Journal of

Computational
Science and
Engineering
www.jcseuk.com

2050-2311/Copyright 2012 IE Enterprises ltd Jour. of Comp. Sci. and Eng.
All right reserved Vol. 1, Num.1, 00010008, 2012



A Survey on Privacy Preserving for Micro Data Releasing in
Cloud Computing Scenario
Yougang Wang
a
, Jianguo Chen
b
,a*
a,b
School of Management Science & Engineering, Anhui University of Finance & Economics, Bengbu 233041, China


Abstract
Data Releasing Service is an important part of the cloud computing platform. Privacy preserving on database application and
service systems is one of the most important factors which influences the organization to select the relevant service in the
cloud computing environment. Therefore, it has an important academic value and application prospect to study privacy
preserving in the cloud computing environment. This paper introduces the concept of privacy preserving of data releasing
service in the cloud computing environment, discusses the access control problem in database services, presents the classical
privacy preserving model for data releasing situations, compares data utility measurement method for released data set.
Finally we point out active research topics of database service in the cloud computing environment.

Keywords: Cloud Computing; Data Releasing; Privacy Preserving; k-Anonymity
Cloud computing based on existing technologies and methods, integrating the use of a range of services,
applications, information and infrastructure to provide users with unlimited, scalable, accessible IT resources, is
one of the hottest research topics within current information science. Data Releasing Service in the Cloud
Computing Environment of the most important services under the cloud computing platform
[1, 2]
, it has been
receiving more and more attention by the industry in recent years.
But compared to the traditional computing model which stored information within individuals or
organizations own control the cloud computing environment means that when the data owner releases the data,
as an important asset, into the "cloud" the method of the user data management changes the pattern to the
method of rental of physical and virtual infrastructure resources provided by third parties. Thus, shifting away
from the traditional setup which is possessed and completed by the owner themselves.

