Sean McElroy

Date of Award

Spring 4-2025

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Cyber Defense (PhDCD)

First Advisor

Varghese Vaidyan

Second Advisor

Tom Halverson

Third Advisor

Gurcan Comert

Abstract

Many attacks on personal privacy exist that create a variety of harm. As the world has become more interconnected, always-on, and real-time, many entities collect, aggregate, process, use, and disseminate the whereabouts, preferences, actions, and associations of humans everywhere that can subject them to surveillance, mistreatment, identity theft, and other invasions of our private lives. Laws, rules, and regulations have not protected fundamental rights of privacy, but where policymakers have failed, technological solutions have emerged. A significant development is e-differential privacy, a technique that can inject noise into data about individuals and their actions to strike a balance between the utility of personal information and the privacy of data subjects in such databases.

While differential privacy has a robust and sound approach, many data controllers and processors have failed to adopt it. Differential privacy is a high-stakes endeavor: if implemented incorrectly, published anonymized datasets can be reassociated to identify individuals. Moreover, differential privacy is more difficult to apply to event-level data, also known as microdata streams, that represent the same data subject many times in a database with slight changes as their location or behavior varies close to an identifiable personal norm. While the mathematical guarantees of the approach have withstood two decades of rigorous review and quantitative testing, practitioners lack tools that can validate correct implementations and appropriate privacy loss budgets against future attacks on published microdata streams.

This proposal addresses that research gap through quantitative technical action research that culminates in two experimental artifacts that adversarially interact: one that attempts to identify weaknesses in the application of differential privacy and another that tries to resist privacy-harming reassociation of event-level data. The iterative and adversarial interactions between these two artifacts allow for the progressive improvement of each that can both identify and treat implementation errors of differential privacy across various domains.

The production of generalized tools that can validate applications of differential privacy would yield a novel and significant contribution to many fields that generate or handle microdata streams, including geolocation data. Validating these tools first in a synthetic empirical cycle and then for a real-world scenario in a client engineering cycle using quantitative, statistical approaches enables future research and application of these artifacts and the principles they implement to protect the personal privacy of individuals in our increasingly connected and scrutinized lives.

Download

Share

COinS