344-8352.
[14]	OBERSKI D L , KREUTER F . Differential privacy and social science:an urgent puzzle[J]. Harvard Data Science Review:HDSR, 2020,2(1): 1-21.
[15]	ROGAWAY P . The moral character of cryptographic work[J]. Cryptology ePrint Archive, 2015.
[16]	CUMMINGS R , KAPTCHUK G , REDMILES E M . I need a better description:an investigation into user expectations for differential privacy[C]// Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 2021: 3037-3052.
[17]	HOLZEL J . Differential privacy and the GDPR[J]. Eur Data Prot L Rev, 2019,5:184.
[18]	XIONG A , WU C , WANG T ,et al. Using illustrations to communicate differential privacy trust models:an investigation of users' comprehension,perception,and data sharing decision[J]. arXiv Preprint arXiv:2202.10014, 2022.
[19]	XIONG A , WANG T , LI N ,et al. Towards effective differential privacy communication for users’ data sharing decision and comprehension[C]// 2020 IEEE Symposium on Security and Privacy (SP). 2020: 392-410.
[20]	KIFER D , MACHANAVAJJHALA A . Pufferfish:a framework for mathematical privacy definitions[J]. ACM Transactions on Database Systems (TODS), 2014,39(1): 1-36.
[21]	MICHAEL C T , SEN S , DATTA A . SoK:differential privacy as a causal property[C]// 2020 IEEE Symposium on Security and Privacy (SP). 2020: 354-371.
[22]	LIU C , CHAKRABORTY S , MITTAL P . Dependence makes you vulnberable:differential privacy under dependent tuples[C]// NDSS. 2016: 21-24.
[23]	ZHAO J , ZHANG J , POOR H V . Dependent differential privacy for correlated data[C]// 2017 IEEE Globecom Workshops (GC Wkshps). 2017: 1-7.
[24]	ZHU T , XIONG P , LI G ,et al. Correlated differential privacy:Hiding information in non-IID data set[J]. IEEE Transactions on Information Forensics and Security, 2014,10(2): 229-242.
[25]	YANG B , SATO I , NAKAGAWA H . Bayesian differential privacy on correlated data[C]// Proceedings of the 2015 ACM SIGMOD international conference on Management of Data. 2015: 747-762.
[26]	ZHANG T , ZHU T , LIU R ,et al. Correlated data in differential privacy:definition and analysis[J]. Concurrency and Computation:Practice and Experience, 2020.
[27]	LI Y , REN X , YANG S ,et al. Impact of prior knowledge and data correlation on privacy leakage:a unified analysis[J]. IEEE Transactions on Information Forensics and Security, 2019,14(9): 2342-2357.
[28]	CHEN R , FUNG B , YU P S ,et al. Correlated network data publication via differential privacy[J]. The VLDB Journal, 2014,23(4): 653-676.
[29]	SWEENEY L . k-anonymity:a model for protecting privacy[J]. International Journal of Uncertainty,Fuzziness and Knowledge-Based Systems, 2002,10(5): 557-570.
[30]	DALENIUS T . Towards a methodology for statistical disclosure control[J]. Statistik Tidskrift, 1977,15(429-444).
[31]	DWORK C , NAOR M . On the difficulties of disclosure prevention in statistical databases or the case for differential privacy[J]. Journal of Privacy and Confidentiality, 2010,2(1).
[32]	HIMMA K E , TAVANI H T . The handbook of information and computer ethics[M]. Hoboken: John Wiley ＆ Sons, 2008.
[33]	GAVISON R . Privacy and the limits of law[J]. The Yale Law Journal, 1980,89(3): 421-471.
[34]	BOK S . Secrets:on the ethics of concealment and revelation[M]. New York: Vintage, 1989.
[35]	TAVANI H T , MOOR J H . Privacy protection,control of information,and privacy-enhancing technologies[J]. ACM Sigcas Computers and Society, 2001,31(1): 6-11.
[36]	WESTIN A F . Privacy and freedom[J]. Washington and Lee Law Review, 1968,25(1): 166.
[37]	FRIED C . Privacy:a rational context[M]. New York:Computers,Ethics ＆ Society. 1990: 51-63.
[38]	BERKMAN B A . The assault on privacy:computers,data banks,and dossiers[J]. Case Western Reserve Law Review, 1971,22(4): 808.
[39]	RACHELS J . Why privacy is important[J]. Philosophy ＆ Public Affairs, 1975: 323-333.
[40]	STAFF F T C . Protecting consumer privacy in an era of rapid change-a proposed framework for businesses and policymakers[J]. Journal of Privacy and Confidentiality, 2011,3(1).
[41]	ABOWD J M . The US census Bureau adopts differential privacy[C]// Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery ＆ Data Mining. 2018: 2867-2867.

