Differential Privacy for Relational Algebra: improving the - - PowerPoint PPT Presentation
Differential Privacy for Relational Algebra: improving the sensitivity bounds via constraint systems Marco Stronati Catuscia Palamidessi Universit` a di Pisa, Italy INRIA and LIX, Ecole Polytechnique, France marco@stronati.org
Differential Privacy for Relational Algebra: improving the sensitivity bounds via constraint systems
Marco Stronati
Universit` a di Pisa, Italy marco@stronati.org
Catuscia Palamidessi
INRIA and LIX, Ecole Polytechnique, France catuscia@lix.polytechnique.fr
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 1 / 30
Introduction
Revealing accurate statistics vs Preserving the privacy of individuals.
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 2 / 30
Introduction
Revealing accurate statistics vs Preserving the privacy of individuals.
How many people have cancer?
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 2 / 30
Introduction
Revealing accurate statistics vs Preserving the privacy of individuals.
How many people have cancer? Does John Doe have cancer?
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 2 / 30
Background Quantitative approach
Dalenius’ ad omnia privacy desideratum (’77): nothing about an individual should be learnable from the database that could not be learned without access to the database.
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 3 / 30
Background Quantitative approach
Dalenius’ ad omnia privacy desideratum (’77): nothing about an individual should be learnable from the database that could not be learned without access to the database.
Trade off between privacy and utility
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 3 / 30
Background Quantitative approach
Dalenius’ ad omnia privacy desideratum (’77): nothing about an individual should be learnable from the database that could not be learned without access to the database.
Trade off between privacy and utility Quantitative Approach
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 3 / 30
Differential Privacy
A randomized function H : R → R satisfies ǫ-differential privacy if for all pairs R, R′ ∈ R, with R ∼ R′, and all X ⊆ R: Pr[H(R) ∈ X] ≤ Pr[H(R′) ∈ X] · eǫ
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 4 / 30
Differential Privacy
A randomized function H : R → R satisfies ǫ-differential privacy if for all pairs R, R′ ∈ R, with R ∼ R′, and all X ⊆ R: e−ǫ ≤ Pr[H(R) ∈ X] Pr[H(R′) ∈ X] ≤ eǫ
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 4 / 30
Differential Privacy
A randomized function H : R → R satisfies ǫ-differential privacy if for all pairs R, R′ ∈ R, with R ∼ R′, and all X ⊆ R: e−ǫ ≤ Pr[H(R) ∈ X] Pr[H(R′) ∈ X] ≤ eǫ ǫ-indistinguishability
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 4 / 30
Differential Privacy
(oblivious case)
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 5 / 30
Differential Privacy Noise addition
Laplacian distribution Lap(x | b) = 1 2b exp
b
Differential Privacy for Relational Algebra 6 / 30
Differential Privacy Noise addition
Laplacian distribution Lap(x | b) = 1 2b exp
b
For Q : R → R, the randomized mechanism H that adds noise with distribution Lap(∆Q/ǫ) enjoys ǫ-differential privacy.
