a short tutorial on differential privacy
play

A Short Tutorial on Differential Privacy Borja Balle Amazon - PowerPoint PPT Presentation

Dec 09, 2022 •113 likes •868 views

A Short Tutorial on Differential Privacy Borja Balle Amazon Research Cambridge The Alan Turing Institute January 26, 2018 Outline 1. We Need Mathematics to Study Privacy? Seriously? 2. Differential Privacy: Definition, Properties and Basic

  1. A Short Tutorial on Differential Privacy Borja Balle Amazon Research Cambridge The Alan Turing Institute — January 26, 2018

  2. Outline 1. We Need Mathematics to Study Privacy? Seriously? 2. Differential Privacy: Definition, Properties and Basic Mechanisms 3. Differentially Private Machine Learning: ERM and Bayesian Learning 4. Variations on Differential Privacy: Concentrated DP and Local DP 5. Final Remarks

  3. Outline 1. We Need Mathematics to Study Privacy? Seriously? 2. Differential Privacy: Definition, Properties and Basic Mechanisms 3. Differentially Private Machine Learning: ERM and Bayesian Learning 4. Variations on Differential Privacy: Concentrated DP and Local DP 5. Final Remarks

  4. Anonymization Fiascos Disturbing Headlines and Paper Titles § “A Face Is Exposed for AOL Searcher No. 4417749” [Barbaro & Zeller ’06] § “Robust De-anonymization of Large Datasets (How to Break Anonymity of the Netflix Prize Dataset)” [Narayanan & Shmatikov ’08] § “Matching Known Patients to Health Records in Washington State Data” [Sweeney ’13] § “Harvard Professor Re-Identifies Anonymous Volunteers In DNA Study” [Sweeney et al. ’13] § ... and many others In general, removing identifiers and applying anonymization heuristics is not always enough!

  5. Why is Anonymization Hard? § High-dimensional/high-resolution data is essentially unique: office department date joined salary d.o.b. nationality gender London IT Apr 2015 £ ### May 1985 Portuguese Female § Lower dimension and lower resolution is more private, but less useful: office department date joined salary d.o.b. nationality gender UK IT 2015 £ ### 1980-1985 — Female

  6. Why is Anonymization Hard? § High-dimensional/high-resolution data is essentially unique: office department date joined salary d.o.b. nationality gender London IT Apr 2015 £ ### May 1985 Portuguese Female § Lower dimension and lower resolution is more private, but less useful: office department date joined salary d.o.b. nationality gender UK IT 2015 £ ### 1980-1985 — Female

  7. Managing Expectations Unreasonable Privacy Expectations § Privacy for free? No, privatizing requires removing information ( ñ accuracy loss) § Absolute privacy? No, your neighbour’s habits are correlated with your habits Reasonable Privacy Expectations § Quantitative: offer a knob to tune accuracy vs. privacy loss § Plausible deniability: your presence in a database cannot be ascertained § Prevent targeted attacks: limit information leaked even in the presence of side knowledge

  8. The Promise of Differential Privacy Quote from [Dwork and Roth, 2014] : Differential privacy describes a promise, made by a data holder, or curator, to a data subject: “You will not be affected, adversely or otherwise, by allowing your data to be used in any study or analysis, no matter what other studies, data sets, or information sources, are available.” Quotes from the 2017 G¨ odel Prize citation awarded to Dwork, McSherry, Nissim and Smith: Differential privacy was carefully constructed to avoid numerous and subtle pitfalls that other attempts at defining privacy have faced. The intellectual impact of differential privacy has been broad, with influence on the thinking about privacy being noticeable in a huge range of disciplines, ranging from traditional areas of computer science (databases, machine learning, networking, security) to economics and game theory, false discovery control, official statistics and econometrics, information theory, genomics and, recently, law and policy.

