Download presentation
Presentation is loading. Please wait.
1
Privacy Issues in Disclosing Averages Susmit Sarkar(CMU)
2
Non-Interference Non-Interference : Observable actions of programs are not influenced by sensitive data Non-Interference : Observable actions of programs are not influenced by sensitive data Too restrictive in practice! Too restrictive in practice! Think of password security Think of password security
3
Safe Relaxation of Non-Interference Passwords are sensitive data Passwords are sensitive data Checking passwords violates non- interference Checking passwords violates non- interference This is still okay [Volpano] if passwords are chosen randomly This is still okay [Volpano] if passwords are chosen randomly The interaction is carefully controlled The interaction is carefully controlled
4
Generalizing to Averages Idea: restrict access to allow us to answer interesting queries Idea: restrict access to allow us to answer interesting queries Also, we can measure information loss Also, we can measure information loss We want to calculate averages on private data We want to calculate averages on private data Generalize the notion of averages Generalize the notion of averages
5
Content Host’s problem Content host serving multiple content providers Content host serving multiple content providers The number of hits is sensitive information The number of hits is sensitive information Often, clients ask average hits of specified clients Often, clients ask average hits of specified clients
6
Example: Sport Site You want to know how the redesign of your sports portal worked You want to know how the redesign of your sports portal worked Complications : It happens to be Superbowl Sunday Complications : It happens to be Superbowl Sunday We want averages of all sports sites We want averages of all sports sites What if there are only 2 sports sites? What if there are only 2 sports sites?
7
Formal Model DataQuery :=d 1 + d 3 + d 5 = ? :=d 1 + d 3 + d 5 = ? Problem : what about 1 0 1 1 0, and 1 0 1 1 1 1 0 1 1 1 D1D1D1D1 D2D2D2D2 D3D3D3D3 D4D4D4D4 D5D5D5D5 10101
8
Query Model Solution : Maintain history Solution : Maintain history Idea : add current query to set, decide if “bad” vectors are derivable Idea : add current query to set, decide if “bad” vectors are derivable We restrict attention to weighted sums We restrict attention to weighted sums
9
Issues Ignored in Model Answers of queries (Right Hand Sides) Answers of queries (Right Hand Sides) Data values Data values Extraneous information : Correlation between data Extraneous information : Correlation between data Some of this are in further work Some of this are in further work
10
Characterizing Bad Vectors (0 1 0 0 0 0 0 0 0 0 0) (0 1 0 0 0 0 0 0 0 0 0) (1 10 6 1 1 1 1 1 1 1 1 1) (1 10 6 1 1 1 1 1 1 1 1 1) We want a measure that indicates when all entries are of similar magnitude We want a measure that indicates when all entries are of similar magnitude
11
Idea : Entropy We use the entropy function : - p i lg p i We use the entropy function : - p i lg p i Normalize entries so that magnitudes sum to one Normalize entries so that magnitudes sum to one Then treat the magnitudes as probabilities in entropy definition Then treat the magnitudes as probabilities in entropy definition Entropy is low when data is skewed Entropy is low when data is skewed
12
Formal Problem Statement m Query vectors Q i = (q i1,q i2, ,q in ) m Query vectors Q i = (q i1,q i2, ,q in ) Unknown linear combination Unknown linear combination U = c 1 Q 1 + c 2 Q 2 + U = c 1 Q 1 + c 2 Q 2 + Variables u i = c j q ij Variables u i = c j q ij Variables u’ i ¸ u i and u’ i ¸ – u i Variables u’ i ¸ u i and u’ i ¸ – u i u’ i ¸ |u i | u’ i ¸ |u i |
13
Calculating Entropy Entropy (u’ i / u’ j ) lg (u’ i / u’ j ) ¸ T Entropy (u’ i / u’ j ) lg (u’ i / u’ j ) ¸ T Minimize : u’ I Minimize : u’ I Notice that this is a convex program Notice that this is a convex program
14
Convex Programming [Vempala] allows us to do convex programming efficiently [Vempala] allows us to do convex programming efficiently His algorithm allows us to solve our problem in polynomial time His algorithm allows us to solve our problem in polynomial time
15
Future Work Extend our measure to take into account the Right Hand Sides Extend our measure to take into account the Right Hand Sides Change the model to maximize queries we can answer Change the model to maximize queries we can answer
16
Bibliography [Volpano] “Verifying Secrets and Relative Secrecy”, Volpano and Smith, POPL’ 00 [Volpano] “Verifying Secrets and Relative Secrecy”, Volpano and Smith, POPL’ 00 [Vempala] “Solving Convex Programs by Random Walks”, Vempala and Bertsimas, STOC’ 02 [Vempala] “Solving Convex Programs by Random Walks”, Vempala and Bertsimas, STOC’ 02
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.