Some contents are borrowed from Adam Smith’s slides

Slides:

Advertisements

Similar presentations

Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)

Advertisements

Private Inference Control

Operating System Security

DIFFERENTIAL PRIVACY REU Project Mentors: Darakhshan Mir James Abello Marco A. Perez.

Publishing Set-Valued Data via Differential Privacy Rui Chen, Concordia University Noman Mohammed, Concordia University Benjamin C. M. Fung, Concordia.

Differentially Private Recommendation Systems Jeremiah Blocki Fall A: Foundations of Security and Privacy.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 8 04/04/2011 Security and Privacy in Cloud Computing.

ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.

Private Analysis of Graph Structure With Vishesh Karwa, Sofya Raskhodnikova and Adam Smith Pennsylvania State University Grigory Yaroslavtsev

Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran Joint work with Moni Naor.

Privacy Enhancing Technologies

Seminar in Foundations of Privacy 1.Adding Consistency to Differential Privacy 2.Attacks on Anonymized Social Networks Inbal Talgam March 2008.

An brief tour of Differential Privacy Avrim Blum Computer Science Dept Your guide:

Differential Privacy 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

Privacy without Noise Yitao Duan NetEase Youdao R&D Beijing China CIKM 2009.

Calibrating Noise to Sensitivity in Private Data Analysis

Privacy Preserving Data Mining: An Overview and Examination of Euclidean Distance Preserving Data Transformation Chris Giannella cgiannel AT acm DOT org.

Differential Privacy (2). Outline  Using differential privacy Database queries Data mining  Non interactive case  New developments.

Current Developments in Differential Privacy Salil Vadhan Center for Research on Computation & Society School of Engineering & Applied Sciences Harvard.

Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 16 10/11/2011 Security and Privacy in Cloud Computing.

Foundations of Privacy Lecture 3 Lecturer: Moni Naor.

Computer Security: Principles and Practice

Slide 1 Differential Privacy Xintao Wu slides (P2-20) from Vitaly Shmatikove, then from Adam Smith.

Next-generation databases Active databases: when a particular event occurs and given conditions are satisfied then some actions are executed. An active.

Personalized Social Recommendations – Accurate or Private? A. Machanavajjhala (Yahoo!), with A. Korolova (Stanford), A. Das Sarma (Google) 1.

6.1 © 2010 by Prentice Hall 6 Chapter Foundations of Business Intelligence: Databases and Information Management.

1 Relational Algebra and Calculas Chapter 4, Part A.

PRISM: Private Retrieval of the Internet’s Sensitive Metadata Ang ChenAndreas Haeberlen University of Pennsylvania.

Differential Privacy Some contents are borrowed from Adam Smith’s slides.

Chapter 13.3: Databases Invitation to Computer Science, Java Version, Second Edition.

Differential Privacy (1). Outline  Background  Definition.

Differential Privacy Xintao Wu Oct 31, Sanitization approaches Input perturbation –Add noise to data –Generalize data Summary statistics –Means,

Private Release of Graph Statistics using Ladder Functions J.ZHANG, G.CORMODE, M.PROCOPIUC, D.SRIVASTAVA, X.XIAO.

1 Differential Privacy Cynthia Dwork Mamadou H. Diallo.

Database Privacy (ongoing work) Shuchi Chawla, Cynthia Dwork, Adam Smith, Larry Stockmeyer, Hoeteck Wee.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

Sergey Yekhanin Institute for Advanced Study Lower Bounds on Noise.

Reconciling Confidentiality Risk Measures from Statistics and Computer Science Jerry Reiter Department of Statistical Science Duke University.

A hospital has a database of patient records, each record containing a binary value indicating whether or not the patient has cancer. -suppose.

Slide 1 CS 380S Differential Privacy Vitaly Shmatikov most slides from Adam Smith (Penn State)

SQL IMPLEMENTATION & ADMINISTRATION Indexing & Views.

Adversary Models in the context of crypto protocols modeling

Databases and DBMSs Todd S. Bacastow January

Privacy-preserving Release of Statistics: Differential Privacy

Relational Algebra Chapter 4, Part A

Researcher Credentialing: A Proposed System for Improving Access to Restricted Data Margaret Levenstein with Linda Detterman, Peter Granda, Jared Lyle,

Relational Algebra 461 The slides for this text are organized into chapters. This lecture covers relational algebra, from Chapter 4. The relational calculus.

