metrics for differential privacy in concurrent systems
play

Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 - PowerPoint PPT Presentation

Nov 03, 2022 •109 likes •608 views

Introduction Two Pseudometrics Non-expansive Process Operators An application to the Dining Cryptographers Protocol Summary Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 , Konstantinos Chatzikokolakis 2 , 3 , Huimin

  1. Introduction Two Pseudometrics Non-expansive Process Operators An application to the Dining Cryptographers Protocol Summary Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 , Konstantinos Chatzikokolakis 2 , 3 , Huimin Lin 4 1 INRIA 2 CNRS 3 Ecole Polytechnique, Paris, France 4 Institute of Software, Chinese Academy of Sciences, Beijing, China Berlin, Germany June 5th, FORTE 2014 Xu, Chatzikokolakis, Lin Metrics for Differential Privacy in Concurrent Systems

  2. Introduction Two Pseudometrics Non-expansive Process Operators An application to the Dining Cryptographers Protocol Summary Background Sketch Geolocation Privacy Programming Languages Social Networks Probabilistic Process Calculus Strong Anonymity M ������������������� Probable ���������������� Innocence �������������������� �������������� Quantitative Information Flow Differential Privacy A. Narayanan M. Gaboardi This talk A. Machanavajjhala ������ �������� ������� G. Barthe ��������������� Xu, Chatzikokolakis, Lin Metrics for Differential Privacy in Concurrent Systems

  3. Introduction Two Pseudometrics Non-expansive Process Operators An application to the Dining Cryptographers Protocol Summary How To Quantify the Amount of Privacy? Definition (Standard Definition of Differential Privacy) A query mechanism A is ǫ -differentially private if for any two adjacent databases u 1 and u 2 , i.e. which differ only for one individual, and any property Z , the probability distributions of A ( u 1 ) , A ( u 2 ) differ on Z at most by e ǫ , namely, Pr [ A ( u 1 ) ∈ Z ] ≤ e ǫ · Pr [ A ( u 2 ) ∈ Z ] . The lower the value ǫ is, the better the privacy is protected. Some Merits of Differential Privacy Strong notion of privacy. Independence from side knowledge. Robustness to attacks based on combining various sources of information. Looser restrictions between non-adjacent secrets. Xu, Chatzikokolakis, Lin Metrics for Differential Privacy in Concurrent Systems

  4. Introduction Two Pseudometrics Non-expansive Process Operators An application to the Dining Cryptographers Protocol Summary Background Sketch Geolocation Privacy Programming Languages Social Networks Probabilistic Process Calculus Strong Anonymity M ������������������� Probable ���������������� Innocence �������������������� �������������� Quantitative Information Flow Differential Privacy A. Narayanan M. Gaboardi This talk A. Machanavajjhala ������ �������� ������� G. Barthe ��������������� Xu, Chatzikokolakis, Lin Metrics for Differential Privacy in Concurrent Systems

  5. Introduction Two Pseudometrics Non-expansive Process Operators An application to the Dining Cryptographers Protocol Summary Outline Introduction 1 Concurrent Systems Differential Privacy The Verification Framework Two Pseudometrics 2 The Accumulative Bijection Pseudometric The Amortised Bijection Pseudometric Comparison Non-expansive Process Operators 3 A Probabilistic Process calculus: CCS p An application to the Dining Cryptographers Protocol 4 The Dining Cryptographers Protocol Xu, Chatzikokolakis, Lin Metrics for Differential Privacy in Concurrent Systems

  6. Introduction Two Pseudometrics Concurrent Systems Non-expansive Process Operators Differential Privacy An application to the Dining Cryptographers Protocol The Verification Framework Summary Motivation The model: Concurrent systems modeled as probabilistic automata. The measure of the level of privacy: Differential privacy Xu, Chatzikokolakis, Lin Metrics for Differential Privacy in Concurrent Systems

  7. Introduction Two Pseudometrics Concurrent Systems Non-expansive Process Operators Differential Privacy An application to the Dining Cryptographers Protocol The Verification Framework Summary Motivation The model: Concurrent systems modeled as probabilistic automata. The measure of the level of privacy: Differential privacy Goal: To verify differential privacy properties for concurrent systems Xu, Chatzikokolakis, Lin Metrics for Differential Privacy in Concurrent Systems

