Combinatorial Algorithms for String Sanitization

Giulia Bernardini; Huiping Chen; Alessio Conte; Roberto Grossi; Grigorios Loukides; Nadia Pisanti; Solon P. Pissis; Giovanna Rosone; Michelle Sweering

doi:10.1145/3418683

Combinatorial Algorithms for String Sanitization

Giulia Bernardini, Huiping Chen, Alessio Conte, Roberto Grossi, Grigorios Loukides, Nadia Pisanti, Solon P. Pissis, Giovanna Rosone, Michelle Sweering

Computer Science

Research output: Contribution to journal › Article › peer-review

8 Citations (Scopus)

Abstract

String data are often disseminated to support applications such as location-based service provision or DNA sequence analysis. This dissemination, however, may expose sensitive patterns that model confidential knowledge (e.g., trips to mental health clinics from a string representing a user'slocation history). In this article, we consider the problem of sanitizing a string by concealing the occurrences of sensitive patterns, while maintaining data utility, in two settings that are relevant to many common string processing tasks.

In the first setting, we aim to generate the minimal-length string that preserves the order of appearance and frequency of all non-sensitive patterns. Such a string allows accurately performing tasks based on the sequential nature and pattern frequencies of the string. To construct such a string, we propose a time-optimal algorithm, TFS-ALGO. We alsopropose another time-optimal algorithm, PFS-ALGO, which preserves a partial order of appearance of non-sensitive patterns but produces a much shorter string that can be analyzed more efficiently. The strings produced by either of these algorithms are constructed by concatenating non-sensitive parts of the input string. However, it is possible to detect the sensitive patterns by "reversing"the concatenation operations. In response, we propose a heuristic, MCSR-ALGO, which replacesletters in the strings output by the algorithms with carefully selected letters, so that sensitive patterns are not reinstated, implausible patterns are not introduced, and occurrences of spurious patterns are prevented. In the second setting, we aim to generate a string that is at minimal edit distance from the original string, in addition to preserving the order of appearance and frequency of all non-sensitive patterns. To construct such a string, we propose an algorithm, ETFS-ALGO, basedon solving specific instances of approximate regular expression matching.

We implemented our sanitization approach that applies TFS-ALGO, PFS-ALGO, and then MCSR-ALGO, and experimentally show that it is effective and efficient. We also show that TFS-ALGO is nearly as effective at minimizing the edit distance as ETFS-ALGO, while being substantially more efficient than ETFS-ALGO.

Original language	English
Article number	8
Number of pages	34
Journal	ACM Transactions on Knowledge Discovery from Data
Volume	15
Issue number	1
Early online date	7 Dec 2020
DOIs	https://doi.org/10.1145/3418683
Publication status	Published - Jan 2021

Bibliographical note

Funding Information:
HC is supported by a CSC scholarship. NP, AC, RG, and GR are partially supported by the Università di Pisa under the “PRA – Progetti di Ricerca di Ateneo” (Institutional Research Grants) - Project no. PRA_2020-2021_26 “Metodi Informatici Integrati per la Biomedica.” AC and RG are partially supported by the Italian Ministry of University and Research (MIUR) PRIN Project no. 20174LF3T8 “AHeAD.” MS is supported by the Netherlands Organisation for Scientific Research (NWO) through Gravitation-grant NETWORKS-024.002.003. GR and NP are partially supported by MIUR-SIR project CMACBioSeq grant n. RBSI146R5L. Authors’ addresses: G. Bernardini, Dip. di Informatica, Sistemistica e Comunicazione, Viale Sarca, 336, I-20126 Milano, Italy; email: [email protected]; H. Chen and G. Loukides, Department of Informatics, King’s College London, Bush House, 30 Aldwych, London, WC2B 4BG, UK; emails: {huiping.chen, grigorios.loukides}@kcl.ac.uk; A. Conte, R. Grossi, N. Pisanti, and G. Rosone, Informatica, Università di Pisa, Largo Pontecorvo 3, 56127 Pisa, Italy; emails: {alessio.conte, giovanna.rosone, roberto.grossi, nadia.pisanti}@unipi.it; S. P. Pissis and M. Sweering, CWI, P.O. Box 94079, 1090 GB Amsterdam, NETHERLANDS; email: {solon.pissis, michelle.sweering}@cwi.nl. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]. © 2020 Association for Computing Machinery. 1556-4681/2020/12-ART8 $15.00 https://doi.org/10.1145/3418683

