GEOPKDD - Meeting Venezia 17 Oct 05 1

Privacy-preserving data warehousing for spatio-

temporal data

Maria L. Damiani, Università Milano (I)

GEOPKDD - Meeting Venezia 17 Oct 05 2

Report

• The report contains two contributions:– M.L. Damiani, S. Spaccapietra, Spatial Data Warehouse Modelling

– M.L. Damiani, E. Bertino, Data Security and Privacy in Location-Aware Applications: a Research Direction

GEOPKDD - Meeting Venezia 17 Oct 05 4

A reference architecture

APPLICATION

SERVER

LOCATION

SERVER

Network

SPATIO-TEMPORAL DATA WAREHOUSE

TermID Position …… Service

Where is the closest bank?

(X,Y) … DirServ bankAB12

GEOPKDD - Meeting Venezia 17 Oct 05 5

Location privacy concerns

• Location privacy: the ability to prevent other parties from learning one's current or past location. A threat to location privacy thus occurs when an adversary can obtain an individual’s location information and can identify the individual.

• Approaches to location privacy include:

– Policy-based: personal data are recorded and a privacy policy defines how data can be disclosed

– Location data perturbation: location data are modified before data are recorded

GEOPKDD - Meeting Venezia 17 Oct 05 6

The envisaged architecture

APPLICATION

SERVER

Network

Where is the closest bank?

t(X',Y')

PACS

(Privacy- pres Access Control

System)

SPATIAL DATA WAREHOUSE

Position …… Service

(X',Y')

SPATIO-TEMPORAL DATA WAREHOUSE

It controls who can do what and perturbs location data

Pertubed data are stored

GEOPKDD - Meeting Venezia 17 Oct 05 7

Topic: Spatial data warehouse modelling

• Focus on multidimensional data models for spatial data– Spatial + {fact, dimensions hierarchies, measures, OLAP}

• Motivations– It provides a framework for the representation and aggregation of spatial

data at different levels of granularity

– Front end for the user

– However, a comprehensive and formal model is still an open issue

• Two main contributions of the report:– A picture of the research area

– A model with spatial measures at multiple levels of geometric granularity (MuSD)

GEOPKDD - Meeting Venezia 17 Oct 05 8

Example (from the previous meeting)

Time Cause #Victims

Jan-03 Speed 2

Jan-03 Speed 1

Feb-04 Weather 1

Position

Time Cause #Victims

Jan Speed 2

Jan Speed 1

Feb Weather 1

Position

GEOPKDD - Meeting Venezia 17 Oct 05 9

• Spatial measure: hierarchy of spatial levels. A spatial level is an attribute whose values are OGC features.

• A Multigranular Spatial Schema S= <D1, ..Dn, M1, ...Mm, SM> where: Di is a dimension, for each i =1, .., n 

Mj is a non-spatial measure, for each j =1, .., m

SM is a spatial measure

• Given a schema level SL, a cube for SL, CSL is the set of tuples of the

form: <d1, ..., dn, m1, ..., mm, sv> where: di is a value for the dimension level DLv i;

mi is a value for the measure Mi;

sv is the value for the spatial measure level Slv

• Issues: – Functional dependencies between the levels of the spatial measure and

spatial dimensions– Dynamic coarsening of spatial measures– Spatial Olap

A Multigranular Spatial Datawarehouse (MuSD)

GEOPKDD - Meeting Venezia 17 Oct 05 10

Summary

• A framework has been proposed based on the notion of multigranular spatial schema and cube and spatial OLAP

• Further the proposed framework has been formally defined• However the framework is still general and a number of

issues are open. Moreover spatio-temporal data are not taken into account yet

Pubblication:• M.L. Damiani and S. Spaccapietra. Spatial Data Warehouse

Modelling. Chapter of the book: Processing and Managing Complex Data for Decision Support, IDEA Grout Inc., to appear

GEOPKDD - Meeting Venezia 17 Oct 05 11

Topic: data security and privacy for location-aware applications

• The idea is to base the development of PACS on GEO-RBAC an access control model proposed for the mobile setting (ACM Sacmat 05)

• Motivations: – The model has a number of characteristics which are useful for location

privacy purposes• It provides a framework that enables location data perturbation• Policies can be specified accounting of user preferences

APPLICATION

SERVER

Network

Where is the closest bank?

PACS

(Privacy- pres Access Control

System)

GEOPKDD - Meeting Venezia 17 Oct 05 12

GEO-RBAC: a quick overview

• It is an access control model for mobile organizations– An access control model is a model which describes who can do what

on which resource

– By mobile organization we mean a community of individuals that, because of the role they have, need to access common information resources through LBS ( e.g. enterprise operating on field, health and leisure organization, civil and military coalitions)

GEOPKDD - Meeting Venezia 17 Oct 05 13

A scenario: a park

Park ranger

Surveyor

Park tourist

GEOPKDD - Meeting Venezia 17 Oct 05 14

User are characterized by roles

The roles of users may have a spatial boundary (spatial roles)

Since the user is a moving user the roles may vary with the position

Thus depending on the position different LBS are available

GEOPKDD - Meeting Venezia 17 Oct 05 15

Major features • The position model

• Real position Vs Logical position to abstract from the positioning technology– Real position: geometry– Logical position: "semantic location": building, road etc..

• Location mapping function to "perturb" location data– Example: maps a GPS point onto the closest road segment

• The spatial role model• Spatial role : describes a user through a spatially bounded functional role

– Example: the role extent of the park tourist is the park

• Role schema vs role instance. The role schema describes the location perturbation technique to be applied to the instance of the role

A schema: Tourist ( Park, Road, mapToRoad )

An instance: Tourist (Yellowstone)

GEOPKDD - Meeting Venezia 17 Oct 05 16

Conclusions

• Two sub-activities.– Spatial Data warehousing

– PACS: privacy preserving access control model

• Any preference?