* Corresponding author. Yougang Wang
E-mail address: ahcywyg@163.com.
September 2012
Yougang Wang et al / Journal of Computational Science and Engineering 1:1 (2012) 00010008
This means that sensitive data will be stored in external systems, beyond the control of the data owner;
obviously this causes a huge range of security issues. How to maintain the data with sufficient effectiveness in
cloud computing data releasing services while protecting the privacy of the main identifiable information of the
data has increasingly become important
[1, 3, 4, 5]
.
Due to the significant difference between cloud computing and network computing, distribution computing
and effectiveness computing in computing model architecture, user connector and system autonomy, it is not
enough that to protect the private information of outsourced data only through traditional access control,
cryptography technology etc. Especially the private information which protects the users access pattern
[6]
. As
pointed out by the EMC information security department RSA and the European Information Security Agency
ENISA data privacy and security, and stability of the service has become a key measure for the user to consider
when choosing whether to use cloud services and how to choose the cloud provider
[7, 8, 9]
.
P. Samarati
[10]
pointed out for the first time that an attacker can link some none-identifying information from
releasing data with the data obtained from other sources in 1998, corresponding specific data to a specific
individual, causing an individual private information leak. Agrawal proposed the Ten Principles of database
privacy protection
[11]
2000. In 2002, Sweeny and others brought forward the k-anonymity model
[12,13]
which is
applicable to the disclosure of the private information in the process of data releasing. After this, many
researchers have expanded the research of micro-data, the anonymous privacy protection method from several
different angles and levels of study, has achieved many important research results
[14]
.
1. The access control of database services in the cloud computing environment
Cloud computing is a computing model which accesses a shared resource pool by use of the Internet
anywhere, anytime, on-demand, conveniently (such as computing facilities, storage devices, applications
programs etc.). Computer resource service is an important manifestation of cloud computing, it shields the user
from data centre management, large-scale data processing, application deployment and other issues. Through
cloud computing, users can quickly apply or release resources according to its business load and make payments
for the use of resources by demand payment model, improving service quality while reducing operational and
maintenance costs
[15]
.
Database services, as a new network data management mode which is based on the cloud computing platform,
can meet the organizational needs and provide data management services which are similar to a local database.
However, due to more and more data involving sensitive information, such as medical records, transactions
information, security information, financial information etc. Organizations are paying more and more attention
on the issue of the leaking of private database information
[16]
.
A typical cloud computing database service application system is usually composed of 4 parts: (1) the data
owner, which refers to the individual or organization who generates the data and provides the data to the cloud
service providers to manage; (2) data users, which refers to the entities who submit data query requests, they can
be individuals, application programs etc.; (3) client which means the converted application program or
function between query which is submitted by a user and the query execution in the cloud computing platform is
equivalent to application or function; (4) cloud computing service operators (server), which refers to the
organization which provides database services and its cloud computing platform.
In the cloud computing platform, the main body who proposed the data dissemination service request releases
its data to the cloud computing platform, and related data storage, processing and protection etc. operations are
all completed in the "cloud", this will inevitably produce data security, user privacy leaking and other issues.
Unlike the traditional local data management mode, in the cloud computing environmental data dissemination
service mode the concept of data access control, user privacy, confidentiality, and integrity have been given a
new meaning; and also produced a number of new security issues. For example, in the cloud computing
environment, data release services can be provided by a different security domain service provider, each security
zone manages local resources and their applications, when the user submits a service request they need to set up
certification services in the domain boundaries to manage those users who visit the shared resources by the
unified identity approval management. Each domain has its own access control policy when sharing and
protecting resources, they must develop a common access control policy which is agreed by both parties for the
shared resources, therefore, cloud computing environment needs to support access control strategic synthesis.
Access control strategic synthesis was first proposed by Mclean under the mandatory access control
framework, he composed two security lattices into a new lattice structure, constructed a synthesis framework
based on mandatory access control policy
[17]
. Mclean did not test and verify any further the security issues of
access control policy after synthesis, as well as the new synthetic access control policy and the compatibility
Yougang Wang et al / Journal of Computational Science and Engineering 1:1 (2012) 00010008
issues of each domains original access control policy. In this respect, Bonatti proposed access control policy
synthesis algebra, using formal methods to describe and analyze the safety of the synthetic strategy
[18]
.
Regarding the authorizing relationship between the entities of multi-security domain, Lin Li extended the
