Website with further information: http://arx.deidentifier.org Description of this talk: Collaboration and data sharing have become core elements of biomedical research. Especially when sensitive data from distributed sources are linked, privacy threats have to be considered. Statistical disclosure control allows the protection of sensitive data by introducing fuzziness. Reduction of data quality, however, needs to be balanced against gains in protection. Therefore, tools are needed which provide a good overview of the anonymization process to those responsible for data sharing. These tools require graphical interfaces and the use of intuitive and replicable methods. In addition, extensive testing, documentation and openness to reviews by the community are important. Existing publicly available software is limited in functionality, and often active support is lacking. We present the data anonymization tool ARX, which has been developed in close cooperation between the Chair for Biomedical Informatics, the Chair for IT Security and the Chair for Database Systems at Technische Universität München (TUM), Germany. ARX enables the de-identification of structured data (i.e., tabular data) and implements a wide variety of privacy methods in a highly efficient manner. It is extensible, well documented and actively supported. ARX provides an intuitive cross-platform graphical interface and offers a public API for integration with other software systems.

1. Technische Universität München
Fabian Prasser, Florian Kohlmayer
Lehrstuhl für Medizinische Informatik
Institut für Medizinische Statistik und Epidemiologie
Klinikum rechts der Isar der TU München
ARX 3.0.0
A Comprehensive Tool for
Anonymizing Biomedical Data

2. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
ARX: Towards useful data anonymization
• Usability has many dimensions
• Ability to balance data utility with privacy requirements
• Need to support a broad spectrum of methods
• Privacy models
• Transformation models
• Methods for analyzing data utility
• Methods for analyzing risks
• Further “non-functional” requirements
• Integrated and harmonized: ARX is not a “tool box”
• Compatibility (syntactic and semantic)
• Performance and scalability
• Intuitive visualization and parameterization
• Provide methods to end-users as well as programmers
19.03.2015 2

3. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
ARX: Highlights
• Compatibility
• Built-in data import facilities
• Relational databases (MS SQL, DB2, SQLite, MySQL)
• MS Excel
• CSV (all common formats, auto-detection)
• Support for different data types and scales of measure
• Strings (with nominal and ordinal scale)
• Dates (interval scale)
• Numbers (ratio scale)
• Automatic detection of data types and formats
• Methods for handling and cleaning low-quality data
• Handles missing and invalid values correctly
• In privacy models, transformation methods, visualizations
• Manual removal of tuples, query interface, find & replace
19.03.2015 3

4. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
ARX: Highlights
• Flexible transformation methods
• Global recoding
• Full-domain generalization
• Top- & bottom coding
• Local recoding
• Tuple suppression
• Fully integrated and parameterizable
• Importance of attributes, suitability of methods
• Functional representations of transformation rules
• Especially functional representations of hierarchies
• Support for categorical and continuous variables (categorization)
• Multiple methods for measuring data utility
• Parametrizable, e.g., with different aggregate functions
• Use functional representations of transformation rules
19.03.2015 4

5. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
ARX: Highlights
• Multiple apriori privacy models
• k-Anonymity
• ℓ-Diversity (distinct, entropy, recursive-(c, ℓ))
• t-Closeness (equal and hierarchical ground distance)
• δ-Presence
• Multiple methods for risk-based anonymization
• Sample characteristics
• Average cell size
• Sample uniqueness
• Super-population models
• Decision rule by Dankar et al.
• Based on models by Pitman, Zayatz and the SNB model
• Support for arbitrary combinations of these models
• Optimal solution within our coding model
19.03.2015 5

6. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
ARX: Highlights
• Scalability: ARX can handle large datasets (several million data
entries) on commodity hardware
• Efficient in-memory data management engine
• Works with compressed data representations
• Tight coupling between transformation operators and the „database
kernel”
• Provides a space-time trade-off
• Optimized search strategy: Based on multiple pruning strategies
• Efficient implementations of further complex tasks
• Evaluations of privacy criteria (e.g. t-closeness, δ-presence)
• Methods for solving non-linear equation systems
• Background jobs in the user interface
19.03.2015 6

7. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
ARX: Highlights
• Comprehensive graphical interface
• Scalablity comparable to the ARX API
• Supports all methods provided by the ARX API
• Cross-platform (Windows, Linux/GTK, OSX) with native interfaces
• Available as binary distributions with installers
• Independent API
• User interface sits on top
of the API
• Java library
• All methods provided by ARX
are first-class citizens in both
worlds
19.03.2015 7

8. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
ARX: Anonymization workflow
• Iterative process to successively refine transformations
• Supported by the scalability of our framework
• Three (repeating) steps, mapped to four perspectives
19.03.2015 8
- Define transformation model
- Define privacy model
- Define coding model
- Filter and analyze the
solution space
- Organize transformations
- Compare and analyze
input and output
- Regarding risks and
utility

9. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
19.03.2015 9
ARX: Wizard for data import

10. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
19.03.2015 10
ARX: Configuration (1)

11. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
19.03.2015 11
ARX: Configuration (2)

12. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
19.03.2015 12
ARX: Configuration (3)

13. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
19.03.2015 13
ARX: Configuration (4)

14. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
19.03.2015 14
ARX: Wizard for transformation rules

15. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
19.03.2015 15
ARX: Further dialogs

16. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
19.03.2015 16
ARX: Exploration (1)

17. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
19.03.2015 17
ARX: Exploration (2)

18. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
19.03.2015 18
ARX: Exploration (3)

19. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
19.03.2015 19
ARX: Utility analysis (1)

20. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
19.03.2015 20
ARX: Utility analysis (2)

21. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
19.03.2015 21
ARX: Utility analysis (3)

22. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
19.03.2015 22
ARX: Utility analysis (4)

23. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
19.03.2015 23
ARX: Utility analysis (5)

24. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
19.03.2015 24
ARX: Risk analysis (1)

25. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
19.03.2015 25
ARX: Risk analysis (2)

26. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
19.03.2015 26
ARX: Risk analysis (3)

27. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
19.03.2015 27
ARX: Risk analysis (4)

28. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
19.03.2015 28
ARX: Context-sensitive help

29. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
●
Current projects
●
Non-interactive Differential Privacy
●
Support for high-dimensional data: heuristic algorithms
●
Further analyses and visualizations: utility and risks
●
Support for transactional attributes: (k, km
)-anonymity
●
Integrated data masking methods
●
More flexible definition of quasi-identifiers
●
More risk models
●
Planned projects
●
Auto-detection of HIPAA identifiers
●
Implement more flexible privacy criteria
19.03.2015 29
ARX: Further developments

30. Technische Universität MünchenARX - A Comprehensive Tool for Anonymizing Biomedical Data
• ARX is open source software
• Contribute: feature requests, code reviews, criticism,
enhancements, questions
• Repository: https://github.com/arx-deidentifier/arx
• Further information & download: http://arx.deidentifier.org
• Get in touch
• Fabian Prasser (prasser@in.tum.de)
• Florian Kohlmayer (florian.kohlmayer@tum.de)
19.03.2015 30
• Any questions?
Thank you for your attention