  9. Outline 1. We Need Mathematics to Study Privacy? Seriously? 2. Differential Privacy: Definition, Properties and Basic Mechanisms 3. Differentially Private Machine Learning: ERM and Bayesian Learning 4. Variations on Differential Privacy: Concentrated DP and Local DP 5. Final Remarks

  10. Differential Privacy Ingredients § Input space X (with symmetric neighbouring relation » ) § Output space Y (with σ -algebra of measurable events) § Privacy parameter ε ě 0 Differential Privacy [Dwork et al., 2006, Dwork, 2006] A randomized mechanism M : X Ñ Y is ε -differentially private if for all neighbouring inputs x » x 1 and for all sets of outputs E Ď Y we have P r M p x q P E s ď e ε P r M p x 1 q P E s Intuitions behind the definition: § The neighbouring relation » captures what is protected § The probability bounds capture how much protection we get

  11. Differential Privacy Ingredients § Input space X (with symmetric neighbouring relation » ) § Output space Y (with σ -algebra of measurable events) § Privacy parameter ε ě 0 Differential Privacy [Dwork et al., 2006, Dwork, 2006] A randomized mechanism M : X Ñ Y is ε -differentially private if for all neighbouring inputs x » x 1 and for all sets of outputs E Ď Y we have P r M p x q P E s ď e ε P r M p x 1 q P E s Intuitions behind the definition: § The neighbouring relation » captures what is protected § The probability bounds capture how much protection we get

  12. Differential Privacy Ingredients § Input space X (with symmetric neighbouring relation » ) § Output space Y (with σ -algebra of measurable events) § Privacy parameter ε ě 0 Differential Privacy [Dwork et al., 2006, Dwork, 2006] A randomized mechanism M : X Ñ Y is ε -differentially private if for all neighbouring inputs x » x 1 and for all sets of outputs E Ď Y we have P r M p x q P E s ď e ε P r M p x 1 q P E s Intuitions behind the definition: § The neighbouring relation » captures what is protected § The probability bounds capture how much protection we get

  13. Differential Privacy Ingredients § Input space X (with symmetric neighbouring relation » ) § Output space Y (with σ -algebra of measurable events) § Privacy parameter ε ě 0 Differential Privacy [Dwork et al., 2006, Dwork, 2006] A randomized mechanism M : X Ñ Y is ε -differentially private if for all neighbouring inputs x » x 1 and for all sets of outputs E Ď Y we have P r M p x q P E s ď e ε P r M p x 1 q P E s Intuitions behind the definition: § The neighbouring relation » captures what is protected § The probability bounds capture how much protection we get

  14. Differential Privacy Ingredients § Input space X (with symmetric neighbouring relation » ) § Output space Y (with σ -algebra of measurable events) § Privacy parameter ε ě 0 Differential Privacy [Dwork et al., 2006, Dwork, 2006] A randomized mechanism M : X Ñ Y is ε -differentially private if for all neighbouring inputs x » x 1 and for all sets of outputs E Ď Y we have P r M p x q P E s ď e ε P r M p x 1 q P E s Intuitions behind the definition: § The neighbouring relation » captures what is protected § The probability bounds capture how much protection we get

  15. Differential Privacy Ingredients § Input space X (with symmetric neighbouring relation » ) § Output space Y (with σ -algebra of measurable events) § Privacy parameter ε ě 0 Differential Privacy [Dwork et al., 2006, Dwork, 2006] A randomized mechanism M : X Ñ Y is ε -differentially private if for all neighbouring inputs x » x 1 and for all sets of outputs E Ď Y we have P r M p x q P E s ď e ε P r M p x 1 q P E s Intuitions behind the definition: § The neighbouring relation » captures what is protected § The probability bounds capture how much protection we get