  8. Introduction Two Pseudometrics Concurrent Systems Non-expansive Process Operators Differential Privacy An application to the Dining Cryptographers Protocol The Verification Framework Summary Outline Introduction 1 Concurrent Systems Differential Privacy The Verification Framework Two Pseudometrics 2 The Accumulative Bijection Pseudometric The Amortised Bijection Pseudometric Comparison Non-expansive Process Operators 3 A Probabilistic Process calculus: CCS p An application to the Dining Cryptographers Protocol 4 The Dining Cryptographers Protocol Xu, Chatzikokolakis, Lin Metrics for Differential Privacy in Concurrent Systems

  9. Introduction Two Pseudometrics Concurrent Systems Non-expansive Process Operators Differential Privacy An application to the Dining Cryptographers Protocol The Verification Framework Summary Our Model A probabilistic automaton is a tuple ( S , s , A , D ) S : a finite set of states; s ∈ S : the start state; A : a finite set of action labels; a D ⊆ S × A × Disc ( S ) : a transition relation. We also write s − → µ . Definition (Concurrent Systems with Secret Information) Let U be a set of secrets. A concurrent system with secret information A is a mapping of secrets to probabilistic automata, where A ( u ) , u ∈ U is the automaton modelling the behavior of the system when running on u . Xu, Chatzikokolakis, Lin Metrics for Differential Privacy in Concurrent Systems

  10. Introduction Two Pseudometrics Concurrent Systems Non-expansive Process Operators Differential Privacy An application to the Dining Cryptographers Protocol The Verification Framework Summary How to Reason about Probabilistic Observations? A scheduler ζ resolves the non-determinism based on the history of a computation, inducing a probability measure over traces. Xu, Chatzikokolakis, Lin Metrics for Differential Privacy in Concurrent Systems

  11. Introduction Two Pseudometrics Concurrent Systems Non-expansive Process Operators Differential Privacy An application to the Dining Cryptographers Protocol The Verification Framework Summary How to Reason about Probabilistic Observations? A scheduler ζ resolves the non-determinism based on the history of a computation, inducing a probability measure over traces. Probabilities of finite traces Let α be the history up to the current state s . The probability of observing a finite trace � t starting from α , denoted by Pr ζ [ α ⊲ � t ] , is defined recursively as follows. if �  1 t is empty,   b ζ [ α ⊲ � if � t = a � � Pr t ] = 0 t ′ , ζ ( α ) = s − → µ and b � = a , t ′ and ζ ( α ) = s a s i µ ( s i ) Pr ζ [ α as i ⊲ � if � t = a � �  t ′ ] � − → µ .  Xu, Chatzikokolakis, Lin Metrics for Differential Privacy in Concurrent Systems

  12. Introduction Two Pseudometrics Concurrent Systems Non-expansive Process Operators Differential Privacy An application to the Dining Cryptographers Protocol The Verification Framework Summary An example: A PIN-Checking System A ( u ) A ( u ) u 1 u 2 A ( u 1 ) A ( u 2 ) a 1 a 2 a 1 a 2 0 . 4 0 . 6 0 . 4 0 . 6 0 . 6 0 . 4 0 . 6 0 . 4 s 1 s 2 s 3 t 1 t 2 t 3 no no no no ok ok Example: The scheduler executes the a 1 -branch. Pr ζ [ A ( u 1 ) ⊲ a 1 ok ] = 0 . 6 Pr ζ [ A ( u 2 ) ⊲ a 1 ok ] = 0 . 4 Pr ζ [ A ( u 1 ) ⊲ a 1 no ] = 0 . 4 Pr ζ [ A ( u 2 ) ⊲ a 1 no ] = 0 . 6 Pr ζ [ A ( u 1 ) ⊲ a 2 ok ] = 0 Pr ζ [ A ( u 2 ) ⊲ a 2 ok ] = 0 Pr ζ [ A ( u 1 ) ⊲ a 2 no ] = 0 Pr ζ [ A ( u 2 ) ⊲ a 2 no ] = 0 Xu, Chatzikokolakis, Lin Metrics for Differential Privacy in Concurrent Systems

