differential privacy
play

Differential Privacy Privacy & Fairness in Data Science CS848 - PowerPoint PPT Presentation

May 25, 2023 •291 likes •1.01k views

Differential Privacy Privacy & Fairness in Data Science CS848 Fall 2019 2 Outline Problem Differential Privacy Basic Algorithms 3 Statistical Databases Person 1 Person 2 Person 3 Person N Individuals with r 1 r 2 r 3 r N

  1. Differential Privacy Privacy & Fairness in Data Science CS848 Fall 2019

  2. 2 Outline • Problem • Differential Privacy • Basic Algorithms

  3. 3 Statistical Databases Person 1 Person 2 Person 3 Person N Individuals with r 1 r 2 r 3 r N sensitive data Census Google Hospital Data Collectors DB DB DB Economists Machine Data Analysts Medical Doctors Ranking Learning Researchers Algorithms Researchers

  4. 4 Statistical Database Privacy Function provided by the analyst Server Output can disclose sensitive information DB about individuals Person 1 Person 2 Person 3 Person N r 1 r 2 r 3 r N

  5. 5 Statistical Database Privacy Privacy for individuals (controlled by a parameter ε) Server ! !"#$%&' ( !" , ! ) ! ! DB Person 1 Person 2 Person 3 Person N r 1 r 2 r 3 r N

  6. 6 Statistical Database Privacy Utility for analyst Server ! !"#$%&' ( !" , ! ) ! ! DB Person 1 Person 2 Person 3 Person N r 1 r 2 r 3 r N

  7. 7 Statistical Database Privacy (untrusted collector) Server wants to compute f Server f ( ) DB Individuals do not want server to infer their records Person 1 Person 2 Person 3 Person N r 1 r 2 r 3 r N

  8. 8 Statistical Database Privacy (untrusted collector) Perturb records to Server ensure privacy for f ( ) individuals and Utility for server DB* Person 1 Person 2 Person 3 Person N r 1 r 2 r 3 r N

  9. 9 Statistical Databases in real-world applications Application Data Private Analyst Function (utility) Collector Information Medical Hospital Disease Epidemiologist Correlation between disease and geography Genome Hospital Genome Statistician/ Correlation between analysis Researcher genome and disease Advertising Google/FB Clicks/Brow Advertiser Number of clicks on sing an ad by age/region/gender … Social Facebook Friend links Another user Recommend other Recommen- / profile users or ads to users dations based on social network

  10. 10 Statistical Databases in real-world applications • Settings where data collector may not be trusted (or may not want the liability …) Application Data Collector Private Function (utility) Information Location Verizon/AT&T Location Traffic prediction Services Recommen- Amazon/Google Purchase Recommendation dations history model Traffic Internet Service Browsing Traffic pattern of Shaping Provider history groups of users

  11. 11 Privacy is not …

  12. 12 Statistical Database Privacy is not … • Encryption:

  13. 13 Statistical Database Privacy is not … • Encryption: Alice sends a message to Bob such that Trudy (attacker) does not learn the message. Bob should get the correct message … • Statistical Database Privacy: Bob (attacker) can access a database - Bob must learn aggregate statistics, but - Bob must not learn new information about individuals in database.

  14. 14 Statistical Database Privacy is not … • Computation on Encrypted Data:

  15. 15 Statistical Database Privacy is not … • Computation on Encrypted Data: - Alice stores encrypted data on a server controlled by Bob (attacker). - Server returns correct query answers to Alice, without Bob learning anything about the data. • Statistical Database Privacy: - Bob is allowed to learn aggregate properties of the database.

  16. 16 Statistical Database Privacy is not … • The Millionaires Problem:

  17. 17 Statistical Database Privacy is not … • Secure Multiparty Computation: - A set of agents each having a private input xi … - … Want to compute a function f(x1, x2, …, xk) - Each agent can learn the true answer, but must learn no other information than what can be inferred from their private input and the answer. • Statistical Database Privacy: - Function output must not disclose individual inputs.

  18. 18 Statistical Database Privacy is not … • Access Control:

  19. 19 Statistical Database Privacy is not … • Access Control: - A set of agents want to access a set of resources (could be files or records in a database) - Access control rules specify who is allowed to access ( or not access ) certain resources. - ‘Not access’ usually means no information must be disclosed • Statistical Database: - A single database and a single agent - Want to release aggregate statistics about a set of records without allowing access to individual records

  20. 20 Privacy Problems • In today’s systems a number of privacy problems arise: – Encryption when communicating data across a unsecure channel – Secure Multiparty Computation when different parties want to compute on a function on their private data without using a centralized third party – Computing on encrypted data when one wants to use an unsecure cloud for computation – Access control when different users own different parts of the data • Statistical Database Privacy: Quantifying (and bounding) the amount of information disclosed about individual records by the output of a valid computation.

