Matt Bishop

Professor Department of Computer Science, University of California, Davis, USA

Protecting privacy is a critical problem in this age of instantaneous information access. This talk discusses the problem of redacting, or sanitizing, sensitive data from information that must be shared. We discuss several aspects of this problem, including a framework for sanitizing the data, the constraints that privacy places on what data may be released, and how this can affect analyses. We also focus on the nature of threats against sanitized data, and present several issues that the lack of a good threat model raises.