Page 474 - Invited Paper Session (IPS) - Volume 1
P. 474
IPS177 F. Ricciato et al.
5. Conclusion and discussion
Since SDC and SMC are targeting different but complementary problems,
it is natural to consider their combination. From the above definitions it should
be clear that, in principle, both ‘input privacy’ and ‘output privacy’ problems
might be encountered at both sides. In other words, in the new scenario we
may consider adopting some combination of SMC and SDC in the back-end
as well as on the front-end.
As to the back-end, SMC may play an important role when joint processing
of multiple data sources from different parties is required but direct ingestion
of raw input data by SO is not possible, e.g., due to legal restrictions or
business considerations (as in [7]). This includes cases where the source data
are held by the private business sector. Considering the special trust
endowment of SO, who plays the role of OP in the back-end, it is reasonable
to assume that non-disclosure agreements and legal provisions are sufficient
to solve the ‘output privacy’ problem in the back-end, waiving the need to
introduce SDC tools on this side.
Conversely, SDC solutions will remain crucial on the front-end. SMC can
be used on the front-end to enable joint processing of confidential input data
from SO and other data holders (ref. rightmost part of Fig. 1(b)). More in
general, a wise combination of SMC and SDC might help to achieve a higher
level of overall confidentiality in the new wilder scenario, where increased
availability of external data sources amplifies the non-disclosure challenges.
463 | I S I W S C 2 0 1 9