Chapter 3: Data Management Systems

Differential Privacy in Practice

Current Developments in Differential Privacy

Inference and Flow Control

Understanding Your Numbers: Data Visualisation with PowerBI

Database Systems Chapter 1

Relational Algebra Chapter 4, Sections 4.1 – 4.2

Gentle Measurement of Quantum States and Differential Privacy

Probabilistic Databases

Greta Mameniskyte IV course 3rd group

Privacy preserving cloud computing

Scott Aaronson (UT Austin) UNM, Albuquerque, October 18, 2018

Published in: IEEE Transactions on Industrial Informatics

Statistical Inference

A modest attempt at measuring and communicating about quality

CS639: Data Management for Data Science

Gentle Measurement of Quantum States and Differential Privacy *

draft-ietf-dtn-bpsec-06

Differential Privacy (1)

Presentation transcript:

Some contents are borrowed from Adam Smith’s slides Differential Privacy Some contents are borrowed from Adam Smith’s slides

Outline Background Definition Applications

Background: Database Privacy Alice Users (government, researchers, marketers, …) Collection and “sanitization” Bob  You “Census problem” Two conflicting goals Utility: Users can extract “global” statistics Privacy: Individual information stays hidden How can these be formalized? OLD NOTES! This talk is about database privacy. The term can mean many things but for this talk, the example to keep in mind is a government census. Individuals provide information to a trusted government agency, which processes the information and makes some sanitized version of it available for public use. - privacy is required by law - ethical - pragmatic: people won’t answer unless they trust you There are two goals: we want users to be able to extract global statistics about the population being studied. However, for legal, ethical and pragmatic reasons, we also want to protect the privacy of the individuals who participate. And so we have a fundamental tradeoff between privacy on one hadn and utility on the other. The extremes are easy: publishing nothing at all provides complet eprivacy, but no utility, and publishing the raw data exactly provides the most utility but no privacy. Thus the first-order goal of this paper is to plot some middle course between the extremes; that is, to find a compromise which allows users to obtain useful information while also providing a meaningful guarantee of privacy. This problem is not new: it is often called the "statistical database" problem. I would say a second-order goal of this paper is to change the way the problem is approached and treated in the literature… Graphically, this is what is going on. As I said, there are two goals, utility and privacy. Utility is easy to understand, and to explain to a user. To prove that your scheme provides a particular utility, just give an algoriithm and an analysis. Privacy is much harder to get a handle on…

Background Interactive database query A classical research problem for statistical databases Prevent query inferences – malicious users submit multiple queries to infer private information about some person Has been studied since decades ago Non-interactive: publishing statistics then destroy data micro-data publishing Individual user submissions

Basic Setting San x1 Users x2 x3 DB=   xn-1 xn query 1 Users (government, researchers, marketers, …) San answer 1 DB=  query T answer T ¢ ¢ ¢ random coins Database DB = table of n rows, each in domain D D can be numbers, categories, tax forms, etc This talk: D = {0,1}d E.g.: Married?, Employed?, Over 18?, … - Maybe say a few words about individuals’ data - Note that this also captures noninteractive schemes

Why not use crypto definitions? Attempt #1: Def’n: For every entry i, no information about xi is leaked (as if encrypted) Problem: no information at all is revealed! Tradeoff privacy vs utility Attempt #2: Agree on summary statistics f(DB) that are safe Def’n: No information about DB except f(DB) Problem: how to decide that f is safe? (Also: how do you figure out what f is?)

Differential Privacy The risk to my privacy should not substantially increase as a result of participating in a statistical database:

Differential Privacy No perceptible risk is incurred by joining DB. Any info adversary can obtain, it could obtain without Me (my data). Pr [t]

Sensitivity of functions

Design of randomization mechanism Laplace distribution return f(x) + p(x) to DB users Multidimensions Add noise to each of the k dimensions Can be other distributions. Laplace distribution is easier to manipulate

Composition rules

applications Privacy integrated queries (PINQ) Airavat PINQ provides analysts with a programming interface to unscrubbed data through a SQL-like language Airavat a MapReduce-based system which provides strong security and privacy guarantees for distributed computations on sensitive data.