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 6 / 30
Differential Privacy Noise addition
Laplacian distribution Lap(x | b) = 1 2b exp
b
For Q : R → R, the randomized mechanism H that adds noise with distribution Lap(∆Q/ǫ) enjoys ǫ-differential privacy. ↑ ∆Q ↓ ǫ
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 6 / 30
Differential Privacy Sensitivity
Definition (Sensitivity Dwork06)
Given a query Q : R → R, the sensitivity of Q, denoted by ∆Q, is defined as: ∆Q = sup
R∼R′ | Q(R) − Q(R′) |
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 7 / 30
Contribution
◮ a compositional method to compute a bound on the sensitivity of a query
expressed in relational algebra
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 8 / 30
Contribution
◮ a compositional method to compute a bound on the sensitivity of a query
expressed in relational algebra
◮ constraints used to obtain the exact sensitivity
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 8 / 30
Differential Privacy for Relational Algebra
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 9 / 30
Differential Privacy for Relational Algebra Relational Algebra
◮ T : universe of tuples ◮ Relation R: a set of tuples ◮ R: universe of relations
Definition (Relation Schema)
name(a1 : D1, a2 : D2, . . . , an : Dn)
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 10 / 30
Differential Privacy for Relational Algebra Relational Algebra
◮ T : universe of tuples ◮ Relation R: a set of tuples ◮ R: universe of relations
Definition (Relation Schema)
name(a1 : D1, a2 : D2, . . . , an : Dn)
Example
Items { Item : String, Price : Int, Cost : Int } Item Price Cost Oil 100 10 Salt 50 11
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 10 / 30
Differential Privacy for Relational Algebra Constraints
CREATE TABLE products ( product no integer, name text, price numeric CHECK (price > 0) );
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 11 / 30
Differential Privacy for Relational Algebra Constraints
T (C) R(C) = 2T (C)
Items { Item : String, Price : Int, Cost : Int } { < Cost ≤ 1000 Cost ≤ Price ≤ 1000 }
c-schema: schema + set of constraints C
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 12 / 30
Differential Privacy for Relational Algebra Constraints
T (C) R(C) = 2T (C)
Items { Item : String, Price : Int, Cost : Int } { < Cost ≤ 1000 Cost ≤ Price ≤ 1000 }
c-schema: schema + set of constraints C Transformation from c-schema to c-schema
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 12 / 30
Differential Privacy for Relational Algebra Sensitivity Constrained
Definition (Sensitivity constrained)
Given f : (X, dX) → (Y , dY ), set of constraints C on X ∆f (C) = sup
x,x′∈ sol(C) x=x′
dY (f (x), f (x′)) dX(x, x′)
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 13 / 30
Differential Privacy for Relational Algebra Metric Spaces
Adjacency relation (R, ∼)
− − − − − − − − − − − − − − ∼ − − − − − − − − − − − − − − − − − − − − −
Hamming Graph
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 14 / 30
Differential Privacy for Relational Algebra Metric Spaces
Adjacency relation (R, ∼)
− − − − − − − − − − − − − − ∼ − − − − − − − − − − − − − − − − − − − − −
Hamming Graph
Definition (Hamming distance dH)
Given R, R′ ∈ R dH(R, R′) = |R ⊖ R′| = |(R \ R′) ∪ (R′ \ R)|
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 14 / 30
Differential Privacy for Relational Algebra Metric Spaces
Definition (n-Hamming Distance dnH)
Given R, R
′ ∈ Rn:
dnH(R, R
′) = max (dH(R1, R′ 1), . . . , dH(Rn, R′ n))
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 15 / 30
Differential Privacy for Relational Algebra Metric Spaces
Definition (n-Hamming Distance dnH)
Given R, R
′ ∈ Rn:
dnH(R, R
′) = max (dH(R1, R′ 1), . . . , dH(Rn, R′ n))
Definition (Euclidean Distance dE)
Given x, x′ ∈ R dE(x, x′) = |x − x′|
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 15 / 30
Operators
(Rn, dnH)
Op
− → . . .
Op
− → (Rn, dnH)
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 16 / 30
Operators
(Rn, dnH)
Op
− → . . .
Op
− → (Rn, dnH)
AγF
− − → (R, dE)
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 16 / 30
Operators
(Rn, dnH)
Op
− → . . .
