PrivateSQL

Kotsogiannis, Ios; Tao, Yuchao; He, Xi; Fanaeepour, Maryam; Machanavajjhala, Ashwin; Hay, Michael; Miklau, Gerome

doi:10.14778/3342263.3342274

Cited by 72 publications

(8 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The issue above was first identified by Kotsogiannis et al [24], who also formalized the DP policy for relational databases with FK constraints. The essence of their model (a rigorous definition is given in Section 3) is that the individuals and their private data are stored in separate relations that are linked by FKs.…”

Section: The Truncation Mechanismmentioning

confidence: 99%

R2T: Instance-optimal Truncation for Differentially Private Query Evaluation with Foreign Keys

Dong

Fang

et al. 2023

SIGMOD Rec.

Self Cite

View full text Add to dashboard Cite

Answering SPJA queries under differential privacy (DP), including graph pattern counting under node-DP as an important special case, has received considerable attention in recent years. The dual challenge of foreign-key constraints and self-joins is particularly tricky to deal with, and no existing DP mechanisms can correctly handle both. For the special case of graph pattern counting under node-DP, the existing mechanisms are correct (i.e., satisfy DP), but they do not offer nontrivial utility guarantees or are very complicated and costly. In this paper, we propose the first DP mechanism for answering arbitrary SPJA queries in a database with foreign-key constraints. Meanwhile, it achieves a fairly strong notion of optimality, which can be considered as a small and natural relaxation of instance optimality. Finally, our mechanism is simple enough that it can be easily implemented on top of any RDBMS and an LP solver. Experimental results show that it offers order-of-magnitude improvements in terms of utility over existing techniques, even those specifically designed for graph pattern counting.

show abstract

Section: The Truncation Mechanismmentioning

confidence: 99%

R2T: Instance-optimal Truncation for Differentially Private Query Evaluation with Foreign Keys

Dong

Fang

et al. 2023

SIGMOD Rec.

Self Cite

View full text Add to dashboard Cite

show abstract

“…Two DP settings have been studied in the relational model, depending on whether foreign key constraints are considered or not. The one considering foreign key constraints assumes the existence of a primary private table, and deleting a tuple in the primary private relation will delete all other tuples referencing it; see [14,32,42]. In this work, we adopt the other notion, which does not consider foreign key constrains, but defines instances to be neighboring if one can be converted into the other by adding/removing a single tuple; this is the same as the notion studied in some previous works [30,31,38,41].…”

Section: Problem Definitionmentioning

confidence: 99%

“…Data analysis over multiple private tables connected via join operators has been the subject of significant interest within the area of modern database systems. In particular, the challenging question of releasing the join size over a set of private tables has been studied in several recent works including the sensitivity-based framework [15,16,30], the truncation-based mechanism [14,32,42], as well as in works on one-to-one joins [37,41], and on graph databases [6,10]. In practice, multiple queries (as opposed to a single one) are typically issued for data analysis, for example, a large class of linear queries on top of join results with different weights on input tuples, as a generalization of the counting join size query.…”

Section: Introductionmentioning

confidence: 99%

Differentially Private Data Release over Multiple Tables

Ghazi

Kumar

et al. 2023

Proceedings of the 42nd ACM SIGMOD-SIGACT-SIGAI Symposium on Principles of Database Systems

View full text Add to dashboard Cite

We study synthetic data release for answering multiple linear queries over a set of database tables in a differentially private way. Two special cases have been considered in the literature: how to release a synthetic dataset for answering multiple linear queries over a single table, and how to release the answer for a single counting (join size) query over a set of database tables. Compared to the single-table case, the join operator makes query answering challenging, since the sensitivity (i.e., by how much an individual data record can affect the answer) could be heavily amplified by complex join relationships.We present an algorithm for the general problem, and prove a lower bound illustrating that our general algorithm achieves parameterized optimality (up to logarithmic factors) on some simple queries (e.g., two-table join queries) in the most commonly-used privacy parameter regimes. For the case of hierarchical joins, we present a data partition procedure that exploits the concept of uniformized sensitivities to further improve the utility.

show abstract

“…An example of such a system is PINQ, which presents programmers with a SQL-like interface with privacy guarantees [21]. Other differentially private SQL systems have been subsequently developed [15,19,32]. In a similar fashion, Kifer et al propose an architecture in which access to data is mediated by a privacy layer that implements differentially private mechanisms [17].…”

Section: Related Workmentioning

confidence: 99%

Differential Privacy for Black-Box Statistical Analyses

Kohli

Laskowski

2023

PoPETs

View full text Add to dashboard Cite

We formalize a notion of a privacy wrapper, defined as an algorithm that can take an arbitrary and untrusted script and produce an output with differential privacy guarantees. Our novel privacy wrapper, named TAHOE, incorporates two design ideas: a type of stability under subsetting, and randomization over subset size. We show that TAHOE imposes differential privacy for every possible script. When the data alphabet is finite and small enough, TAHOE can be practically run on a single computer. Performance simulations show that TAHOE has greater accuracy than a benchmark algorithm based on a subsample-and-aggregate approach for certain scenarios and parameter values.

show abstract

PrivateSQL

Cited by 72 publications

References 34 publications

R2T: Instance-optimal Truncation for Differentially Private Query Evaluation with Foreign Keys

R2T: Instance-optimal Truncation for Differentially Private Query Evaluation with Foreign Keys

Differentially Private Data Release over Multiple Tables

Differential Privacy for Black-Box Statistical Analyses

Contact Info

Product

Resources

About