🤖 AI Summary
This study addresses the challenge that complex queries in data sharing can inadvertently leak private information, while data providers often fail to comprehensively identify such privacy-violating queries, thereby undermining existing protection mechanisms. To tackle this issue, the authors propose pArborist, a novel tool that, for the first time, automatically expands and refines query trees from user-provided seed queries, supporting both static databases and dynamic data streams while enabling GDPR-compliant privacy violation discovery. The approach integrates syntax-constrained query generation with pruning strategies, leveraging conditional independence tests and correlation analysis to efficiently explore the space of valid queries under resource constraints. Experimental results demonstrate that pArborist achieves 90% recall and 93% precision in identifying privacy-revealing queries—significantly outperforming FQID—and incurs only 1.3 ms average latency in stream processing with a warm-up time of approximately 920 ms.
📝 Abstract
Sharing databases and data streams imposes the danger of revealing private information in the form of complex events which can comprise individual data elements and their combinations. Identifying these privacy-revealing complex events is crucial for preserving privacy while maintaining data utility. However, data producers often lack the expertise to comprehensively identify these events, which undermines many state-of-the-art privacy-preserving mechanisms that rely on accurate event labeling. To address this challenge, we developed pArborist - a tool that can semi-automatically create a set of queries to identify and label privacy-revealing complex events in both static datasets and dynamic data streams, guided by the privacy requirements of the data producer. pArborist uses the schema of the database or data stream combined with initial input from the data producer, i.e., seed queries. From each seed query, pArborist grows a tree containing all possible syntactically correct queries, constrained by an upper limit on computational resources. Following this growing phase, the tree is refined by eliminating queries that lack correlation to the seed or are conditionally independent of the seed. Our evaluation indicates that pArborist achieves overall recall of 90% and precision of 93% in finding privacy-revealing queries, and this significantly surpasses the state-of-the-art approach FQID. In data stream processing experiments, pArborist introduces a delay of approximately 1.3 ms following an average warm-up period of 920 ms. The experiments also show that pArborist can automatically detect privacy-revealing complex events according to GDPR.