  21. 21 What is privacy?

  22. 22 Privacy Breach: Attempt 1 A privacy mechanism M(D) that allows an unauthorized party to learn sensitive information about any individual in D, which could not have learnt without access to M(D).

  23. 23 Alice Alice has Cancer Is this a privacy breach? NO

  24. 24 Privacy Breach: Attempt 2 A privacy mechanism M(D) that allows an unauthorized party to learn sensitive information about any individual Alice in D, which could not have learnt even with access to M(D) if Alice was not in the dataset .

  25. 25 Outline • Problem • Differential Privacy • Basic Algorithms

  26. 26 Differential Privacy [Dwork ICALP 2006] For every pair of inputs For every output … that differ in one row D 1 D 2 O Adversary should not be able to distinguish between any D 1 and D 2 based on any O ln Pr[𝐵 𝐸 ( = 𝑝] ≤ 𝜁, 𝜁 > 0 Pr[𝐵 𝐸 , = 𝑝]

  27. 27 Why pairs of datasets that differ in one row ? For every pair of inputs For every output … that differ in one row D 1 D 2 O Simulate the presence or absence of a single record

  28. 28 Why all pairs of datasets … ? For every pair of inputs For every output … that differ in one row D 1 D 2 O Guarantee holds no matter what the other records are.

  29. 29 Why all outputs? P [ A(D 1 ) = O 1 ] A(D 1 ) = O 1 D 1 . . . D 2 P [ A(D 2 ) = O k ] Set of all outputs

  30. 30 Should not be able to distinguish whether input was D 1 or D 2 no matter what the output Worst discrepancy in probabilities D 1 . . . D 2

  31. 31 Privacy Parameter ε For every pair of inputs For every output … that differ in one row D 1 D 2 O Pr[A(D 1 ) = o] ≤ e ε Pr[A(D 2 ) = o] Controls the degree to which D 1 and D 2 can be distinguished. Smaller the ε more the privacy (and worse the utility)

  32. 32 Desiderata for a Privacy Definition 1. Resilience to background knowledge A privacy mechanism must be able to protect individuals’ privacy – from attackers who may possess background knowledge 2. Privacy without obscurity Attacker must be assumed to know the algorithm used as well as – all parameters [MK15] 3. Post-processing Post-processing the output of a privacy mechanism must not – change the privacy guarantee [KL10, MK15] 4. Composition over multiple releases Allow a graceful degradation of privacy with multiple invocations – on the same data [DN03, GKS08]

  33. 33 Differential Privacy • Two equivalent definitions: Every subset of outputs ≤ 𝑓 5 Pr 𝐵 𝐸 , ∈ Ω Pr 𝐵 𝐸 ( ∈ Ω Number of row additions and deletions to change X to Y ≤ 𝑓 578(:,;) Pr 𝐵 𝑍 ∈ Ω Pr 𝐵 𝑌 ∈ Ω

  34. 34 Outline • Problem • Differential Privacy • Basic Algorithms

  35. Non-trivial deterministic Algorithms 35 do not satisfy differential privacy Space of all inputs Space of all outputs (at least 2 distinct ouputs)

  36. Non-trivial deterministic Algorithms 36 do not satisfy differential privacy Each input mapped to a distinct output.

  37. There exist two inputs that differ in one 37 entry mapped to different outputs. Pr > 0 Pr = 0

  38. 38 Random Sampling … … also does not satisfy differential privacy Input Output D 1 D 2 O log Pr[D 1 à O] = ∞ Pr[D 2 à O] = 0 implies Pr[D 2 à O]

  39. [W 65] 39 Randomized Response (a.k.a. local randomization) D O Disease Disease (Y/N) (Y/N) Y Y With probability p, Report true value Y N With probability 1-p, Report flipped value N N Y N N Y N N

  40. 40 Differential Privacy Analysis • Consider 2 databases D, D’ (of size M) that differ in the j th value – D[j] ≠ D’[j]. But, D[i] = D’[i], for all i ≠ j • Consider some output O

  41. 41 Utility Analysis Suppose y out of N people replied “yes”, and rest said “no” • What is the best estimate for π = fraction of people with disease = Y? • 𝑧 𝑂 − (1 − 𝑞) 𝜌 = > 2𝑞 − 1 • 𝐹( G 𝜌 ) = 𝜌 K((LK) ( • 𝑊𝑏𝑠 > 𝜌 = + R M M (O PL Q L Q R S Sampling Variance due to coin flips