existing strategic synthesis algebra by the calculation structure of the property values, proposed a new strategic
synthesis algebraic model based on the property. Butthere are two shortcomings in this model: First, it did not
distinguish the different access control problems between the privacy properties and general properties.
Secondly, it did not consider the access control policy consultations which are on the different autonomous
domain heterogeneous systems in the cloud computing environment
[19]
.
In the cloud computing environment, the researcher is more concerned about the cryptography-based access
control method
[20]
. An important issue which is faced by the password-based program is the revocation of
privilege, an effective solution is to set the failure time for secret key, every certain period of time users update
the private key from a certificate centre, and introducing an online semi-trusted third party to maintain the
authorization list
[21]
. Due to the existence of the scalability issues in the passwords database service access
control policy, Yu etc. integrate the Attribute-based Encryption, ABE, the proxy re-encryption and lazy re-
encryption methods proposed a fine-grained outsourcing data access control strategy
[22]
. Vimercati etc proposed
an access control implementation and evolution management solution which used selective encryption as the
basis of achieving authorization management, then studied the application program which adapts the
authorization policy dynamic changes
[23]
.
Encryption is a common method to protect sensitive data, but does not support the effective operation of the
data, therefore Ruwei Huang etc. designed a computable encryption scheme CESVMC based on matrix and
vector operations which divided cloud data into character strings and two categories of numeric data, through
the use of vector and matrix computation to achieve data encryption, support fuzzy retrieval of the encrypted
character string and the encrypted numeric data (plus, minus, multiply, divide, the four arithmetic operations)
and to ensure privacy security of the data storage and computing process. In CESVMCF program, multiplication
and division performance need to be improved, and the program does not support the number of multiply/divide
operations. This obviously limits the application of the encryption scheme in the real cloud platform database
services
[24]
.
In recent years, the user privacy protection issue
[16]
which is under the cloud computing Environmental Data
Dynamic Change scene has gradually aroused peoples attention, Fengzhe Zhang etc used the virtual machine
monitor to ensure the privacy security of cloud data which is involved in calculating, within the user-specified
time period, data in memory and user secret keys will be forcefully destroyed
[25]
.
But there is an assumption in the Privacy protection model which is proposed by Fengzhe Zhang: Firstly, the
virtual machine monitor is credible, but in fact the virtual machine monitor still has the possibility of being
attacked. Secondly, the data which is involved in the calculation in the cloud platform must participate in forms
of civilization, in which the efficiency of the decryption and decryption process is an important issue. Under the
cloud computing environment, the existing privacy protection program mostly is for the available data
protection whilst ignoring the protection of personally identifiable information.
Jian Mao etc. proposed a cloud storage structure which is based on trusted servers in connection with the
protection of user identity information, achieving the isolation between data storage and user personal
information management
[26]
. The cloud server determines the users storage limits by the storage authentication
code which is provided by the trusted server and the user's identity information stored in the trusted server. But
the trusted server did not consider the threat of the user's private information; the data segmentation program
which has been garbled second time will greatly reduce the datas availability.
In summary, the service providers in the cloud computing platform may not be faithful to the implementation
of security access control policies, therefore access control policy research on the traditional single-server
cannot be directly applied to a cloud computing platform; secondly, under cloud computing environment, data
access control strategy focus on the protection of data confidentiality, and less consider the user's personal
identity privacy protection. Therefore needs further research on carrying out the access control of outsourcing
data objects in the cloud computing environment, achieving data confidentiality and user privacy information
protection purposes.
2. publish data anonymous model
In the research areas of release data privacy protection, domestic and foreign researchers have proposed many
effective privacy protection anonymity models, typical publish data anonymous models are summarized as
follows.
Yougang Wang et al / Journal of Computational Science and Engineering 1:1 (2012) 00010008
2.1 k-anonymity model
The k-anonymity model which proposed by Sweeny and others requires each tuple in data table corresponds
to at least k indistinguishable data subject after the release of data, in order to prevent the attackers from
inferring the private information corresponding to the specific individuals
[12,13]
.
Equivalence group: Table T in the attribute A
i
A
j
s equivalence group refers to T in the attribute set
{ A
i
,A
j
} exactly the same set of tuples, and its formal description is as follows: a set of tuples {t
1
,,t
m
}_T
t
x
,t
y
{t
1
,,t
m
} has t
x
[A
i
,A
j
]= t
y
[A
i
,A
j
]=(a
i
,,a
j
), and t
z
T-{ t
1
,,t
m
}has t
z
[A
i
,A
j
]=(a
i
,,a
j
).
Generalization and Suppression: generalization means the process which using a fussy but same semantic
value replaces the relevant specific value, including the domain generalization and value generalization. Domain
generalization hierarchy, DGH
A
: given privacy table PTs one attribute A, define its domain generalization
hierarchy DGH
A
as a group of the set of functions f
h
, where h = 1, ..., n-1, ie, A
0

