Monday, July 14th, 2014
09:30 – 10:30
Privacy without encrypting – Protect your data and use it too
Christopher W. Clifton, Purdue University, US
Abstract: There has been ongoing work in encrypted database as a means to protect privacy, but this comes at a high price. An alternative is separating sensitive and identifying information, through models such as fragmentation, anatomization, and slicing. In our DBSec’11 paper, we presented a query processor over such a data separation model, where the server cannot violate privacy constraints, but still does most of the work before sending final results to be joined by the client (who is allowed access to private data.) In DBSec’13 we showed how to ensure privacy constraints are satisfied when storing transactional data under such a model. This talk will look at using such data: How do we learn (and what can’t we learn) when data is stored under a data separation approach. This involves both server-only approaches (what value can the server get in return for storing privacy-protected data), and client/server cooperation (pushing as much work to the server as possible, with the client doing only what is needed to ensure quality results.)
This talk presents work that was made possible by NPRP grant 02-256-1-046 from the Qatar National Research Fund. The statements made herein are solely the responsibility of the author.