  16. Differential Privacy Ingredients § Input space X (with symmetric neighbouring relation » ) § Output space Y (with σ -algebra of measurable events) § Privacy parameter ε ě 0 Differential Privacy [Dwork et al., 2006, Dwork, 2006] A randomized mechanism M : X Ñ Y is ε -differentially private if for all neighbouring inputs x » x 1 and for all sets of outputs E Ď Y we have P r M p x q P E s ď e ε P r M p x 1 q P E s Intuitions behind the definition: § The neighbouring relation » captures what is protected § The probability bounds capture how much protection we get

  17. DP before DP: Randomized Response The Randomized Response Mechanism [Warner, 1965] § n individuals answer a survey with one binary question § The truthful answer for individual i is x i P t 0, 1 u § Each individual answers truthfully ( y i “ x i ) with probability e ε {p 1 ` e ε q and falsely x i ) with probability 1 {p 1 ` e ε q ( y i “ ¯ § Let’s denote the mechanism by p y 1 , . . . , y n q “ RR ε p x 1 , . . . , x n q Intuition: Provides plausible deniability for each individual’s answer Claim: RR ε is ε -DP (free-range organic proof on the whiteboard) Utility: Averaging the (unbiased) answers ˜ y i from RR ε satisfies w.h.p. ˆ 1 ˇ ˇ n n 1 x i ´ 1 ˙ ˇ ˇ ÿ ÿ y i ˜ ˇ ď O ε ? n ˇ ˇ n n ˇ ˇ ˇ i “ 1 i “ 1

  18. DP before DP: Randomized Response The Randomized Response Mechanism [Warner, 1965] § n individuals answer a survey with one binary question § The truthful answer for individual i is x i P t 0, 1 u § Each individual answers truthfully ( y i “ x i ) with probability e ε {p 1 ` e ε q and falsely x i ) with probability 1 {p 1 ` e ε q ( y i “ ¯ § Let’s denote the mechanism by p y 1 , . . . , y n q “ RR ε p x 1 , . . . , x n q Intuition: Provides plausible deniability for each individual’s answer Claim: RR ε is ε -DP (free-range organic proof on the whiteboard) Utility: Averaging the (unbiased) answers ˜ y i from RR ε satisfies w.h.p. ˆ 1 ˇ ˇ n n 1 x i ´ 1 ˙ ˇ ˇ ÿ ÿ y i ˜ ˇ ď O ε ? n ˇ ˇ n n ˇ ˇ ˇ i “ 1 i “ 1

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy Generalized definition of differential privacy allowing for a (supposedly small) additive factor Used in a variety of applications A query mechanism M is (

1.27k views • 43 slides
CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong

CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong

CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong Applying Differential Privacy Real world deployments of differential privacy OnTheMap RAPPOR Module 4 Tutorial: Differential Privacy in the Wild

617 views • 30 slides
Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor

Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor

Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor University of Minnesota 1 Differential privacy? Isnt it just adding noise? How to add smart noise to guarantee privacy without sacrificing

592 views • 57 slides
CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local Differential Privacy in Practice (Module 1) Graham Cormode, Somesh Jha, Tejas Kulkarni, Ninghui Li, Divesh Srivastava, and Tianhao Wang Differential

819 views • 38 slides
Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques

Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques

CS573 Data Privacy and Security Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques Composition theorems Statistical Data Privacy Non-interactive vs interactive Privacy goal: individual is

1.15k views • 64 slides
Toniann Pitassi Outline 1. Differential Privacy: The Basics 2. Differential Privacy in New

Toniann Pitassi Outline 1. Differential Privacy: The Basics 2. Differential Privacy in New

Differential Privacy and Fairness: Foundations and New Frontiers Toniann Pitassi Outline 1. Differential Privacy: The Basics 2. Differential Privacy in New Settings - Pan Privacy - Privacy in multi-party settings - Fairness Outline

947 views • 49 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy Alexandra Wood Berkman Klein Center for Internet & Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole

Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole

Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole Polytechnique 1 Plan of the talk General introduction to privacy issues A naive approach to privacy protection: anonymization Why it