Op
− → (Rn, dnH)
AγF
− − → (R, dE)
∈ ∪, ∩, \, σϕ π, ×, ⊲ ⊳
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 16 / 30
Operators Operators Sensitivity
∆op(C) = sup R,R′∈ R(C)
R=R′ dH(op(R),op(R′)) dH(R,R′)
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 17 / 30
Operators Operators Sensitivity
∆op(C) = sup R,R′∈ R(C)
R=R′ dH(op(R),op(R′)) dH(R,R′)
= min
Differential Privacy for Relational Algebra 17 / 30
Operators Operators Sensitivity
∆op(C) = sup R,R′∈ R(C)
R=R′ dH(op(R),op(R′)) dH(R,R′)
= min
Differential Privacy for Relational Algebra 17 / 30
Operators Operators Sensitivity
∆op(C) = sup R,R′∈ R(C)
R=R′ dH(op(R),op(R′)) dH(R,R′)
= min
Differential Privacy for Relational Algebra 17 / 30
Operators Operators Sensitivity
∆ Schema ∪ 2 (A, C1 ∨ C2) ∩ 2 (A, C1 ∧ C2) \ 2 (A, C1 ∧ (¬C2)) σϕ 1 (A, C ∧ ϕ) πA′ 1 (A′, C)
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 18 / 30
Operators Cartesian product
× : (R2, d2H) → (R, dH)
Name Age Height John 30 180 Alice 45 160 × Car Owner Fiat Alice Ford Alice = Name Age Height Car Owner John 30 180 Fiat Alice John 30 180 Ford Alice Alice 45 160 Fiat Alice Alice 45 160 Ford Alice
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 19 / 30
Operators Cartesian product
× : (R2, d2H) → (R, dH)
Name Age Height John 30 180 Alice 45 160 × Car Owner Fiat Alice Ford Alice = Name Age Height Car Owner John 30 180 Fiat Alice John 30 180 Ford Alice Alice 45 160 Fiat Alice Alice 45 160 Ford Alice
The (unrestricted) cartesian product has unbounded sensitivity.
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 19 / 30
Operators Cartesian product
× : (R2, d2H) → (R, dH)
Name Age Height John 30 180 Alice 45 160 × Car Owner Fiat Alice Ford Alice = Name Age Height Car Owner John 30 180 Fiat Alice John 30 180 Ford Alice Alice 45 160 Fiat Alice Alice 45 160 Ford Alice
The (unrestricted) cartesian product has unbounded sensitivity.
Join ⊲ ⊳
R ⊲ ⊳
R.ai=T.ai T = σ(R.ai=T.ai)(R×T)
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 19 / 30
Operators Query Sensitivity
◮ op any of ∪, ∩, \, σ, π, ×, ×1 ◮ op : (Rn, dnH) → (R, dH) ◮ Cop constraint obtained after op
S(Id) = min(1, diam(CId)) base case S(op ◦ Q) = min(∆op · S(Q), diam(Cop◦Q)) if n = 1 S(op ◦ (Q1, Q2)) = min(∆op · max(S(Q1), S(Q2)), diam(Cop◦(Q1,Q2))) if n = 2
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 20 / 30
Operators Query Sensitivity
◮ op any of ∪, ∩, \, σ, π, ×, ×1 ◮ op : (Rn, dnH) → (R, dH) ◮ Cop constraint obtained after op
S(Id) = min(1, diam(CId)) base case S(op ◦ Q) = min
S(op ◦ (Q1, Q2)) = min
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 21 / 30
Aggregation γ
{a1,...,am} γ {f1,...,fk} : (R, dH) → (R, dH) ◮ groups tuples with the same values of ai ◮ computes fj for each group (count,max,min,avg,sum) ◮ returns a single tuple for each group, with ai and fj.
