Synthesizing differentially private programs

Smith, Calvin; Albarghouthi, Aws

doi:10.1145/3341698

Cited by 10 publications

(7 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Yin et al [32] also proposed another approach for data anonymization that uses the Map-Reduce model to control the parallel distribution of k-means clustering and at the same time uses Laplace to implement differential privacy protection. In [33], the authors proposed a more holistic approach to produce differentially private datasets using a synthesizing program that can run on data-parallel analytics frameworks such as Apache Spark. Unlike these existing differential privacy-based approaches where the main focus of proposals is with providing a more solid theoretical foundation for privacy guarantee, our work focus on a mechanism to provide privacy protection of a published data.…”

Section: Related Workmentioning

confidence: 99%

Scalable, High-Performance, and Generalized Subtree Data Anonymization Approach for Apache Spark

2021

View full text Add to dashboard Cite

Data anonymization strategies such as subtree generalization have been hailed as techniques that provide a more efficient generalization strategy compared to full-tree generalization counterparts. Many subtree-based generalizations strategies (e.g., top-down, bottom-up, and hybrid) have been implemented on the MapReduce platform to take advantage of scalability and parallelism. However, MapReduce inherent lack support for iteration intensive algorithm implementation such as subtree generalization. This paper proposes Distributed Dataset (RDD)-based implementation for a subtree-based data anonymization technique for Apache Spark to address the issues associated with MapReduce-based counterparts. We describe our RDDs-based approach that offers effective partition management, improved memory usage that uses cache for frequently referenced intermediate values, and enhanced iteration support. Our experimental results provide high performance compared to the existing state-of-the-art privacy preserving approaches and ensure data utility and privacy levels required for any competitive data anonymization techniques.

show abstract

Section: Related Workmentioning

confidence: 99%

Scalable, High-Performance, and Generalized Subtree Data Anonymization Approach for Apache Spark

2021

View full text Add to dashboard Cite

show abstract

“…Program synthesis is an active area of research; we summarize the most related directions here. Closest to our work is the recent paper [24] that develops a technique relying on user-defined examples to synthesize private programs in a strongly-typed functional language. However, this approach can only synthesize simple mechanisms where the privacy analysis follows from standard composition theorems; even if provided with an infinite number of examples, their system is not be able to synthesize mechanisms like NoisyMax, SVT, AboveT, and SmartSum.…”

Section: Related Workmentioning

confidence: 99%

Learning Differentially Private Mechanisms

Roy¹,

Hsu²,

Albarghouthi³

2021

Preprint

Self Cite

View full text Add to dashboard Cite

Differential privacy is a formal, mathematical definition of data privacy that has gained traction in academia, industry, and government. The task of correctly constructing differentially private algorithms is non-trivial, and mistakes have been made in foundational algorithms. Currently, there is no automated support for converting an existing, non-private program into a differentially private version. In this paper, we propose a technique for automatically learning an accurate and differentially private version of a given non-private program. We show how to solve this difficult program synthesis problem via a combination of techniques: carefully picking representative example inputs, reducing the problem to continuous optimization, and mapping the results back to symbolic expressions. We demonstrate that our approach is able to learn foundational algorithms from the differential privacy literature and significantly outperforms natural program synthesis baselines.

show abstract

“…Compared with KOLAHAL, DPGen (1) automatically generates the locations of randoms variables, ( 2) is more efficient in synthesizing non-adaptive mechanisms due to reduced search space of the templates, and ( 3) is able to synthesize sophisticated mechanisms such as AdaptiveSVT. An earlier synthesizer [43] relies on user supplied examples and uses a sensitivitydirected program synthesis technique based on DFuzz [28]. However, it can only synthesize simple mechanisms where the privacy analysis follows directly from the composition theorem.…”

Section: Related Workmentioning

confidence: 99%

DPGen: Automated Program Synthesis for Differential Privacy

Wang,

Ding,

Xiao

et al. 2021

Preprint

View full text Add to dashboard Cite

Differential privacy has become a de facto standard for releasing data in a privacy-preserving way. Creating a differentially private algorithm is a process that often starts with a noise-free (nonprivate) algorithm. The designer then decides where to add noise, and how much of it to add. This can be a non-trivial process -if not done carefully, the algorithm might either violate differential privacy or have low utility.In this paper, we present DPGen, a program synthesizer that takes in non-private code (without any noise) and automatically synthesizes its differentially private version (with carefully calibrated noise). Under the hood, DPGen uses novel algorithms to automatically generate a sketch program with candidate locations for noise, and then optimize privacy proof and noise scales simultaneously on the sketch program. Moreover, DPGen can synthesize sophisticated mechanisms that adaptively process queries until a specified privacy budget is exhausted. When evaluated on standard benchmarks, DPGen is able to generate differentially private mechanisms that optimize simple utility functions within 120 seconds. It is also powerful enough to synthesize adaptive privacy mechanisms. CCS CONCEPTS• Security and privacy → Logic and verification; • Theory of computation → Program analysis.

show abstract

Synthesizing differentially private programs

Cited by 10 publications

References 32 publications

Scalable, High-Performance, and Generalized Subtree Data Anonymization Approach for Apache Spark

Scalable, High-Performance, and Generalized Subtree Data Anonymization Approach for Apache Spark

Learning Differentially Private Mechanisms

DPGen: Automated Program Synthesis for Differential Privacy

Contact Info

Product

Resources

About