0
f
A
1

1
f

1 n
f
A
n

|A
n
|=1, DGH
A
is

n
h
h
A
0 = ;the value generalization hierarchy VGH
A
: given an attribute Asdomain generalization
hierarchy DGH
A,
if v
i
A
i
, v
j
A
j
, then can call v
i
v
j
, and only if ij, and f
j-1
(f
i
(v
i
))=v
j
, then defined a
partial order relation on

n
h
h
A
0 = , the partial order relation implied attribute As value generalization hierarchy
[13]
.
Such as property national, Hui , Tibetan generalize as minority; Properties Zip 210012, 210016 etc.
value generalize as 21001 *, recorded as 21001 * = (210012) .Suppression means to directly delete some of
the attributes value or tuple from the original data table in the data dissemination process.
Anonymity and K-anonymity: Anonymity
[10]
refers dividing the tuple in the data table into a number of
equivalent groups, each equivalence group of quasi-identifier attribute values is the same, which can prevent the
data recipient from using the quasi-identifier attribute by linking the attack to obtain the corresponding
relationship between the privacy attributes and individual identity information. Document [14] proved that, to
get the best of anonymous data table is an NP-complete problem.
The formal definition of the K-anonymity model is as follows: assume that RT (A
1
,A
n
) is a data table, QI
RT

is a quasi-identifier attribute of the table. Claim RT satisfy k-anonymity if and only if when RT[QI
RT
]s each
value sequence on RT[QI
RT
]appears at least k times. That is in the publish data table RT which satisfies k-
anonymity, on the quasi-identifier attribute any record is not distinguished at least with other k-1 records.
As in Table 1 is an anonymous table to meet the 2 - anonymous requests. In Table 1, k = 2, QI = {Race, Birth,
Gender, ZIP}.
Table 1. 2-anonymous table


