More and more applications rely heavily on large amounts of data in the distributed storages collected over time or produced by large scale scientific experiments or simulations. An important fact is that many organizations collect, store, and use various types of information about individuals. In consequence, such data sharing is subject to constraints imposed by privacy of individuals or data subjects as well as data confidentiality of institutions or data providers. Given a query spanning multiple databases, it should be executed transparently and efficiently. And most importantly, the results should not contain individually identifiable information and institutions should not reveal their databases to each other apart from the query results. In this paper, we propose a distributed anonymization protocol that allows independent data providers to build a virtual anonymized database from horizontally partitioned databases, and a secure query protocol that allows clients to query those virtual databases. We also propose a distributed data sharing and integration architecture for querying these distributed heterogeneous and possibly private databases. Our system provides efficient and scalable privacy-preserving query execution interface that integrates data seamlessly and transparently.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Charu C. Aggarwal, On k-anonymity and the curse of dimensionality, Proceedings of the 31st international conference on Very large data bases, August 30-September 02, 2005, Trondheim, Norway
	2	Roberto J. Bayardo , Rakesh Agrawal, Data Privacy through Optimal k-Anonymization, Proceedings of the 21st International Conference on Data Engineering, p.217-228, April 05-08, 2005  [doi>10.1109/ICDE.2005.42]
	3	Elisa Bertino , Beng Chin Ooi , Yanjiang Yang , Robert H. Deng, Privacy and Ownership Preserving of Outsourced Medical Data, Proceedings of the 21st International Conference on Data Engineering, p.521-532, April 05-08, 2005  [doi>10.1109/ICDE.2005.111]
	4	M. J. Carey , L. M. Haas , P. M. Schwarz , M. Arya , W. F. Cody , R. Fagin , M. Flickner , A. W. Luniewski , W. Niblack , D. Petkovic , J. Thomas , J. H. Williams , E. L. Wimmers, Towards heterogeneous multimedia information systems: the Garlic approach, Proceedings of the 5th International Workshop on Research Issues in Data Engineering-Distributed Object Management (RIDE-DOM'95), p.124, March 06-07, 1995
	5	Benjamin C. M. Fung , Ke Wang , Philip S. Yu, Top-Down Specialization for Information and Privacy Preservation, Proceedings of the 21st International Conference on Data Engineering, p.205-216, April 05-08, 2005  [doi>10.1109/ICDE.2005.143]
	6	O. Goldreich. Secure multi-party computation, 2001. Working Draft, Version 1.3.
	7	Shafi Goldwasser, Multi party computations: past and present, Proceedings of the sixteenth annual ACM symposium on Principles of distributed computing, p.1-6, August 21-24, 1997, Santa Barbara, California, United States  [doi>10.1145/259380.259405]
	8	R. Huebsch, B. N. Chun, J. M. Hellerstein, B. T. Loo, P. Maniatis, T. Roscoe, S. Shenker, I. Stoica, and A. R. Yumerefendi. The architecture of pier:an internet-scale query processor. In CIDR 2005.
	9	Vijay S. Iyengar, Transforming data to satisfy privacy constraints, Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, July 23-26, 2002, Edmonton, Alberta, Canada  [doi>10.1145/775047.775089]
	10	Wei Jiang , Chris Clifton, A secure distributed framework for achieving k-anonymity, The VLDB Journal — The International Journal on Very Large Data Bases, v.15 n.4, p.316-333, November 2006  [doi>10.1007/s00778-006-0008-z]
	11	P. Jurczyk and L. Xiong. Privacy-preserving data publishing for horizontally partitioned databases. Technical Report TR-2008-013, Emory University, Math & CS Dept., 2008.
	12	Pawel Jurczyk , Li Xiong , Vaidy Sunderam, DObjects: Enabling Distributed Data Services for Metacomputing Platforms, Proceedings of the 8th international conference on Computational Science, Part I, June 23-25, 2008, Krakow, Poland  [doi>10.1007/978-3-540-69384-0_19]
	13	Daniel Kifer , Johannes Gehrke, Injecting utility into anonymized datasets, Proceedings of the 2006 ACM SIGMOD international conference on Management of data, June 27-29, 2006, Chicago, IL, USA  [doi>10.1145/1142473.1142499]
	14	Donald Kossmann, The state of the art in distributed query processing, ACM Computing Surveys (CSUR), v.32 n.4, p.422-469, Dec. 2000  [doi>10.1145/371578.371598]
	15	Kristen LeFevre , David J. DeWitt , Raghu Ramakrishnan, Incognito: efficient full-domain K-anonymity, Proceedings of the 2005 ACM SIGMOD international conference on Management of data, June 14-16, 2005, Baltimore, Maryland  [doi>10.1145/1066157.1066164]
	16	Kristen LeFevre , David J. DeWitt , Raghu Ramakrishnan, Mondrian Multidimensional K-Anonymity, Proceedings of the 22nd International Conference on Data Engineering, p.25, April 03-07, 2006  [doi>10.1109/ICDE.2006.101]
	17	Kristen LeFevre , David J. DeWitt , Raghu Ramakrishnan, Workload-aware anonymization, Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining, August 20-23, 2006, Philadelphia, PA, USA  [doi>10.1145/1150402.1150435]
	18	Adam Meyerson , Ryan Williams, On the complexity of optimal K-anonymity, Proceedings of the twenty-third ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 14-16, 2004, Paris, France  [doi>10.1145/1055558.1055591]
	19	Latanya Sweeney, k-anonymity: a model for protecting privacy, International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, v.10 n.5, p.557-570, October 2002  [doi>10.1142/S0218488502001648]
	20	Scaling heterogeneous databases and the design of Disco, Proceedings of the 16th International Conference on Distributed Computing Systems (ICDCS '96), p.449, May 27-30, 1996
	21	Robbert Van Renesse , Kenneth P. Birman , Werner Vogels, Astrolabe: A robust and scalable technology for distributed system monitoring, management, and data mining, ACM Transactions on Computer Systems (TOCS), v.21 n.2, p.164-206, May 2003  [doi>10.1145/762483.762485]
	22	Ke Wang , Benjamin C. M. Fung, Anonymizing sequential releases, Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining, August 20-23, 2006, Philadelphia, PA, USA  [doi>10.1145/1150402.1150449]
	23	Ke Wang , Philip S. Yu , Sourav Chakraborty, Bottom-Up Generalization: A Data Mining Solution to Privacy Protection, Proceedings of the Fourth IEEE International Conference on Data Mining, p.249-256, November 01-04, 2004
	24	Xiaokui Xiao , Yufei Tao, Anatomy: simple and effective privacy preservation, Proceedings of the 32nd international conference on Very large data bases, September 12-15, 2006, Seoul, Korea
	25	Q. Zhang, N. Koudas, D. Srivastava, and T. Yu. Aggregate query answering on anonymized tables. In ICDE pages 116--125,2007.
	26	Sheng Zhong , Zhiqiang Yang , Rebecca N. Wright, Privacy-enhancing k-anonymization of customer data, Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 13-15, 2005, Baltimore, Maryland  [doi>10.1145/1065167.1065185]
	27	Sheng Zhong , Zhiqiang Yang , Rebecca N. Wright, Privacy-enhancing k-anonymization of customer data, Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 13-15, 2005, Baltimore, Maryland  [doi>10.1145/1065167.1065185]