Publisher Copyright:
© 2020 ACM.

Keywords

Data privacy
data sanitization
knowledge hiding
sensitive knowledge
sequences
strings

ASJC Scopus subject areas

General Computer Science

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1145/3418683

Cite this

@article{b277c9969551474589442fe9426f6779,

title = "Combinatorial Algorithms for String Sanitization",

abstract = "String data are often disseminated to support applications such as location-based service provision or DNA sequence analysis. This dissemination, however, may expose sensitive patterns that model confidential knowledge (e.g., trips to mental health clinics from a string representing a user'slocation history). In this article, we consider the problem of sanitizing a string by concealing the occurrences of sensitive patterns, while maintaining data utility, in two settings that are relevant to many common string processing tasks. In the first setting, we aim to generate the minimal-length string that preserves the order of appearance and frequency of all non-sensitive patterns. Such a string allows accurately performing tasks based on the sequential nature and pattern frequencies of the string. To construct such a string, we propose a time-optimal algorithm, TFS-ALGO. We alsopropose another time-optimal algorithm, PFS-ALGO, which preserves a partial order of appearance of non-sensitive patterns but produces a much shorter string that can be analyzed more efficiently. The strings produced by either of these algorithms are constructed by concatenating non-sensitive parts of the input string. However, it is possible to detect the sensitive patterns by {"}reversing{"}the concatenation operations. In response, we propose a heuristic, MCSR-ALGO, which replacesletters in the strings output by the algorithms with carefully selected letters, so that sensitive patterns are not reinstated, implausible patterns are not introduced, and occurrences of spurious patterns are prevented. In the second setting, we aim to generate a string that is at minimal edit distance from the original string, in addition to preserving the order of appearance and frequency of all non-sensitive patterns. To construct such a string, we propose an algorithm, ETFS-ALGO, basedon solving specific instances of approximate regular expression matching. We implemented our sanitization approach that applies TFS-ALGO, PFS-ALGO, and then MCSR-ALGO, and experimentally show that it is effective and efficient. We also show that TFS-ALGO is nearly as effective at minimizing the edit distance as ETFS-ALGO, while being substantially more efficient than ETFS-ALGO.",

keywords = "Data privacy, data sanitization, knowledge hiding, sensitive knowledge, sequences, strings",

author = "Giulia Bernardini and Huiping Chen and Alessio Conte and Roberto Grossi and Grigorios Loukides and Nadia Pisanti and Pissis, {Solon P.} and Giovanna Rosone and Michelle Sweering",