Further studies showed that when the published table meets k-anonymitys requirement, the anonymous table
may still encounter the homogeneity attack and background knowledge attack, then disclose the users privacy
information. For example, in the equivalence group, when each record in the sensitive attribute obtains the some
value, despite through the properties of the quasi-code, the record cannot be corresponded to a specific
individual, but due to the same sensitive attribute values of all records, they can still be informed of the
individual sensitive property value, resulting in loss of privacy.
Yougang Wang et al / Journal of Computational Science and Engineering 1:1 (2012) 00010008
2.2 improved anonymous model
In connection with the loss of privacy issue which is caused by homogeneity attack, Machanavajjhala etc
(2007) proposed the l-diversity model of privacy protection methods, the model requires that each equivalent
group in the published table has at least 1well represented record. The meaning of well represented is in three
ways:Sensitive attribute in each equivalent group displays at least l different attribute value Each
equivalence category Es Entropy is not less than log(l), in which the entropy is defined as Entropy(E)=-
( , ) log ( , )
s S
p E s p E s
e

use m to represent the number of attribute values in sensitive attributesin the equivalence
category, r
i
represent the frequency of each sensitive attributes value,r
1
r
2
r
m
c is a user-specified constant,
if each equivalence category in the published table hasr
1
c(r
l
+r
l+1
++r
m
), then is claimed to meet the
iteration (c,l) - diversity
[27]
. L-diversity model, through restricting the diversification of the sensitive property in
the equivalence group in order to avoid published data suffering homogeneity attacks, is still not enough to
guarantee the privacy of information in the published data.
For exampledespite the sensitive attribute value in the published data equivalence group meeting the
diversity requirements, the probability of other values is too low(in extreme cases other sensitive property
values appear only once in the equivalence group), the attacker can still infer the individual's sensitive attribute
value as value
s
1 with a higher probability. In addition, if the distribution of sensitive attribute value is private
information, the published table which meets the requirements of the l-diversity model is still vulnerable to
privacy attacks, resulting in loss of privacy.
Contrary to the protection method of the global private information and the individual private information in a
single statistical, Ninghui Li etc. (2007) analyzed the weaknesses of the 1-diversity method and then proposed
the t-closeness privacy protection method
[28]
. If in the published tables, in each equivalence category, the
difference between the distribution of sensitive attribute values and the sensitive attribute values does not exceed
t, then that the published table meets the anonymous requirement of t-closeness.
The above anonymous model only applies to the disposable data releasing area. In connection with the
published data requires the data update. Yufei Tao etc. proposed m-invariance strategy
[29]
and its application of
bucket algorithm in 2007 and achieved repeated publishing anonymity under insert and delete, the two kinds of
update operation. Yufei Tao etc. called the set of different sensitive attribute values in the equivalence group the
"signature". If table T satisfies m-invariance, Ts equivalence group contains at least m tuples , and the
sensitive attribute values of all tuples are not the samefor each record t, in each release edition of its
survival period, equivalence group which contains t has the same signature.
The author proved that in the sequence of published tables if each version, and the previous version, meet the
m-invariance then both versions satisfy the m-invariance; and the publish sequence meets the condition, then
this will not result in information disclosure. Chart 1 is a bucket algorithm example which applied them-
invariance, the left italic line means will be deleted, right italic line means will be included on the record.
M-invariance bucket algorithm only needs to look at the reasoning channel between two adjacent tables when
it is anonymous; therefore the efficiency is relatively high. But the algorithm requires that the same signature
tuple cannot have more than one in the equivalence group of the releasing sequence table, therefore m-
invariance will produce a lower data quality issue.
In addition, algorithms may add falsified data, thus impacting on the authenticity of the data. The method can
handle data with dynamic insertion and deletion, assume that the data between each insert, and delete it
completely independently, but in the practical applications; dynamically updated data is not necessarily
completely independent. According to this issue, internal and external researchers have successively proposed a
number of improvements of anonymous models, such as (alpha, k)- anonymous model
[30]
etc. Throughout the
various improved anonymous models, it can be found that there is not any kind of anonymous model which is
applicable to the area of all data dissemination. For different problem areas, we should study the different
anonymous model to solve a particular data dissemination tasks.
3. Effectiveness of the releasing of Anonymity table
Carrying out data privacy protection process will inevitably result in the loss of the information of the original
data table. How to evaluate privacy protection methods and their related algorithms, how to measure the data
quality of the published data tables and how to establish appropriate evaluation criteria are very important issues.
Currently, many anonymous methods have studied the effectiveness of the measurement after the data tables
posted anonymously. These metrics can be roughly divided into two categories, the first category is to divide the
Yougang Wang et al / Journal of Computational Science and Engineering 1:1 (2012) 00010008
attributes into numerical attributes and category attributes, respectively measuring the degree of its
generalization from the change of attribute value domain point of view, it is called the domain measure method
in this paper. The second category did not distinguish the attributesit measures the quality of published table
based on the changes of height of generalization hierarchy tree or the changes of number of tuples in
equivalence groups. This method is called non-domain measurement methods in this paper.
Table 2. m-invariance anonymity sample

