Balancing expressiveness and inexpressiveness in view design

TL;DR

This paper explores how to design data views that balance the need for expressive queries with restrictions to prevent over-disclosure, within distributed data publishing systems.

Contribution

It introduces a framework for designing views that satisfy both utility and privacy constraints in distributed data sources.

Findings

Identifies conditions for views to support utility queries while maintaining privacy.

Proposes methods for constructing views that balance expressiveness and inexpressiveness.

Analyzes the trade-offs between data utility and privacy in view design.

Abstract

We study the design of data publishing mechanisms that allow a collection of autonomous distributed datasources to collaborate to support queries. A common mechanism for data publishing is via views: functions that expose derived data to users, usually specified as declarative queries. Our autonomy assumption is that the views must be on individual sources, but with the intention of supporting integrated queries. In deciding what data to expose to users, two considerations must be balanced. The views must be sufficiently expressive to support queries that users want to ask -- the utility of the publishing mechanism. But there may also be some expressiveness restriction. Here we consider two restrictions, a minimal information requirement, saying that the views should reveal as little as possible while supporting the utility query, and a non-disclosure requirement, formalizing the need to prevent external users from computing information that data owners do not want revealed. We investigate the problem of designing views that satisfy both an expressiveness and an inexpressiveness requirement, for views in a restricted declarative language (conjunctive queries), and for arbitrary views.