Security and privacy concerns are driving significant investment reflecting very real concerns for data leakage of private information to nefarious actors. Individuals and governments seek to prevent sensitive data like health or identity information from falling into the wrong hands. Despite these concerns, data sharing is essential for enabling valuable research and technologies. For example, data sharing in health care enables longitudinal studies that can help identify environmental comorbidities, find research biases, and more.
Lots of work has gone into studying how to share data in large networks, while not betraying user privacy concerns. But these studies largely focus on the properties of individual data points, or simple relationships between those individual points. This is unsatisfying, as recent advances in graph mining research permit learning complex and intricate relationships between entities (e.g., discovering insightful subgraph structures), raising new privacy risks, as users may be unknowingly exposed through connections in large, shared graphs.
pragma is a framework that enables privacy at the level of complex and transitive interrelationships. In pragma, users programmatically encode relationships they wish to keep private. pragma would then model these constraints at the subgraph level to capture the interdependence between the individual data points, relationships in their broader neighbourhood, and across the entire network. The above models will then be leveraged to prevent relationships users consider sensitive from being leaked. We envision our research will open pathways to building privacy solutions that consider complex interrelationships from a privacy perspective.
In addition to expertise in privacy protection, pragma will draw upon the knowledge and skills from programming languages and graph data analytics research. There are several key challenges that will be addressed throughout this project. First, we need to establish the boundaries of different relationship level privacy needs in terms of the constraints that get translated at subgraph level as well as across the entire network. Second, we need to model various data sharing specifications over data points and relationships such that the relationship level privacy needs are never violated. Third, we need to design data sharing protocols with complex querying capabilities at subgraph level while still adhering to the underlying relationship level privacy specifications. Finally, we need to enhance the data sharing protocols to safeguard against inference of sensitive relationship data over series of independent data sharing sessions.
In addressing these challenges we aim to design broader relationship-level threat classes based on the graph querying capabilities, and develop robust solutions to guarantee relationship-level privacy throughout each of those classes. Our solutions will capture different practical querying use cases and will further address diverse relationship-level privacy needs via a need-inclusive relationship-level privacy framework for customized policies. Our solutions will establish the forefront of state-of-the-art technology for relationship-level privacy preserving techniques.
Simon Fraser UniversityThis project is supported in part by National Cybersecurity Consortium Spearhead Grant #2024-1386 entitled Preserving Relationship Privacy in Large Networks. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the NCC.
