Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Distributed Transition System with Tags and Value-wise Metric, for Privacy Analysis

Siva Anantharaman, Sabine Frittella, Benjamin Nguyen

TL;DR

This paper presents Distributed Labeled-Tagged Transition Systems (DLTTS) as a formal framework to model how private information stored in a distributed database can be progressively learned by an adversary through repeated queries. It introduces a value-wise metric rho to compare data across heterogeneous types and defines epsilon-based privacy notions (LDP and DP) that are refined by rho, enabling finer analysis of indistinguishability beyond standard Hamming-based metrics. The framework combines probabilistic automata with an oracle mechanism and a saturation procedure to capture the evolving knowledge state of an attacker, and it demonstrates how this model can guide privacy protection strategies, including a dynamic switch-off of query responses to limit leakage. The paper also provides a motivating enterprise example, analyzes multiple attacker profiles, and proposes a practical secrecy strategy, highlighting the framework’s potential for database administrators to monitor privacy breaches and adjust access controls in real time.

Abstract

We introduce a logical framework named Distributed Labeled Tagged Transition System (DLTTS), using concepts from Probabilistic Automata, Probabilistic Concurrent Systems, and Probabilistic labelled transition systems. We show that DLTTS can be used to formally model how a given piece of private information P (e.g., a set of tuples) stored in a given database D can get captured progressively by an adversary A repeatedly querying D, enhancing the knowledge acquired from the answers to these queries with relational deductions using certain additional non-private data. The database D is assumed protected with generalization mechanisms. We also show that, on a large class of databases, metrics can be defined 'value-wise', and more general notions of adjacency between data bases can be defined, based on these metrics. These notions can also play a role in differentially private protection mechanisms.

Distributed Transition System with Tags and Value-wise Metric, for Privacy Analysis

TL;DR

This paper presents Distributed Labeled-Tagged Transition Systems (DLTTS) as a formal framework to model how private information stored in a distributed database can be progressively learned by an adversary through repeated queries. It introduces a value-wise metric rho to compare data across heterogeneous types and defines epsilon-based privacy notions (LDP and DP) that are refined by rho, enabling finer analysis of indistinguishability beyond standard Hamming-based metrics. The framework combines probabilistic automata with an oracle mechanism and a saturation procedure to capture the evolving knowledge state of an attacker, and it demonstrates how this model can guide privacy protection strategies, including a dynamic switch-off of query responses to limit leakage. The paper also provides a motivating enterprise example, analyzes multiple attacker profiles, and proposes a practical secrecy strategy, highlighting the framework’s potential for database administrators to monitor privacy breaches and adjust access controls in real time.

Abstract

We introduce a logical framework named Distributed Labeled Tagged Transition System (DLTTS), using concepts from Probabilistic Automata, Probabilistic Concurrent Systems, and Probabilistic labelled transition systems. We show that DLTTS can be used to formally model how a given piece of private information P (e.g., a set of tuples) stored in a given database D can get captured progressively by an adversary A repeatedly querying D, enhancing the knowledge acquired from the answers to these queries with relational deductions using certain additional non-private data. The database D is assumed protected with generalization mechanisms. We also show that, on a large class of databases, metrics can be defined 'value-wise', and more general notions of adjacency between data bases can be defined, based on these metrics. These notions can also play a role in differentially private protection mechanisms.

Paper Structure

This paper contains 24 sections, 3 theorems, 4 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Useful concepts definitions
  4. A Running Example
  5. Distributed Labeled-Tagged Transition Systems
  6. Value-wise Metrics on Databases
  7. $\epsilon$-local-differential privacy, $\epsilon$-indistinguishability
  8. $\epsilon$-Differential Privacy
  9. Metrics for Indistinguishability and DP
  10. Using DLTTS for privacy analysis
  11. A Motivating example
  12. Objective:
  13. Privacy attack analysis
  14. Attacker $A$
  15. Attacker $B$
  16. ...and 9 more sections

Key Result

Proposition 1

Suppose given a database $D$, a finite sequence of repeated queries on $D$ by an adversary $A$, and a first-order relational formula $P = P_A(D)$ over the signature $\Sigma$ of $D$, expressing the privacy policy of $D$ with respect to $A$. Let ${\mathcal{W}}$ be the DLTTS modeling the various querie

Figures (4)

  • Figure 1: A DLTTS for Check-for-CoVid
  • Figure 2: DLTTS-C: Basic Analyser $C$ captures all responses
  • Figure 3: DLTTS-B for $B$'s capture of responses
  • Figure 4: DLTTS-A for $A$'s capture of responses

Theorems & Definitions (6)

  • Definition 1
  • Proposition 1
  • Definition 2
  • Definition 3
  • Proposition 2
  • Lemma 1