740 views • 44 slides
Implementing Differential Privacy & Side-channel attacks CompSci 590.03 Instructor: Ashwin

Implementing Differential Privacy & Side-channel attacks CompSci 590.03 Instructor: Ashwin

Implementing Differential Privacy & Side-channel attacks CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 14 : 590.03 Fall 12 1 Outline Differential Privacy Implementations PINQ: Privacy Integrated Queries [McSherry SIGMOD

1.22k views • 40 slides
Algorithms for Differential Privacy: Exponential & Median Mechanism CompSci 590.03

Algorithms for Differential Privacy: Exponential & Median Mechanism CompSci 590.03

Algorithms for Differential Privacy: Exponential & Median Mechanism CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 7 : 590.03 Fall 12 1 Recap: Differential Privacy For every pair of inputs For every output that differ in one

445 views • 29 slides
Tutorial: Differential Categories and Cartesian Differential Categories JS Pacaud Lemay FMCS

Tutorial: Differential Categories and Cartesian Differential Categories JS Pacaud Lemay FMCS

Tutorial: Differential Categories and Cartesian Differential Categories JS Pacaud Lemay FMCS 2019 Thanks for the invitation! The Differential Category World: The Four Tomes Cartesian Differential Differential Categories Categories Blute,

1.07k views • 89 slides
Data Mining with Differential Privacy Arik Friedman and Assal Schuster by Slawomir Goryczka

Data Mining with Differential Privacy Arik Friedman and Assal Schuster by Slawomir Goryczka

Data Mining with Differential Privacy Arik Friedman and Assal Schuster by Slawomir Goryczka Differential Privacy A randomized computation M provides -differential privacy if for any datasets A and B that differ by 1 record and any set of

193 views • 17 slides
Satisfy Legal Definitions of Privacy? The Case of FERPA and Differential Privacy CS

Satisfy Legal Definitions of Privacy? The Case of FERPA and Differential Privacy CS

Do Computer Science Definitions of Privacy Satisfy Legal Definitions of Privacy? The Case of FERPA and Differential Privacy CS LAW Kobbi Nissim Ben-Gurion University Center for Research on Computation and Society

865 views • 62 slides
EDU Tutorial: DNS Privacy Sara Dickinson Sinodun sara@sinodun.com EDU Tutorial @ IETF_97

EDU Tutorial: DNS Privacy Sara Dickinson Sinodun sara@sinodun.com EDU Tutorial @ IETF_97

EDU Tutorial: DNS Privacy Sara Dickinson Sinodun sara@sinodun.com EDU Tutorial @ IETF_97 Seoul (Nov 2017) Overview Goal: Give audience historical background on why DNS Privacy is an important topic

821 views • 56 slides
Mobile Data Collection and Analysis with Local Differential Privacy - Part 1 Ninghui Li (Purdue

Mobile Data Collection and Analysis with Local Differential Privacy - Part 1 Ninghui Li (Purdue

Mobile Data Collection and Analysis with Local Differential Privacy - Part 1 Ninghui Li (Purdue University) 1 Outline Motivation of Differential Privacy and Local Differential Privacy (LDP) Frequency Oracles in LDP Tradeoff between

821 views • 53 slides
Differential Privacy and Applications Marco Gaboardi Boston University Recap Foundamental Law

Differential Privacy and Applications Marco Gaboardi Boston University Recap Foundamental Law

Differential Privacy and Applications Marco Gaboardi Boston University Recap Foundamental Law of Information Reconstruction The release of too many overly accurate statistics gives privacy violations. ( , )-Differential Privacy

1.26k views • 76 slides
UAS Midwest Business Panel Moderator: Tim Sweeney, Sector Director, Advanced Manufacturing

UAS Midwest Business Panel Moderator: Tim Sweeney, Sector Director, Advanced Manufacturing

UAS Midwest Business Panel Moderator: Tim Sweeney, Sector Director, Advanced Manufacturing and Aerospace August 15, 2018 UAS Global Market Opportunity Global Civil UAS Market for drones estimated at $88.3 billion* over next decade 2018