  42. 42 Randomized response for larger domains • Suppose area is divided into k x k uniform grid. • What is the probability of reporting the true location? • What is the probability of reporting a false location?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy Generalized definition of differential privacy allowing for a (supposedly small) additive factor Used in a variety of applications A query mechanism M is (

1.27k views • 43 slides
Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor

Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor

Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor University of Minnesota 1 Differential privacy? Isnt it just adding noise? How to add smart noise to guarantee privacy without sacrificing

592 views • 57 slides
CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local Differential Privacy in Practice (Module 1) Graham Cormode, Somesh Jha, Tejas Kulkarni, Ninghui Li, Divesh Srivastava, and Tianhao Wang Differential

819 views • 38 slides
Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques

Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques

CS573 Data Privacy and Security Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques Composition theorems Statistical Data Privacy Non-interactive vs interactive Privacy goal: individual is

1.15k views • 64 slides
Toniann Pitassi Outline 1. Differential Privacy: The Basics 2. Differential Privacy in New

Toniann Pitassi Outline 1. Differential Privacy: The Basics 2. Differential Privacy in New

Differential Privacy and Fairness: Foundations and New Frontiers Toniann Pitassi Outline 1. Differential Privacy: The Basics 2. Differential Privacy in New Settings - Pan Privacy - Privacy in multi-party settings - Fairness Outline

947 views • 49 slides
CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong

CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong

CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong Applying Differential Privacy Real world deployments of differential privacy OnTheMap RAPPOR Module 4 Tutorial: Differential Privacy in the Wild

617 views • 30 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy Alexandra Wood Berkman Klein Center for Internet & Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole

Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole

Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole Polytechnique 1 Plan of the talk General introduction to privacy issues A naive approach to privacy protection: anonymization Why it

740 views • 44 slides
Implementing Differential Privacy & Side-channel attacks CompSci 590.03 Instructor: Ashwin

Implementing Differential Privacy & Side-channel attacks CompSci 590.03 Instructor: Ashwin

Implementing Differential Privacy & Side-channel attacks CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 14 : 590.03 Fall 12 1 Outline Differential Privacy Implementations PINQ: Privacy Integrated Queries [McSherry SIGMOD

1.22k views • 40 slides
Algorithms for Differential Privacy: Exponential & Median Mechanism CompSci 590.03

Algorithms for Differential Privacy: Exponential & Median Mechanism CompSci 590.03

Algorithms for Differential Privacy: Exponential & Median Mechanism CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 7 : 590.03 Fall 12 1 Recap: Differential Privacy For every pair of inputs For every output that differ in one

445 views • 29 slides
Data Mining with Differential Privacy Arik Friedman and Assal Schuster by Slawomir Goryczka

Data Mining with Differential Privacy Arik Friedman and Assal Schuster by Slawomir Goryczka

Data Mining with Differential Privacy Arik Friedman and Assal Schuster by Slawomir Goryczka Differential Privacy A randomized computation M provides -differential privacy if for any datasets A and B that differ by 1 record and any set of

193 views • 17 slides
Satisfy Legal Definitions of Privacy? The Case of FERPA and Differential Privacy CS

Satisfy Legal Definitions of Privacy? The Case of FERPA and Differential Privacy CS

Do Computer Science Definitions of Privacy Satisfy Legal Definitions of Privacy? The Case of FERPA and Differential Privacy CS LAW Kobbi Nissim Ben-Gurion University Center for Research on Computation and Society

865 views • 62 slides
Mobile Data Collection and Analysis with Local Differential Privacy - Part 1 Ninghui Li (Purdue

Mobile Data Collection and Analysis with Local Differential Privacy - Part 1 Ninghui Li (Purdue

Mobile Data Collection and Analysis with Local Differential Privacy - Part 1 Ninghui Li (Purdue University) 1 Outline Motivation of Differential Privacy and Local Differential Privacy (LDP) Frequency Oracles in LDP Tradeoff between

821 views • 53 slides
Differential Privacy and Applications Marco Gaboardi Boston University Recap Foundamental Law

Differential Privacy and Applications Marco Gaboardi Boston University Recap Foundamental Law

Differential Privacy and Applications Marco Gaboardi Boston University Recap Foundamental Law of Information Reconstruction The release of too many overly accurate statistics gives privacy violations. ( , )-Differential Privacy

