PAMOLA User Guide

This guide explains how to use PAMOLA for dataset management, privacy-enhancing workflows, attack simulations, and metadata extraction. PAMOLA is designed for Data Protection Officers (DPOs), AI practitioners, and compliance teams to ensure secure and privacy-aware data processing.

Getting Started with PAMOLA

Accessing the Interface

  • PAMOLA provides a web-based UI available at http://localhost:9002 (or a custom deployment URL).

  • The command-line API is also available for automation.

Logging In

  • Admin users authenticate through Keycloak.

  • Workspace members use assigned credentials.

Managing Datasets

PAMOLA integrates with DataHub, allowing version-controlled dataset management.

Step 1: Register a Dataset

  • Via UI: Navigate to “Datasets” → “Register Dataset”

  • Via API:

   curl -X POST "http://localhost:9002/api/datasets/register" \
        -H "Authorization: Bearer <TOKEN>" \
        -H "Content-Type: application/json" \
        -d '{"dataset_name": "customer_transactions", "owner": "fraud_team"}'

**Step 2: Explore Metadata**

View dataset lineage, transformations, and access logs.

   curl -X GET "http://localhost:9002/api/datasets/metadata?dataset_name=customer_transactions"

**Step 3: Manage Access Control**

Assign users roles (Admin, Editor, Viewer).

curl -X POST "http://localhost:9002/api/datasets/permissions" \
     -H "Authorization: Bearer <TOKEN>" \
     -d '{"dataset_name": "customer_transactions", "user": "analyst1", "role": "editor"}'

Creating Privacy Projects and Pipelines

PAMOLA supports privacy projects to manage anonymization, synthetic data, and privacy risk analysis.

Step 1: Create a Privacy Project

  • Via UI: Navigate to “Projects” → “New Project”

  • Via API:

   curl -X POST "http://localhost:9002/api/projects/create" \
        -H "Authorization: Bearer <TOKEN>" \
        -d '{"project_name": "Synthetic Data Generation", "owner": "privacy_team"}'

**Step 2: Define a Pipeline**

A pipeline consists of preprocessing, anonymization, privacy analysis, and evaluation.

   curl -X POST "http://localhost:9002/api/pipelines/create" \
        -H "Authorization: Bearer <TOKEN>" \
        -d '{
             "pipeline_name": "Anonymization Pipeline",
             "stages": ["data_cleaning", "k_anonymity", "risk_evaluation"]
        }'

**Step 3: Execute the Pipeline**

curl -X POST "http://localhost:9002/api/pipelines/run" \
     -H "Authorization: Bearer <TOKEN>" \
     -d '{"pipeline_name": "Anonymization Pipeline", "dataset": "customer_transactions"}'

Evaluating Data Privacy & Generating Metrics

PAMOLA includes privacy and utility metrics to validate transformations.

Step 1: Compute Privacy Metrics

  • k-Anonymity, l-Diversity, t-Closeness

  • Differential Privacy Noise Analysis

  • Privacy Budget Monitoring

   curl -X GET "http://localhost:9002/api/metrics/privacy?dataset_name=customer_transactions"

**Step 2: Compute Utility Metrics**

  • Statistical Distance (KS-Test, Wasserstein, Chi-squared)

  • Regression & Classification Impact (R², MSE, AUROC)

curl -X GET "http://localhost:9002/api/metrics/utility?dataset_name=customer_transactions"

Running Attack Simulations

PAMOLA provides attack modeling to test privacy risks.

Step 1: Membership Inference Attack (MIA)

  • Tests whether a model has memorized specific records.

   curl -X POST "http://localhost:9002/api/attacks/mia" \
        -H "Authorization: Bearer <TOKEN>" \
        -d '{"dataset_name": "customer_transactions"}'

**Step 2: Linkage Attack**

  • Tests re-identification by linking anonymized data with external sources.

   curl -X POST "http://localhost:9002/api/attacks/linkage" \
        -H "Authorization: Bearer <TOKEN>" \
        -d '{"dataset_name": "customer_transactions"}'

**Step 3: Model Inversion Attack**

  • Attempts to reconstruct data from AI models.

curl -X POST "http://localhost:9002/api/attacks/model_inversion" \
     -H "Authorization: Bearer <TOKEN}" \
     -d '{"model_name": "fraud_detection_model"}'

Extracting Metadata & Reports

PAMOLA allows metadata tracking and compliance reporting.

Step 1: Export Dataset Metadata

   curl -X GET "http://localhost:9002/api/datasets/export_metadata?dataset_name=customer_transactions"

**Step 2: Generate Privacy Reports**

curl -X POST "http://localhost:9002/api/reports/generate" \
     -H "Authorization: Bearer <TOKEN}" \
     -d '{"report_type": "privacy_audit"}'

Next Steps

📊 To learn about PAMOLA architecture, see Architecture 🔍 For developer integration, visit Developer Guide

To model security risks, check Security Modeling