Distributed Transition System with Tags and Value-wise Metric, for Privacy Analysis

We introduce a logical framework named Distributed Labeled Tagged Transition System (DLTTS), using concepts from Probabilistic Automata, Probabilistic Concurrent Systems, and Probabilistic labelled transition systems. We show that DLTTS can be used to formally model how a given piece of private information P (e.g., a set of tuples) stored in a given database D can get captured progressively by an adversary A repeatedly querying D, enhancing the knowledge acquired from the answers to these queries with relational deductions using certain additional non-private data. The database D is assumed protected with generalization mechanisms. We also show that, on a large class of databases, metrics can be defined 'value-wise', and more general notions of adjacency between data bases can be defined, based on these metrics. These notions can also play a role in differentially private protection mechanisms.