1.26k views • 76 slides
Dependence Makes You Vulnerable: Differential Privacy Under Dependent Tuples Changchang Liu 1 ,

Dependence Makes You Vulnerable: Differential Privacy Under Dependent Tuples Changchang Liu 1 ,

Introduction Differential Privacy under Dependent Data Conclusion and Future Work Dependence Makes You Vulnerable: Differential Privacy Under Dependent Tuples Changchang Liu 1 , Supriyo Chakraborty 2 , Prateek Mittal 1 Email: 1 { cl12, pmittal }

512 views • 38 slides
-Liftings for Differential Privacy and f -Divergences Gilles Barthe, Thomas Espitau, Justin

-Liftings for Differential Privacy and f -Divergences Gilles Barthe, Thomas Espitau, Justin

-Liftings for Differential Privacy and f -Divergences Gilles Barthe, Thomas Espitau, Justin Hsu, Tetsuya Sato, Pierre-Yves Strub 1 Differential privacy: probabilistic program property 2 Differential privacy: probabilistic program property

668 views • 48 slides
CS3000: Algorithms & Data Jonathan Ullman Lecture 16: Applications of Network Flow

CS3000: Algorithms & Data Jonathan Ullman Lecture 16: Applications of Network Flow

Hello CS3000: Algorithms & Data Jonathan Ullman Lecture 16: Applications of Network Flow March 23, 2020 Midterm II Logistics: Wednesday April 1 st Administratered through Gradescope Exam will be available from 2:50pm

527 views • 29 slides
National Healthcare Safety Network (NHSN) NHSN Analysis: Advanced Features & Terminology

National Healthcare Safety Network (NHSN) NHSN Analysis: Advanced Features & Terminology

National Healthcare Safety Network (NHSN) NHSN Analysis: Advanced Features & Terminology Training Session for NHSN Hospitals December 19, 2006 Agenda Graphical Output Types Advanced Output Options Exporting Data Creating

518 views • 23 slides
Goodbye World! The perils of relying on output streams in C Jim Meyering meyering@redhat.com

Goodbye World! The perils of relying on output streams in C Jim Meyering meyering@redhat.com

Goodbye World! The perils of relying on output streams in C Jim Meyering meyering@redhat.com maintainer of coreutils, gnulib, etc. Outline: There are many problems with stdout they make it hard to write truly robust code one problem (the tip

670 views • 30 slides
Why is forward guidance so powerful in standard monetary models? W HY S O P OWERFUL ? Textbook

Why is forward guidance so powerful in standard monetary models? W HY S O P OWERFUL ? Textbook

T HE P OWER OF F ORWARD G UIDANCE R EVISITED Alisdair McKay 1 Emi Nakamura 2 Jn Steinsson 2 1 Boston University 2 Columbia University November 2015 McKay, Nakamura, Steinsson Forward Guidance November 2015 1 / 29 F ORWARD G UIDANCE Guiding

670 views • 52 slides
Dual-Decomposed Learning with Factorwise Oracles for Structured Prediction of Large Output Domain

Dual-Decomposed Learning with Factorwise Oracles for Structured Prediction of Large Output Domain

Dual-Decomposed Learning with Factorwise Oracles for Structured Prediction of Large Output Domain Xiangru Huang Joint work 1 with Ian E.H. Yen , Kai Zhong , Ruohan Zhang , Chia Dai , Pradeep Ravikumar and Inderjit Dhillon

409 views • 19 slides
CSC321 Lecture 5: Multilayer Perceptrons Roger Grosse Roger Grosse CSC321 Lecture 5: Multilayer

CSC321 Lecture 5: Multilayer Perceptrons Roger Grosse Roger Grosse CSC321 Lecture 5: Multilayer

CSC321 Lecture 5: Multilayer Perceptrons Roger Grosse Roger Grosse CSC321 Lecture 5: Multilayer Perceptrons 1 / 21 Overview Recall the simple neuron-like unit: y i'th weight bias output output w 1 w 2 weights w 3 y = g b +

240 views • 23 slides
Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain CRYPTO 2018 Secure Multiparty Computation ! # ! $ ! " ! % Secure Multiparty Computation Securely compute

1.18k views • 102 slides
Generating output in the COMIC multimodal dialogue system Mary Ellen Foster School of

Generating output in the COMIC multimodal dialogue system Mary Ellen Foster School of

Generating output in the COMIC multimodal dialogue system Mary Ellen Foster School of Informatics University of Edinburgh W3C MMI Workshop Sophia Antipolis, 20 July 2004 1 Overview The COMIC project and demonstrator Planning and

464 views • 20 slides

More recommend