Semantic attack on graph databases

Christophe Bobineau
Calendar
When:
01/02/2023 – 02/02/2023 all-day
2023-02-01T01:00:00+01:00
2023-02-02T01:00:00+01:00
Stages

Offre en lien avec l’Action/le Réseau : DOING/– — –

Laboratoire/Entreprise : LIFO – Equipe Systems and Data Security
Durée : 5 à 6 mois
Contact : adrien.boiret@insa-cvl.fr
Date limite de publication : 2023-02-01

Contexte :
Cette offre s’inscrit dans le cadre du projet Semantic Networks of Data: Utility and Privacy (SENDUP) qui étudie la sécurité et la vie privée sur les bases de données sous forme de graphes (e.g. RDF) soumises à des contraintes sémantiques.

Sujet :
Data safety and privacy are concerns currently receiving intense attention, notably through the introduction of GDPR reglementations that aim to ensure data collection, treatment, and publication never trespass on a person’s right to privacy.
The notion of differential privacy (DP) grew popular as a yardstick
of privacy for data publication processes, where a database containing sensitive information can still answer queries without compromising privacy.
The guaranty provided by DP is that it is difficult to differentiate between a graph and one of its neighbours (i.e. the same graph differing on exactly one information) when observing the answer to a query. This is a convincing guaranty of privacy, as it means that a graph yields results so similar to its neighbours’, that an attacker cannot deduce with certainty any specific information
in a graph.
However, this guaranty works best under the assumption
that any graph has neighbours to “hide behind”. If a graph is isolated from any of its neighbours, then the guaranty provided by DP weakens.
We posit that such situations can arise if the graph databases we consider are known to follow structural constraints (e.g. “every patient has a doctor”) or semantic constraints (e.g. “Dr Wilson is an oncologist”). If all possible graphs must follow specific rules, then it is possible that some graphs have no neighbours that an attacker could confuse them with.
In this internship, we aim to formalise and evaluate through experimentation the damage that prior knowledge of a target graph’s schema can make on the privacy of a DP-guarantying process.

Profil du candidat :
Etudiant en Master Bac+5 en Informatique ou équivalent.
Intérêt pour les bases de données sous forme de graphes et la sécurité des données.
Capable de travailler seul et en équipe.

Formation et compétences requises :
Etudiant en Master Bac+5 en Informatique ou équivalent.
Capacité à lire et écrire des documents scientifiques en anglais.
Capacité à coder dans un langage de programmation (préférence pour Java).

Adresse d’emploi :
INSA Centre Val de Loire, 88 boulevard Lahitolle 18022 Bourges

Document attaché : 202212081435_Stage_SDS_SemanticAttack.pdf