PRIVEE: A Visual Analytic Workflow for Proactive Privacy Risk Inspection of Open Data

Kaustav Bhattacharjee; Akm Islam; Jaideep Vaidya; Aritra Dasgupta

doi:10.1109/VizSec56996.2022.9941431

PRIVEE: A Visual Analytic Workflow for Proactive Privacy Risk Inspection of Open Data

Kaustav Bhattacharjee, Akm Islam, Jaideep Vaidya, Aritra Dasgupta

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

5 Scopus citations

Abstract

Open data sets that contain personal information are susceptible to adversarial attacks even when anonymized. By performing low-cost joins on multiple datasets with shared attributes, malicious users of open data portals might get access to information that violates individuals' privacy. However, open data sets are primarily published using a release-and-forget model, whereby data owners and custodians have little to no cognizance of these privacy risks. We address this critical gap by developing a visual analytic solution that enables data defenders to gain awareness about the disclosure risks in local, joinable data neighborhoods. The solution is derived through a design study with data privacy researchers, where we initially play the role of a red team and engage in an ethical data hacking exercise based on privacy attack scenarios. We use this problem and domain characterization to develop a set of visual analytic interventions as a defense mechanism and realize them in PRIVEE, a visual risk inspection workflow that acts as a proactive monitor for data defenders. PRIVEE uses a combination of risk scores and associated interactive visualizations to let data defenders explore vulnerable joins and interpret risks at multiple levels of data granularity. We demonstrate how PRIVEE can help emulate the attack strategies and diagnose disclosure risks through two case studies with data privacy experts.

Original language	English (US)
Title of host publication	2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781665461481
DOIs	https://doi.org/10.1109/VizSec56996.2022.9941431
State	Published - 2022
Externally published	Yes
Event	2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022 - Oklahoma City, United States Duration: Oct 19 2022 → …

Publication series

Name	2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022

Conference

Conference	2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022
Country/Territory	United States
City	Oklahoma City
Period	10/19/22 → …

All Science Journal Classification (ASJC) codes

Computer Vision and Pattern Recognition
Computer Networks and Communications
Information Systems
Safety, Risk, Reliability and Quality

Keywords

Human-centered computing
Visual analytics
Visualization
Visualization application domains

Access to Document

10.1109/VizSec56996.2022.9941431

Cite this

Bhattacharjee, K., Islam, A., Vaidya, J., & Dasgupta, A. (2022). PRIVEE: A Visual Analytic Workflow for Proactive Privacy Risk Inspection of Open Data. In 2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022 (2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/VizSec56996.2022.9941431

@inproceedings{582b8f27939b4640b93398cc7994e6a2,

title = "PRIVEE: A Visual Analytic Workflow for Proactive Privacy Risk Inspection of Open Data",

abstract = "Open data sets that contain personal information are susceptible to adversarial attacks even when anonymized. By performing low-cost joins on multiple datasets with shared attributes, malicious users of open data portals might get access to information that violates individuals' privacy. However, open data sets are primarily published using a release-and-forget model, whereby data owners and custodians have little to no cognizance of these privacy risks. We address this critical gap by developing a visual analytic solution that enables data defenders to gain awareness about the disclosure risks in local, joinable data neighborhoods. The solution is derived through a design study with data privacy researchers, where we initially play the role of a red team and engage in an ethical data hacking exercise based on privacy attack scenarios. We use this problem and domain characterization to develop a set of visual analytic interventions as a defense mechanism and realize them in PRIVEE, a visual risk inspection workflow that acts as a proactive monitor for data defenders. PRIVEE uses a combination of risk scores and associated interactive visualizations to let data defenders explore vulnerable joins and interpret risks at multiple levels of data granularity. We demonstrate how PRIVEE can help emulate the attack strategies and diagnose disclosure risks through two case studies with data privacy experts.",

keywords = "Human-centered computing, Visual analytics, Visualization, Visualization application domains",

author = "Kaustav Bhattacharjee and Akm Islam and Jaideep Vaidya and Aritra Dasgupta",

note = "Publisher Copyright: {\textcopyright} 2022 IEEE.; 2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022 ; Conference date: 19-10-2022",

year = "2022",

doi = "10.1109/VizSec56996.2022.9941431",

language = "English (US)",

series = "2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022",

address = "United States",

}

Bhattacharjee, K, Islam, A, Vaidya, J & Dasgupta, A 2022, PRIVEE: A Visual Analytic Workflow for Proactive Privacy Risk Inspection of Open Data. in 2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022. 2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022, Institute of Electrical and Electronics Engineers Inc., 2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022, Oklahoma City, United States, 10/19/22. https://doi.org/10.1109/VizSec56996.2022.9941431