638 views • 4 slides
SUPPLIER BRIEFING DEFIBRILLATORS AND ASSOCIATED CONSUMABLES HPVITS2019-070 Thursday 11 th October

SUPPLIER BRIEFING DEFIBRILLATORS AND ASSOCIATED CONSUMABLES HPVITS2019-070 Thursday 11 th October

SUPPLIER BRIEFING DEFIBRILLATORS AND ASSOCIATED CONSUMABLES HPVITS2019-070 Thursday 11 th October Natalie Sweeney Category Manager Equipment Agenda HPV Overview Project Team Invitation to Supply Timeline o Categories in

435 views • 25 slides
Data Anonymization Graham Cormode Graham Cormode graham@research.att.com 1 Why Anonymize?

Data Anonymization Graham Cormode Graham Cormode graham@research.att.com 1 Why Anonymize?

Data Anonymization Graham Cormode Graham Cormode graham@research.att.com 1 Why Anonymize? For Data Sharing Give real(istic) data to others to study without compromising privacy of individuals in the data Allows third-parties to try

728 views • 28 slides
Measuring the effects of Arctic climate change: CH 4 emissions at the NOAA Point Barrow

Measuring the effects of Arctic climate change: CH 4 emissions at the NOAA Point Barrow

Measuring the effects of Arctic climate change: CH 4 emissions at the NOAA Point Barrow Observatory Colm Sweeney 1,2 , Ed Dlugokencky 2 , Charles Miller 3 , Steve Wofsy 4 , Anna Karion 1,2,* , Steve Dinardo 3 , Rachel Y.-W. Chang 5 , John Miller 2

567 views • 22 slides
Detailed R-matrix analysis of 7 Li ( p , ) at 441keV Michael Munch, Oliver Slund Kirsebom,

Detailed R-matrix analysis of 7 Li ( p , ) at 441keV Michael Munch, Oliver Slund Kirsebom,

Detailed R-matrix analysis of 7 Li ( p , ) at 441keV Michael Munch, Oliver Slund Kirsebom, Jacobus Andreas Swartz, Karsten Riisager and Hans Otto Uldall Fynbo Department for Physics and Astronomy, Aarhus University May 24 th 2018, NMNP 8 Be

592 views • 20 slides
Foundations of Computing II Lecture 26: Applications Differential Privacy Stefano Tessaro

Foundations of Computing II Lecture 26: Applications Differential Privacy Stefano Tessaro

CSE 312 Foundations of Computing II Lecture 26: Applications Differential Privacy Stefano Tessaro tessaro@cs.washington.edu 1 Setting Data mining Statistical queries Medical data Query logs Social network data 2 Setting

1.03k views • 21 slides
Bayes-Nash Price of Anarchy for GSP Renato Paes Leme va Tardos Cornell University Keyword

Bayes-Nash Price of Anarchy for GSP Renato Paes Leme va Tardos Cornell University Keyword

Bayes-Nash Price of Anarchy for GSP Renato Paes Leme va Tardos Cornell University Keyword Auctions sponsored search links organic search results Keyword Auctions Keyword Auctions Auction Model $$$ b 1 $$$ b 3 b 2 $$ b 4 b 5 $$ $ b

742 views • 29 slides
Logic-Flow Analysis of Higher-Order Programs Matt Might http://matt.might.net/ POPL 2007 1

Logic-Flow Analysis of Higher-Order Programs Matt Might http://matt.might.net/ POPL 2007 1

Logic-Flow Analysis of Higher-Order Programs Matt Might http://matt.might.net/ POPL 2007 1 Why? Tim Sweeney, POPL 2006 Static array-bounds checking. Example ... a[i] ... Will 0 i < a.length always hold? 2 Why? Tim Sweeney, POPL

1.36k views • 123 slides

More recommend