Diffix-Birch: Extending Diffix-Aspen
This work addresses privacy concerns in database querying for organizations handling sensitive data, but it is incremental as it builds on a previous version of the Diffix framework.
The paper tackles the problem of enabling high-quality statistical queries on databases containing individual information without compromising privacy, by extending the Diffix framework to support a wide variety of SQL features and defending against associated attacks.
A longstanding open problem is that of how to get high quality statistics through direct queries to databases containing information about individuals without revealing information specific to those individuals. Diffix is a framework for anonymous database query that adds noise based on the filter conditions in the query. A previous paper described the first version, called diffix-aspen. This version, diffix-birch, extends that description to include a wide variety of common features found in SQL. It describes attacks associated with various features, and the anonymization steps used to defend against those attacks. This paper describes diffix-birch, which was used for the bounty program sponsored by Aircloak starting December 2017.