CSE711 Topics in Differential Privacy - University at...

Marco GaboardiRoom: 338-B

gaboardi@buffalo.eduhttp://www.buffalo.edu/~gaboardi

CSE711 Topics in Differential Privacy

Statistics over Data

Private Queries?

Differential Privacy: motivation

A. Haeberlen

Motivation: Protecting privacy

2USENIX Security (August 12, 2011)

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

A first approach: anonymization.I Using different correlated anonymized data sets one

can learn private data.

A. Haeberlen

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

Private Queries?

A. Haeberlen

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

A. Haeberlen

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

medicalcorrelation?

queryanswer

Private Queries?

A. Haeberlen

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

A. Haeberlen

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

answer

Does Joe have

cancer?

Private Queries?

A. Haeberlen

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

A. Haeberlen

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

Does Joe have

cancer?

Anonymization?

A. Haeberlen

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

A. Haeberlen

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

Anonymization?

A. Haeberlen

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

A. Haeberlen

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

medicalcorrelation

queryanswer

Anonymization?

A. Haeberlen

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

A. Haeberlen

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

answer

query?!?

Anonymous Data

Anonymization

Anonymous Data

Anonymization

Anonymous Data

Anonymization

Additional Data

Anonymous Data

Anonymization

Additional Data

A Possible Solution:Differential Privacy

Differential Privacy

A. Haeberlen

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

A. Haeberlen

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

Differential Privacy: the idea

A. Haeberlen

Promising approach: Differential privacy

Private data

N(flue, >1955)?

826±10

N(brain tumor, 05-22-1955)?

3 ±700

Differential Privacy:Ensuring that the presence/absence of an individual has anegligible statistical effect on the query’s result.

Trade-off between utility and privacy.

DMNS’06

A. Haeberlen

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

A. Haeberlen

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

A. Haeberlen

Private data

N(flue, >1955)?

826±10

3 ±700

answer + noise

medicalcorrelation?

DMNS’06

A. Haeberlen

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

A. Haeberlen

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

A. Haeberlen

Private data

N(flue, >1955)?

826±10

3 ±700

answer + noise

DMNS’06

A. Haeberlen

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

A. Haeberlen

19144 02-15-1964 flue

19146 05-22-1955 brain tumor

34505 11-01-1988 depression

25012 03-12-1972 diabets

16544 06-14-1956 anemia

Fair insurance

Resend

policy?

DataI know Bob is

born 05-22-1955

in Philadelphia…

A. Haeberlen

Private data

N(flue, >1955)?

826±10

3 ±700

DMNS’06

Foundamental Law of Information ReconstructionThe release of too many overly accurate statistics gives

privacy violations.

[DinurNissim02]

Privacy vs. Utility

UtilityPrivacy

Privacy vs. Utility

Utility

Privacy

Privacy vs. Utility

Utility

Privacy

Privacy vs. Utility

UtilityPrivacy

This class:understanding the mathematical and

computational meaning of this trade-off.

• US Census Bureau - onTheMap, new releases

• Google - RAPPOR tool for Chrome

• Apple - typing statistics reports

• LeapYear - startup

• …

Some Official Users

Syllabus for the courseLocation: Davis 113A Time: Thursday 16:30 - 19:00? Office Hours: Friday 11:00 - 12:00 or by appointment Discussion forums: NB and Piazza class website: http://www.buffalo.edu/~gaboardi/teaching/CSE711-spring17.html

Course load: - presenting part of the material, - commenting on the material presented every week, beforehand on NB and during class, - working on a project and presenting the results (optional)

Grading

50% - material presentation 50% - engagement and participation in class and on NB and Piazza

Reference Material

Cynthia Dwork and Aaron Roth, “The Algorithmic Foundations of Differential Privacy,” 2014 Linked from the class website.

Salil Vadhan, “The Complexity of Differential Privacy” 2016. Linked from the class website.

Questions?

CSE711 Topics in Differential Privacy - University at...

Documents

Dhrupad Bhardwaj Andreas Haeberlen - Penn Engineeringcse400/CSE400_2015_2016/posters/poster_6.pdfAndreas Haeberlen Abstract Recruiting portals today are exclusively focused on job

OIL + VCache - USENIX

A. Haeberlen Differential Privacy Under Fire 1 USENIX Security (August 12, 2011) Andreas Haeberlen Benjamin C. Pierce Arjun Narayan University of Pennsylvania

Nozzle - USENIX

Accountable Virtual Machines - USENIX · AtblVitlMhiAccountable Virtual Machines Andreas Haeberlen University of Pennsylvania Paarijaat Aditya Rodrigo Rodrigues Peter Druschel Max

© 2013 A. Haeberlen, Z. Ives Internet Basics Faults & Failures 1

SOSP 2007 © 2007 Andreas Haeberlen, MPI-SWS 1 Practical accountability for distributed systems Andreas Haeberlen MPI-SWS / Rice University Petr Kuznetsov

NSDI (April 24, 2009) © 2009 Andreas Haeberlen, MPI-SWS 1 NetReview: Detecting when interdomain routing goes wrong Andreas Haeberlen MPI-SWS / Rice Ioannis

HACK Usenix 2014

© 2005 Andreas Haeberlen, Rice University 1 Glacier: Highly durable, decentralized storage despite massive correlated failures Andreas Haeberlen Alan Mislove

OCTANE - USENIX

Vanish: Increasing Data Privacy with Self-Destructing Data · USENIX Association 18th USENIX Security Symposium 301 to implement a robust index-value database on a col-lection of

Sponsor Guide - USENIX

Implantable Medical Devices: Security Privacy · Risks of Implantable Medical Devices: ... IMDs+Wireless+Internet: ... USENIX Workshop on Hot Topics in Security (HotSec)

ADsafety - USENIX

Billion-Gate - USENIX

Effective Replica Maintenance for Distributed Storage Systems USENIX NSDI’ 06 Byung-Gon Chun, Frank Dabek, Andreas Haeberlen, Emil Sit, Hakim Weatherspoon,

iVoyeur - USENIX

Using Platform-Specific Optimizations in Stub-Code …...Using Platform-Speciﬁc Optimizations in Stub-Code Generation Andreas Haeberlen University of Karlsruhe haeberlen@ira.uka.de

Proceedings of the FREENIX Track: 2003 USENIX … · USENIX Association FREENIX Track: 2003 USENIX Annual Technical ... crossing the last mile to the user at high ... 2003 USENIX