差分隐私的隐私观与隐私目标

Privacy view and target of differential privacy

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 2

参考文献 41

相关文章 15

Metrics

推荐阅读 0

[1]	余锋, 林庆新, 林晖, 汪晓丁. 基于生成对抗网络的隐私增强联邦学习方案[J]. 网络与信息安全学报, 2023, 9(3): 113-122.
[2]	祖立军, 曹雅琳, 门小骅, 吕智慧, 叶家炜, 李泓一, 张亮. 基于隐私风险评估的脱敏算法自适应方法[J]. 网络与信息安全学报, 2023, 9(3): 49-59.
[3]	应作斌, 方一晨, 张怡文. 动态聚合权重的隐私保护联邦学习框架[J]. 网络与信息安全学报, 2022, 8(5): 56-65.
[4]	张心语, 张秉晟, 孟泉润, 任奎. 隐私保护的加密流量检测研究[J]. 网络与信息安全学报, 2021, 7(4): 101-113.
[5]	赵明烽, Lei Chen, 钟洋, 熊金波. 移动边缘群智感知动态隐私度量模型与评价机制[J]. 网络与信息安全学报, 2021, 7(1): 157-166.
[6]	张煜,吕锡香,邹宇聪,李一戈. 基于生成对抗网络的文本序列数据集脱敏[J]. 网络与信息安全学报, 2020, 6(4): 109-119.
[7]	杨磊,郑啸,赵伟. 基于差分隐私的非等距直方图发布方法[J]. 网络与信息安全学报, 2020, 6(3): 39-49.
[8]	何贤芒. 基于差分隐私保护技术的多方求和查询方法[J]. 网络与信息安全学报, 2020, 6(3): 14-18.
[9]	刘慧,毕仁万,熊金波,赵明烽,金彪,林劼. 移动群智感知中基于雾节点协作的感知用户身份隐私保护[J]. 网络与信息安全学报, 2019, 5(6): 75-84.
[10]	李森有,季新生,游伟. 基于置信度分析的差分隐私保护参数配置方法研究[J]. 网络与信息安全学报, 2019, 5(4): 29-39.
[11]	郭鹏, 钟尚平, 陈开志, 程航. 差分隐私GAN梯度裁剪阈值的自适应选取方法[J]. 网络与信息安全学报, 2018, 4(5): 10-20.
[12]	任君,熊金波,姚志强. 基于差分隐私模型的云数据副本安全控制方案[J]. 网络与信息安全学报, 2017, 3(5): 38-46.
[13]	仝伟,毛云龙,陈庆军,王彬入,张保佳,仲盛. 抗大数据分析的隐私保护：研究现状与进展[J]. 网络与信息安全学报, 2016, 2(4): 44-55.
[14]	高志强,李庆鹏,胡人远. 基于Spark的支持隐私保护的聚类算法[J]. 网络与信息安全学报, 2016, 2(11): 47-51.
[15]	张文静,李晖. 差分隐私保护下的数据分级发布机制[J]. 网络与信息安全学报, 2015, 1(1): 58-65.