SELECT Car, Count(*), Avg(Height) FROM R GROUPBY Car
{Car}γ{Count,Avg(Height)}
Name Age Height Car Alice 45 160 Ford John 30 180 Fiat Frank 45 165 Bmw Eve 20 170 Ford
=
Car Count Avg(Height) Ford 2 165 Fiat 1 180 Bmw 1 165
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 22 / 30
Aggregation γ Functions
Assume ∅γf
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 23 / 30
Aggregation γ Functions
Assume ∅γf R ∼ R′
∆count(C) = 1 ×n ∆sumai (C) = max{| sup(C, ai)|, | inf(C, ai)|} ×n ∆avgai (C) = | sup(C, ai) − inf(C, ai)| × 1
2
∆maxai (C) = | sup(C, ai) − inf(C, ai)| ∆minai (C) = | sup(C, ai) − inf(C, ai)|
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 23 / 30
Aggregation γ Functions
Assume ∅γf dH(R, R′) = n
∆count(C) = 1 ×n ∆sumai (C) = max{| sup(C, ai)|, | inf(C, ai)|} ×n ∆avgai (C) = | sup(C, ai) − inf(C, ai)| ×
n 1+n
∆maxai (C) = | sup(C, ai) − inf(C, ai)| ∆minai (C) = | sup(C, ai) − inf(C, ai)|
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 23 / 30
Global Sensitivity
Definition (global sensitivity)
The global sensitivity GS of a query γf (Q) is defined as: GS(γf (Q)) = ∆f (CQ) · S(Q) if f = count, sum, avg ∆f (CQ) if f = max, min
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 24 / 30
Global Sensitivity
Definition (global sensitivity)
The global sensitivity GS of a query γf (Q) is defined as: GS(γf (Q)) = ∆f (CQ) · S(Q) if f = count, sum, avg ∆f (CQ) if f = max, min
Theorem (Soundness and strictness)
The sensitivity bound computed by GS(·) is sound and strict. Namely: GS(γf (Q)) = ∆γf (Q)
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 24 / 30
Global Sensitivity Example
c-schema ({Weight, Height}, CI) CI = {Weight ∈ [0, 150] ∧ Height ∈ [0, 200]}
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 25 / 30
Global Sensitivity Example
c-schema ({Weight, Height}, CI) CI = {Weight ∈ [0, 150] ∧ Height ∈ [0, 200]} γavg(Weight)(σWeight≤Height−100(R))
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 25 / 30
Global Sensitivity Example
c-schema ({Weight, Height}, CI) CI = {Weight ∈ [0, 150] ∧ Height ∈ [0, 200]} γavg(Weight)(σWeight≤Height−100(R)) CQ = {Weight ∈ [0, 150] ∧ Height ∈ [0, 200] ∧ Weight ≤ Height − 100}
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 25 / 30
Global Sensitivity Example
c-schema ({Weight, Height}, CI) CI = {Weight ∈ [0, 150] ∧ Height ∈ [0, 200]} γavg(Weight)(σWeight≤Height−100(R)) CQ = {Weight ∈ [0, 150] ∧ Height ∈ [0, 200] ∧ Weight ≤ Height − 100} ∆(CI, γavg(Weight)) = |max(CI ,Weight)−min(CI ,Weight)|
2
= 75 ∆(CQ, γavg(Weight)) = |max(CQ,Weight)−min(CQ,Weight)|
2
= 50
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 25 / 30
Future work
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 26 / 30
Future work Join datasets
Join ⊲ ⊳
◮ ×n: product with blocks of a fixed n size , to obtain n sensitivity. policies to
pick these representative elements
◮ ×γ: single record is built as an aggregation of the relation, thus falling in the
case of ×1 sensitivity
◮ a mix the two approaches could be considered, building n aggregations,
possibly using the operator {ai}γf
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 27 / 30
Future work Compositional ǫ analysis
Sequential composition: Qi queries each providing ǫi differential privacy, Qn ◦ . . . ◦ Q1 provides (
i ǫi)-differential privacy.
Parallel composition: Qi queries each providing ǫ differential privacy, parallel application to disjoint subsets of the input provides again ǫ-differential privacy. Extend static analysis to compute ǫ and optimize to parallelize
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 28 / 30
Future work Comparison of metric spaces
Distance dnH dnH((R1, . . . , Rn), (R′
1, . . . , R′ n)) = max(dH(R1, R′ 1), . . . , dH(Rn, R′ n))
At first was the Manhattan distance d2H((R1, R2), (R3, R4)) = dH((R1, R2)) + dH(R3, R4)
◮ lower sensibilities on many operators, namely ∪, ∩, \ all had sensitivity 1 ◮ did not allow us to compute the real sensitivity but just a bound
Explore further the comparison
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 29 / 30
Future work Comparison of metric spaces
Marco Stronati (APVP’12) Differential Privacy for Relational Algebra 30 / 30