We focus on two mainstream privacy models: k-anonymity and differentialprivacy. Once a privacy model has been selected, the goal is to enforce itwhile preserving as much data utility as possible. The main objective of thisthesis is to improve the data utility in k-anonymous and differentially privatedata releases. k-Anonymity has several drawbacks. On the disclosure limitationside, there is a lack of protection against attribute disclosure and againstinformed intruders. On the data utility side, dealing with a large number ofquasi-identifier attributes is problematic. We propose a relaxation ofk-anonymity that deals with these issues. Differential privacy limits disclosure risk through noise addition. TheLaplace distribution is commonly used for the random noise. We show that theLaplace distribution is not optimal: the same disclosure limitation guaranteecan be attained by adding less noise. Optimal univariate and multivariatenoises are characterized and constructed. Common mechanisms to attain differential privacy do not take into account theusers prior knowledge; they implicitly assume zero initial knowledge about thequery response. We propose a mechanism that focuses on limiting the knowledgegain over the prior knowledge. Microaggregation-based k-anonymity and differential privacy can be combinedto produce microdata releases with the strong privacy guarantees ofdifferential privacy and improved data accuracy. The last contribution delves into the relation between t-closeness anddifferential privacy. We see that for a specific distance and under somereasonable assumptions on the intruders knowledge, t-closeness leads todifferential privacy.
展开▼
