Privacy preserving data publishing of electronic health record (EHRs) for 1 to M datasets with multiple sensitive attributes (MSAs) is an interesting and challenging issue. There is always a trade-off between privacy and utility in data publishing. Most of the privacy-preserving models shows critical privacy disclosure issues and, hence, they are not robust in practical datasets. The k-anonymity model is a broadly used privacy model to analyze privacy disclosures, however, this model is only useful against identity disclosure. To address the limitations of k-anonymity, a group of privacy model extensions have been proposed in past years. It includes a p-sensitive k-anonymity model, a p+-sensitive k-anonymity model, and a balanced p+-sensitive k-anonymity model. However these privacy-preserving models are not sufficient to preserve the privacy of end-users in practical datasets. In this paper we have formalize the behavior of an adversary which perform identity and attribute disclosures on balanced p+-sensitive k-anonymity model with the help of adversarial scenarios. Since balanced p+-sensitive k-anonymity model is not sufficient for 1 to M with MSAs datasets privacy preservation. We propose an extended privacy model called “1: M MSA-(p, l)-diversity” for 1: M dataset with MSAs. We then perform formal modeling and verification of the proposed model using High-Level Petri Nets (HLPN) to confirm privacy attacks invalidation. Experimental results show that our proposed “1: M MSA-(p, l)-diversity model” is efficient and provide enhanced data utility of published data.
|Number of pages
|Computers and Security
|Early online date
|18 Feb 2021
|Published - Jun 2021
Bibliographical noteFunding Information:
This work was supported in part by the National Natural Science Foundation of China (NSFC) Project No. 61950410603 and in part by the Incheon National University Research Grant in 2018.
- Balanced p sensitive k anonymity model
- Electronic Health Record
- Formal Verification
- Identity Disclosure
- Multiple Sensitive Attributes (MSAs)
- Sensitive Attribute Disclosure