  13. Introduction Two Pseudometrics Concurrent Systems Non-expansive Process Operators Differential Privacy An application to the Dining Cryptographers Protocol The Verification Framework Summary Outline Introduction 1 Concurrent Systems Differential Privacy The Verification Framework Two Pseudometrics 2 The Accumulative Bijection Pseudometric The Amortised Bijection Pseudometric Comparison Non-expansive Process Operators 3 A Probabilistic Process calculus: CCS p An application to the Dining Cryptographers Protocol 4 The Dining Cryptographers Protocol Xu, Chatzikokolakis, Lin Metrics for Differential Privacy in Concurrent Systems

  14. Introduction Two Pseudometrics Concurrent Systems Non-expansive Process Operators Differential Privacy An application to the Dining Cryptographers Protocol The Verification Framework Summary Differential Privacy in the Context of Concurrent Systems The scheduler can easily break many security and privacy properties. We consider a restricted class of schedulers, called admissible schedulers. make them unable to distinguish between secrets in the histories. Definition (Differential Privacy in Our Setting) A concurrent system A satisfies ǫ - differential privacy (DP) iff for any two adjacent secrets u , u ′ , any finite trace � t and any admissible scheduler ζ : t ] ≤ e ǫ · Pr ζ [ A ( u ) ⊲ � ζ [ A ( u ′ ) ⊲ � Pr t ] Xu, Chatzikokolakis, Lin Metrics for Differential Privacy in Concurrent Systems

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 Konstantinos

Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 Konstantinos

Introduction Three Pseudometrics Summary Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 Konstantinos Chatzikokolakis 2 , 3 Huimin Lin 4 Catuscia Palamidessi 1 , 3 1 INRIA 2 CNRS 3 Ecole Polytechnique 4 Institute of

868 views • 49 slides
Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 Konstantinos

Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 Konstantinos

Introduction Three Pseudometrics Comparison of the Three Pseudometrics Summary Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 Konstantinos Chatzikokolakis 2 , 3 Huimin Lin 4 Catuscia Palamidessi 1 , 3 1 INRIA 2 CNRS 3

741 views • 52 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy Generalized definition of differential privacy allowing for a (supposedly small) additive factor Used in a variety of applications A query mechanism M is (

1.27k views • 43 slides
Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Mobile Networks - Module H2 Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; privacy preserving routing in ad hoc networks; Slides adapted from Security and

909 views • 55 slides
Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor

Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor

Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor University of Minnesota 1 Differential privacy? Isnt it just adding noise? How to add smart noise to guarantee privacy without sacrificing

592 views • 57 slides
CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local Differential Privacy in Practice (Module 1) Graham Cormode, Somesh Jha, Tejas Kulkarni, Ninghui Li, Divesh Srivastava, and Tianhao Wang Differential

819 views • 38 slides
Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques

Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques

CS573 Data Privacy and Security Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques Composition theorems Statistical Data Privacy Non-interactive vs interactive Privacy goal: individual is

1.15k views • 64 slides
Toniann Pitassi Outline 1. Differential Privacy: The Basics 2. Differential Privacy in New

Toniann Pitassi Outline 1. Differential Privacy: The Basics 2. Differential Privacy in New

Differential Privacy and Fairness: Foundations and New Frontiers Toniann Pitassi Outline 1. Differential Privacy: The Basics 2. Differential Privacy in New Settings - Pan Privacy - Privacy in multi-party settings - Fairness Outline

947 views • 49 slides
CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong

CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong

CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong Applying Differential Privacy Real world deployments of differential privacy OnTheMap RAPPOR Module 4 Tutorial: Differential Privacy in the Wild

617 views • 30 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy Alexandra Wood Berkman Klein Center for Internet & Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
Entropy-minimizing Mechanism for Differential Privacy of Discrete-time Linear Feedback Systems

Entropy-minimizing Mechanism for Differential Privacy of Discrete-time Linear Feedback Systems

Entropy-minimizing Mechanism for Differential Privacy of Discrete-time Linear Feedback Systems Yu Wang, Zhenqi Huang, Sayan Mitra and Geir E. Dullerud September 25, 2014 General Question Trade-off between privacy and accuracy: a

