Ashwin Kumar V Machanavajjhala
Research Publications CV Cornell DB Group
Ph. D. Candidate with Prof. Johannes Gehrke
Department of Computer Science
Cornell University
4142 Upson Hall
Ithaca NY 14853
607 351 0477
mvnak(at)cs(dot)cornell(dot)edu
I expect to complete my Ph.D. by August 2008. I am currently looking for tenure track positions in academia. My primary area of interest is databases. My specific interests are in data privacy.
L-Diversity: Privacy Beyond k-Anonymity
Ashwin Machanavajjhala, Johannes Gehrke, Daniel Kifer,
Muthuramakrishnan Venkitasubramaniam, In ICDE 2006 and TKDD 2007. [PDF:
Conf Version], [PDF: Journal Version]
On the
Efficiency of Checking Perfect Privacy
Ashwin Machanavajjhala, Johannes Gehrke, In PODS 2006. [PDF]
Privacy: From Theory to Practice on the Map [NEW]
Ashwin Machanavajjhala, Daniel Kifer, John Abowd, Johannes
Gehrke, Lars Vilhuber, In ICDE 2008. [PDF]
Privacy in Data Publishing:
Access to real life data is an important requirement for quality
computer science research. However, real data collected by various agencies
and corporations is not shared due to privacy concerns. Most of this data is
in the form of a relation; each tuple corresponds to a unique individual,
and some of the attributes in the table are marked sensitive. In the recent
years, anonymous data has been published by coarsening the non-sensitive
attributes such that a condition known as k-anonymity is satisfied. In a
k-anonymized dataset, each record is indistinguishable from at least (k
-1)
other records with respect to the non-sensitive attributes. This disallows
an attacker from re-identifying an individual in the published dataset.
I demonstrated, with simple attacks, that a k-anonymized dataset has some
subtle, yet severe privacy problems. First, an adversary can discover
sensitive information when there is little diversity in values of the
sensitive attributes. Second, adversaries often have background knowledge,
and k-anonymity does not guarantee privacy against such adversaries. I
initiated a formal study of adversarial background knowledge, and proposed a
novel and powerful privacy definition called L-Diversity. To
ensure L-diversity, every group of tuples that share the same
non-sensitive information should be associated with at least ` roughly
equally distributed sensitive values. This simple criterion guarantees
privacy even against adversaries who have (the most disclosing) (L-2)
different pieces of background knowledge of the form "Bob does not have
diabetes." In addition to having a formal mathematical foundation, L-diversity
is practical and can be efficiently implemented. L-Diversity has had
a great impact on the database privacy community, and has already been cited
by over 20 publications in the major database conferences over the past two
years.
In a subsequent paper, presented in ICDE 2007, I helped study privacy in the
face of more complex adversarial background knowledge. We used propositional
formulas over the tuples in the table to express adversarial back-ground
knowledge, and showed that any adversarial knowledge can be divided into a
conjunction of implications of the form, "If Bruce has the Flu, then
his wife Carla also has the Flu." Though reasoning about the
information disclosed by an arbitrary set of implications was #P-hard, we
proposed efficient algorithms to compute the worst L implications
that lead to the largest information disclosure, and proposed efficient
anonymization algorithms that guard against such adversaries.
Privacy on the Map.
In a recent collaboration with Prof. John Abowd, I studied the privacy
requirements of OnTheMap, a real world privacy application. This
application plots commute patterns of workers on the US Map to study
workforce indicators. In this application, while worker destinations (i.e.,
workplaces) are publicly known, origins (i.e., residences) must be kept
secret. This is done using the synthetic data generation technique, which is
very popular in the statistical disclosure limitation literature. Synthetic
data points are drawn from a statistical model built on a noise infused
version of the data. This synthetic population is then published. However,
there has been little research on deriving formal guarantees of privacy for
such an approach. Moreover, interesting real data is usually very sparse;
this is an important open problem that has been overlooked by research in
data publishing. Most previous work deals with data where the number of
individuals is typically larger than the size of the sensitive attribute
domain. In our application, however, only tens or hundreds of workers
commute to each destination from roughly 8 million origins on the U.S. map.
When applied to such data, current provably private algorithms create
spurious commute patterns by adding noise to all the 8 million origins. A
paper that I will present at ICDE 2008 contains the first rigorous
theoretical privacy analysis of a synthetic data generation algorithm,
sufficient conditions for the privacy of this technique, and the first
solutions that ensure privacy in sparse data.
Efficient Enforcement of Complex Privacy Policies.
In traditional hospital and military databases, and in futuristic web
data sharing scenarios, different entities are authorized to access
different parts of the data. Hence, it is crucial that an unauthorized
entity does not learn any information that it is not allowed to access. One
method to formally specify such (possibly complex) privacy policies is to
express the sensitive information as conjunctive queries (a subset of SQL)
and enforce perfect privacy, a very strong notion of privacy that ensures
that a query is answered by the database only if it does not disclose any
information about the answer to the sensitive query. However, checking
whether one query leaks any information about another query is known to be
intractable (hard for the second level of the polynomial hierarchy).
In a paper presented at PODS 2006, I showed that enforcing
perfect privacy is tractable, and indeed very efficient, for large and
interesting subclasses of conjunctive queries. Instead of giving different
arguments for query classes of varying complexities, I made a connection
between perfect privacy and the well known database problem of checking
query containment, thus relating the tractability of enforcing perfect
privacy to the tractability of query containment.
Outsourcing Databases.
There is a recent buzz in both academic research and the industry
regarding third-party-hosted software services. One such application that
various corporations are jostling to provide is the online "office
suite," where documents can be stored online and concurrently edited by
different users. This is attractive since users can collaborate with little
or no communication external to the server. However, users might not adopt
this service without an integrity guarantee that the server has not
maliciously altered the files.
I helped study the possibility of checking server integrity
in the face of concurrent edits from different users with little or no
communication between users. Under reasonable requirements, we showed that
server integrity cannot be guaranteed in the absence of external
communication, and designed efficient algorithms that ensure server
integrity with minimal external communication. These results were presented
at STD3S 2006.