note = "Funding Information: HC is supported by a CSC scholarship. NP, AC, RG, and GR are partially supported by the Universit{\`a} di Pisa under the “PRA – Progetti di Ricerca di Ateneo” (Institutional Research Grants) - Project no. PRA_2020-2021_26 “Metodi Informatici Integrati per la Biomedica.” AC and RG are partially supported by the Italian Ministry of University and Research (MIUR) PRIN Project no. 20174LF3T8 “AHeAD.” MS is supported by the Netherlands Organisation for Scientific Research (NWO) through Gravitation-grant NETWORKS-024.002.003. GR and NP are partially supported by MIUR-SIR project CMACBioSeq grant n. RBSI146R5L. Authors{\textquoteright} addresses: G. Bernardini, Dip. di Informatica, Sistemistica e Comunicazione, Viale Sarca, 336, I-20126 Milano, Italy; email: [email protected]; H. Chen and G. Loukides, Department of Informatics, King{\textquoteright}s College London, Bush House, 30 Aldwych, London, WC2B 4BG, UK; emails: {huiping.chen, grigorios.loukides}@kcl.ac.uk; A. Conte, R. Grossi, N. Pisanti, and G. Rosone, Informatica, Universit{\`a} di Pisa, Largo Pontecorvo 3, 56127 Pisa, Italy; emails: {alessio.conte, giovanna.rosone, roberto.grossi, nadia.pisanti}@unipi.it; S. P. Pissis and M. Sweering, CWI, P.O. Box 94079, 1090 GB Amsterdam, NETHERLANDS; email: {solon.pissis, michelle.sweering}@cwi.nl. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]. {\textcopyright} 2020 Association for Computing Machinery. 1556-4681/2020/12-ART8 $15.00 https://doi.org/10.1145/3418683 Publisher Copyright: {\textcopyright} 2020 ACM.",

year = "2021",

month = jan,

doi = "10.1145/3418683",

language = "English",

volume = "15",

journal = "ACM Transactions on Knowledge Discovery from Data",

issn = "1556-4681",

publisher = "Association for Computing Machinery (ACM)",

number = "1",

}

TY - JOUR

T1 - Combinatorial Algorithms for String Sanitization

AU - Bernardini, Giulia

AU - Chen, Huiping

AU - Conte, Alessio

AU - Grossi, Roberto

AU - Loukides, Grigorios

AU - Pisanti, Nadia

AU - Pissis, Solon P.

AU - Rosone, Giovanna

AU - Sweering, Michelle

N1 - Funding Information: HC is supported by a CSC scholarship. NP, AC, RG, and GR are partially supported by the Università di Pisa under the “PRA – Progetti di Ricerca di Ateneo” (Institutional Research Grants) - Project no. PRA_2020-2021_26 “Metodi Informatici Integrati per la Biomedica.” AC and RG are partially supported by the Italian Ministry of University and Research (MIUR) PRIN Project no. 20174LF3T8 “AHeAD.” MS is supported by the Netherlands Organisation for Scientific Research (NWO) through Gravitation-grant NETWORKS-024.002.003. GR and NP are partially supported by MIUR-SIR project CMACBioSeq grant n. RBSI146R5L. Authors’ addresses: G. Bernardini, Dip. di Informatica, Sistemistica e Comunicazione, Viale Sarca, 336, I-20126 Milano, Italy; email: [email protected]; H. Chen and G. Loukides, Department of Informatics, King’s College London, Bush House, 30 Aldwych, London, WC2B 4BG, UK; emails: {huiping.chen, grigorios.loukides}@kcl.ac.uk; A. Conte, R. Grossi, N. Pisanti, and G. Rosone, Informatica, Università di Pisa, Largo Pontecorvo 3, 56127 Pisa, Italy; emails: {alessio.conte, giovanna.rosone, roberto.grossi, nadia.pisanti}@unipi.it; S. P. Pissis and M. Sweering, CWI, P.O. Box 94079, 1090 GB Amsterdam, NETHERLANDS; email: {solon.pissis, michelle.sweering}@cwi.nl. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]. © 2020 Association for Computing Machinery. 1556-4681/2020/12-ART8 $15.00 https://doi.org/10.1145/3418683 Publisher Copyright: © 2020 ACM.

