TY - GEN
T1 - PRIVEE
T2 - 2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022
AU - Bhattacharjee, Kaustav
AU - Islam, Akm
AU - Vaidya, Jaideep
AU - Dasgupta, Aritra
N1 - Funding Information:
The work reported in this publication was supported by the National Science Foundation (CNS-2027789) and the National Institutes of Health (R35GM134927). The content is solely the responsibility of the authors and does not necessarily represent the official views of the agencies funding the research.
Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Open data sets that contain personal information are susceptible to adversarial attacks even when anonymized. By performing low-cost joins on multiple datasets with shared attributes, malicious users of open data portals might get access to information that violates individuals' privacy. However, open data sets are primarily published using a release-and-forget model, whereby data owners and custodians have little to no cognizance of these privacy risks. We address this critical gap by developing a visual analytic solution that enables data defenders to gain awareness about the disclosure risks in local, joinable data neighborhoods. The solution is derived through a design study with data privacy researchers, where we initially play the role of a red team and engage in an ethical data hacking exercise based on privacy attack scenarios. We use this problem and domain characterization to develop a set of visual analytic interventions as a defense mechanism and realize them in PRIVEE, a visual risk inspection workflow that acts as a proactive monitor for data defenders. PRIVEE uses a combination of risk scores and associated interactive visualizations to let data defenders explore vulnerable joins and interpret risks at multiple levels of data granularity. We demonstrate how PRIVEE can help emulate the attack strategies and diagnose disclosure risks through two case studies with data privacy experts.
AB - Open data sets that contain personal information are susceptible to adversarial attacks even when anonymized. By performing low-cost joins on multiple datasets with shared attributes, malicious users of open data portals might get access to information that violates individuals' privacy. However, open data sets are primarily published using a release-and-forget model, whereby data owners and custodians have little to no cognizance of these privacy risks. We address this critical gap by developing a visual analytic solution that enables data defenders to gain awareness about the disclosure risks in local, joinable data neighborhoods. The solution is derived through a design study with data privacy researchers, where we initially play the role of a red team and engage in an ethical data hacking exercise based on privacy attack scenarios. We use this problem and domain characterization to develop a set of visual analytic interventions as a defense mechanism and realize them in PRIVEE, a visual risk inspection workflow that acts as a proactive monitor for data defenders. PRIVEE uses a combination of risk scores and associated interactive visualizations to let data defenders explore vulnerable joins and interpret risks at multiple levels of data granularity. We demonstrate how PRIVEE can help emulate the attack strategies and diagnose disclosure risks through two case studies with data privacy experts.
KW - Human-centered computing
KW - Visual analytics
KW - Visualization
KW - Visualization application domains
UR - http://www.scopus.com/inward/record.url?scp=85142864413&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85142864413&partnerID=8YFLogxK
U2 - 10.1109/VizSec56996.2022.9941431
DO - 10.1109/VizSec56996.2022.9941431
M3 - Conference contribution
AN - SCOPUS:85142864413
T3 - 2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022
BT - 2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 19 October 2022
ER -