3.1Domain measure method
The NCP measurement method
[31]
is often used in the anonymity method of iterative generalization; consider
the allocation of weights for each attribute to indicate the effectiveness of the attributes in the data query
applications. The author proposed the penalty calculation method of generalization process in connection with
the numerical attributes and the category attributes respectivelyNumerical attributesNCP(t)=

=
n
i
i
i i
i
A
y z

1
)
| |
(
,
where w
i
is the attribute weightsy
i
, z
i
are the left and right boundary of interval after the generalization of
attributes A
i
, | Ai | is the difference between the maximum value and the minimum value of the attribute A
i
in
the table. Category attributesNCP(t)=
| |
) (
A
u size
, where size (u) is the number value which is in the category
attribute value set after the generalization, |A| is the number of all the possible values of the generalization
properties.
The penalty calculation formula of each equivalence category G isNCP(G)=

=

d
i
A i
G NCP w
i
1
) (
, where d is
the number of standard identifier attributesw
i
is the weight of the quasi-identifier attribute. The penalty of
generalization table equals to the total penalty of all equivalence classes.
3.2 Non-domain measure method
In the generalization process of the same original data table, often there will be a number of generalization k-
anonymous tables which meet the requirements in the document [13], Sweeney etc. proposed the measure
formula Prec which described the disrupt degree of the generalization anonymous release table from the angle of
the degree of information loss of the generalization anonymous table.
4. Summary and Outlook
With people increasingly paying more and more attention to the importance of protecting private information
and the gradual development of cloud computing, within the cloud environment micro-data publishing field, the
question as to how to protect the sensitive private information of the data subject in the micro data from being
obtained from a malicious attacker, whilst still ensuring that the data user can obtain sufficient data information
to carry out effective exploration and data analysis, has become an urgent issue which needs to be researched
and solved.
Especially with the development of mobile devices and positioning technologies that generate large amounts
of tracking data. The data publishing tracking data presents: time-related, location-related, large-scale, high-
Yougang Wang et al / Journal of Computational Science and Engineering 1:1 (2012) 00010008
dimensional features which bring some of the new privacy protection issues that cannot be dealt with by directly
using the existing privacy protection techniques, such as; the dividing efficiency of high-dimensional data
equivalence category, real-time mobile tracking data, increment generated release dependence on privacy etc.
Next we will research the privacy protection issue of tracking data publishing fields in the cloud computing
environment.
Acknowledgments
The work is supported by Anhui Provincial Natural Science Foundation of China under Grant No.
11040606M140; Humanity and Social Science foundation of Ministry of Education of China under Grant No.
12YJA630136.
References
[1] C Curino, E Jones, R Popa et al. Relational Cloud: A Database-as-a-Service for the Cloud. 5th Conf. on Innovative Data Systems
Research, CIDR 2011, January 9-12, 2011 Asilomar, California
[2] R. Choubey, R. Dubey, J. Bhattacharjee. A Survey on Cloud Computing Security Challenges and Threats. Int. Journal on Computer
Science and Engineering, 2011, 3(3): 1227-1231.
[3] E. Dudin, Y Smetanin. A Review of Cloud Computing. Scientific and Technical Information Processing, 2011, 38(4):280-284.
[4] Q. Zhang, L. Cheng, R. Boutaba. Cloud Computing: State-of-the Art and Research Challenge. Journal of Internet Serv. Appl., 2010, 1:
7-18.
[5] K. Hamlen, M. Kantarcioglu, L. Khan et al. Security Issues for Cloud Computing. International Journal of Information Security and
Privacy, 2010, 4(2): 39-51.
[6] H Ma, K Schewe, B Thalheim et al. A Formal Model for the Interoperability of Service Clouds. Service Oriented Computing and
Applications, Online First, 18 Jan 2012.
[7] Amazon Security Bulletins [ EB/ OL] . http: / / aws. amazon.com / security/ securitybulletins/, 2011.
[8] Google. [EB/OL].http: // googledocs. blogspot .com/ 2009/ 03/just-t o-clarify.html, 2009
[9] Microsoft. [EB/OL].http: // www.microsoft.com/technet/security/, 2010.
[10] Samarati P Sweeney LGeneralizing data to provide anonymity when disclosing information[C]//Proc of the seventeenth ACM
SIGACT-SIGMOD-SIGART symposium on Principles of database systemsSeattle1998188.
[11] R. Agrawal , R. Srikant. Privacy Preserving Data Mining. In Proc. of ACM SIGMOD, Dallas, USA, 2000.
[12] Sweeney L. K-anonymity:a Model for Protecting Privacy[J]. Journal on Uncertainty, Fuzziness and Knowledge-based Systems,
2002,10(5): 557-570.
[13] Sweeney L. Achieving k-Anonymity Privacy Protection Using Generalization and Suppression [J]. International Journal on Uncertainty,
Fuzziness and Knowledge-based Systems, 2002,10(5): 571-588.
[14] A. MEYERSON, R. WILLIAMS. On the complexity of optimal k-anonymity[C].Proc. of the 23rd ACM SIGACT-SIGMOD-SIGART
Symposium on Principles of Database Systems. New York,2004,223-228.
[15] Junzhou LuoJiahui JinAibo Song etc. Cloud computingArchitecture and key technologies. Journal on Communications2011
3273-21.
[16] XiuxiaTian. Database services to protect the privacy of access control and query processing[D].ShanghaiFudan University2011.
[17] J.Mclean. The Algebra of Security. In Proc. of the 1988 IEEE Computer Society Symposium on Security and Privacy, 1988, pages 2-7.
[18]P.Bonatti, S.C.Vimercati, P.Samarati. An algebra for composing access control policies. ACM Trans. on Information and System
Security, 2002,5(1):1-35.
[19] Li Lin, JinpengHuaiXianxian Li. Attribute-based access control policy synthesis algebra. Journal of Software2009202
403-414.
[20] Cheng HongMin ZhangDengguoFeng. AB-ACCS:A cloud storage cipher text access control methods. Computer Research and
Development201047supplement I:259-265.
[21] L.Ibraimi, M.Petkovic, S.Nikova et al. Cipher text-Policy attribute-based threshold decryption with flexible delegation and revocation
of user attributes. Technical Report, Centre for Telematics and Information Technology, University of Twente, 2009.
[22] S.C. Yu, C. Wang, K Ren et al. Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing. Proc. Of 29th
IEEE Int. Conf. on Computer Communications, San Diego, CA, Mar. 2010, pages 1-9.
[23] S Vimercati, S Foresti, S Jajodia. Over-encryption: Management of Access Control Evolution on Outsourced Data. Proc. of the 33rd Int.
Conference on Very Large Data Bases, University of Vienna, Austria, September 23-27, 2007. ACM 2007,pp.123-134.
[24] Ruwei Huang XiaolinGui Si Yu etc. Computable encryption method which supports privacy protection in the cloud
environment.Journal of Computers201134122391-2402.
[25] Fengzhe ZhangJin ChenHaibo Chen etc. Data privacy protection and self-destruction in the cloud computing. Computer Research
and Development20114871155-1167
[26] Jian MaoKun Li XiandongXu. Privacy protection programs under the cloud computing environment. Journal of Tsinghua
University201151101357-1362.
[27] Machanavajjhala AGehrke JKifer Dl-diversityPrivacy beyond k-anonymity[J]. ACM Transactions on Knowledge Discovery
from Data(TKDD),20071(1):1-36
[28] Li N, Li T, Venkatasubramanian S. t-Closeness~Privacy beyond k-anonymity and l-diversity[C]//Proc of IEEE 23RD Int. Conf on Data
Engineering. Istanbul: IEEE Computer Society, 2007:106-115.
Yougang Wang et al / Journal of Computational Science and Engineering 1:1 (2012) 00010008
[29] XiaokuiXiao, Yufei Tao. m-Invariance: Towards Privacy Preserving Re-publication of Dynamic Datasets. In Proc. of the 26th ACM
International Conference on Management of Data(SIGMOD), 2007: 689-700.
[30] Wong RCW, Li J, Fu AWC et al (a k)-Anonymity An enhanced k-anonymity model for privacy-preserving data
publishing[C]//Proc of the 12th ACM SIGKDD int.conf on Knowledge discovery and data mining, New York: ACM Press, 2006: 754-
759
[31] J.Xu, W.Wang, J.Pei et al. Utility-Based Anonymization Using Local Recoding. Proceedings of the 12th ACM SIGKDD International
Conference on Knowledge Discovery and Data Mining. New York, ACM Press, 2006:785-790.
Biography
Yougang Wang, 1966, male, Masters degree, associate professor. Main research direction is cloud
computing.