PY - 2021/1

Y1 - 2021/1

N2 - String data are often disseminated to support applications such as location-based service provision or DNA sequence analysis. This dissemination, however, may expose sensitive patterns that model confidential knowledge (e.g., trips to mental health clinics from a string representing a user'slocation history). In this article, we consider the problem of sanitizing a string by concealing the occurrences of sensitive patterns, while maintaining data utility, in two settings that are relevant to many common string processing tasks. In the first setting, we aim to generate the minimal-length string that preserves the order of appearance and frequency of all non-sensitive patterns. Such a string allows accurately performing tasks based on the sequential nature and pattern frequencies of the string. To construct such a string, we propose a time-optimal algorithm, TFS-ALGO. We alsopropose another time-optimal algorithm, PFS-ALGO, which preserves a partial order of appearance of non-sensitive patterns but produces a much shorter string that can be analyzed more efficiently. The strings produced by either of these algorithms are constructed by concatenating non-sensitive parts of the input string. However, it is possible to detect the sensitive patterns by "reversing"the concatenation operations. In response, we propose a heuristic, MCSR-ALGO, which replacesletters in the strings output by the algorithms with carefully selected letters, so that sensitive patterns are not reinstated, implausible patterns are not introduced, and occurrences of spurious patterns are prevented. In the second setting, we aim to generate a string that is at minimal edit distance from the original string, in addition to preserving the order of appearance and frequency of all non-sensitive patterns. To construct such a string, we propose an algorithm, ETFS-ALGO, basedon solving specific instances of approximate regular expression matching. We implemented our sanitization approach that applies TFS-ALGO, PFS-ALGO, and then MCSR-ALGO, and experimentally show that it is effective and efficient. We also show that TFS-ALGO is nearly as effective at minimizing the edit distance as ETFS-ALGO, while being substantially more efficient than ETFS-ALGO.

AB - String data are often disseminated to support applications such as location-based service provision or DNA sequence analysis. This dissemination, however, may expose sensitive patterns that model confidential knowledge (e.g., trips to mental health clinics from a string representing a user'slocation history). In this article, we consider the problem of sanitizing a string by concealing the occurrences of sensitive patterns, while maintaining data utility, in two settings that are relevant to many common string processing tasks. In the first setting, we aim to generate the minimal-length string that preserves the order of appearance and frequency of all non-sensitive patterns. Such a string allows accurately performing tasks based on the sequential nature and pattern frequencies of the string. To construct such a string, we propose a time-optimal algorithm, TFS-ALGO. We alsopropose another time-optimal algorithm, PFS-ALGO, which preserves a partial order of appearance of non-sensitive patterns but produces a much shorter string that can be analyzed more efficiently. The strings produced by either of these algorithms are constructed by concatenating non-sensitive parts of the input string. However, it is possible to detect the sensitive patterns by "reversing"the concatenation operations. In response, we propose a heuristic, MCSR-ALGO, which replacesletters in the strings output by the algorithms with carefully selected letters, so that sensitive patterns are not reinstated, implausible patterns are not introduced, and occurrences of spurious patterns are prevented. In the second setting, we aim to generate a string that is at minimal edit distance from the original string, in addition to preserving the order of appearance and frequency of all non-sensitive patterns. To construct such a string, we propose an algorithm, ETFS-ALGO, basedon solving specific instances of approximate regular expression matching. We implemented our sanitization approach that applies TFS-ALGO, PFS-ALGO, and then MCSR-ALGO, and experimentally show that it is effective and efficient. We also show that TFS-ALGO is nearly as effective at minimizing the edit distance as ETFS-ALGO, while being substantially more efficient than ETFS-ALGO.

KW - Data privacy

KW - data sanitization

KW - knowledge hiding

KW - sensitive knowledge

KW - sequences

KW - strings

UR - http://www.scopus.com/inward/record.url?scp=85099403713&partnerID=8YFLogxK

U2 - 10.1145/3418683

DO - 10.1145/3418683

M3 - Article

AN - SCOPUS:85099403713

SN - 1556-4681

VL - 15

JO - ACM Transactions on Knowledge Discovery from Data

JF - ACM Transactions on Knowledge Discovery from Data

IS - 1

M1 - 8

ER -

Combinatorial Algorithms for String Sanitization

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

UN SDGs

Access to Document

Fingerprint

Cite this