PRIVEE: A Visual Analytic Workflow for Proactive Privacy Risk Inspection of Open Data. / Bhattacharjee, Kaustav; Islam, Akm; Vaidya, Jaideep et al.
2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022. Institute of Electrical and Electronics Engineers Inc., 2022. (2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - PRIVEE

T2 - 2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022

AU - Bhattacharjee, Kaustav

AU - Islam, Akm

AU - Vaidya, Jaideep

AU - Dasgupta, Aritra

PY - 2022

Y1 - 2022

N2 - Open data sets that contain personal information are susceptible to adversarial attacks even when anonymized. By performing low-cost joins on multiple datasets with shared attributes, malicious users of open data portals might get access to information that violates individuals' privacy. However, open data sets are primarily published using a release-and-forget model, whereby data owners and custodians have little to no cognizance of these privacy risks. We address this critical gap by developing a visual analytic solution that enables data defenders to gain awareness about the disclosure risks in local, joinable data neighborhoods. The solution is derived through a design study with data privacy researchers, where we initially play the role of a red team and engage in an ethical data hacking exercise based on privacy attack scenarios. We use this problem and domain characterization to develop a set of visual analytic interventions as a defense mechanism and realize them in PRIVEE, a visual risk inspection workflow that acts as a proactive monitor for data defenders. PRIVEE uses a combination of risk scores and associated interactive visualizations to let data defenders explore vulnerable joins and interpret risks at multiple levels of data granularity. We demonstrate how PRIVEE can help emulate the attack strategies and diagnose disclosure risks through two case studies with data privacy experts.

AB - Open data sets that contain personal information are susceptible to adversarial attacks even when anonymized. By performing low-cost joins on multiple datasets with shared attributes, malicious users of open data portals might get access to information that violates individuals' privacy. However, open data sets are primarily published using a release-and-forget model, whereby data owners and custodians have little to no cognizance of these privacy risks. We address this critical gap by developing a visual analytic solution that enables data defenders to gain awareness about the disclosure risks in local, joinable data neighborhoods. The solution is derived through a design study with data privacy researchers, where we initially play the role of a red team and engage in an ethical data hacking exercise based on privacy attack scenarios. We use this problem and domain characterization to develop a set of visual analytic interventions as a defense mechanism and realize them in PRIVEE, a visual risk inspection workflow that acts as a proactive monitor for data defenders. PRIVEE uses a combination of risk scores and associated interactive visualizations to let data defenders explore vulnerable joins and interpret risks at multiple levels of data granularity. We demonstrate how PRIVEE can help emulate the attack strategies and diagnose disclosure risks through two case studies with data privacy experts.

KW - Human-centered computing

KW - Visual analytics

KW - Visualization

KW - Visualization application domains

UR - http://www.scopus.com/inward/record.url?scp=85142864413&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85142864413&partnerID=8YFLogxK

U2 - 10.1109/VizSec56996.2022.9941431

DO - 10.1109/VizSec56996.2022.9941431

M3 - Conference contribution

AN - SCOPUS:85142864413

T3 - 2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022

BT - 2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 19 October 2022

ER -

Bhattacharjee K, Islam A, Vaidya J, Dasgupta A. PRIVEE: A Visual Analytic Workflow for Proactive Privacy Risk Inspection of Open Data. In 2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022. Institute of Electrical and Electronics Engineers Inc. 2022. (2022 IEEE Symposium on Visualization for Cyber Security, VizSec 2022). doi: 10.1109/VizSec56996.2022.9941431

PRIVEE: A Visual Analytic Workflow for Proactive Privacy Risk Inspection of Open Data

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Keywords

Access to Document

Other files and links

Fingerprint

Cite this