587 views • 19 slides
Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole

Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole

Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole Polytechnique 1 Plan of the talk General introduction to privacy issues A naive approach to privacy protection: anonymization Why it

740 views • 44 slides
Implementing Differential Privacy & Side-channel attacks CompSci 590.03 Instructor: Ashwin

Implementing Differential Privacy & Side-channel attacks CompSci 590.03 Instructor: Ashwin

Implementing Differential Privacy & Side-channel attacks CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 14 : 590.03 Fall 12 1 Outline Differential Privacy Implementations PINQ: Privacy Integrated Queries [McSherry SIGMOD

1.22k views • 40 slides
Algorithms for Differential Privacy: Exponential & Median Mechanism CompSci 590.03

Algorithms for Differential Privacy: Exponential & Median Mechanism CompSci 590.03

Algorithms for Differential Privacy: Exponential & Median Mechanism CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 7 : 590.03 Fall 12 1 Recap: Differential Privacy For every pair of inputs For every output that differ in one

445 views • 29 slides
Data Mining with Differential Privacy Arik Friedman and Assal Schuster by Slawomir Goryczka

Data Mining with Differential Privacy Arik Friedman and Assal Schuster by Slawomir Goryczka

Data Mining with Differential Privacy Arik Friedman and Assal Schuster by Slawomir Goryczka Differential Privacy A randomized computation M provides -differential privacy if for any datasets A and B that differ by 1 record and any set of

193 views • 17 slides
BinCAT Purrfecting binary static analysis June 16th 2017 - REcon Philippe Biondi, Raphal Rigo,

BinCAT Purrfecting binary static analysis June 16th 2017 - REcon Philippe Biondi, Raphal Rigo,

BinCAT Purrfecting binary static analysis June 16th 2017 - REcon Philippe Biondi, Raphal Rigo, Sarah Zennou, Xavier Mehrenberger Plan Introduction Demo Under the hood Conclusion 2 Biondi, Mehrenberger, Rigo, Zennou :: BinCAT Plan

956 views • 66 slides
Huawei's story of leveraging GridGain as a distributed caching service on its public cloud

Huawei's story of leveraging GridGain as a distributed caching service on its public cloud

Huawei's story of leveraging GridGain as a distributed caching service on its public cloud environment Paul Chen Chief Architect, Cloud Services Research and Development, Huawei Technologies Canada Lab Agenda Huawei Public Cloud

343 views • 22 slides
1 Castle Biosciences provides molecular diagnostic solutions for patients with underserved and

1 Castle Biosciences provides molecular diagnostic solutions for patients with underserved and

Incorporating DecisionDx-Melanoma into Clinical Practice: Molecular Information for Personalized Management Decisions Eric D. Whitman, MD, FACS Medical Director, Atlantic Health System Cancer Care Director, Atlantic Melanoma Center Morristown

359 views • 9 slides
Aerosol, Clouds and the Southern Ocean From Cape Grim to the RV Investigator Melita Keywood and

Aerosol, Clouds and the Southern Ocean From Cape Grim to the RV Investigator Melita Keywood and

Aerosol, Clouds and the Southern Ocean From Cape Grim to the RV Investigator Melita Keywood and Alain Protat 20 May 2015 OCEANS AND ATMOSPHERE FLAGSHIP Poor simulation of Southern Ocean Clouds cloud over SO Satellite obs >0.8 in a band

701 views • 39 slides
What does respectful maternal care look like? Better Maternal Outcomes: IHI Rapid Improvement

What does respectful maternal care look like? Better Maternal Outcomes: IHI Rapid Improvement

1 What does respectful maternal care look like? Better Maternal Outcomes: IHI Rapid Improvement Network Informational Call for Wave 3 March 18, 2020 WebEx Quick Reference 3 Please use chat to All Participants for discussion

526 views • 34 slides
29th Annual The Medical Management of HIV/AIDS and Hepatitis December 79, 2017 Park Central

29th Annual The Medical Management of HIV/AIDS and Hepatitis December 79, 2017 Park Central

HIV, ID and Global Medicine Division Zuckerberg San Francisco General Hospital and Trauma Center Department of Medicine University of California, San Francisco, School of Medicine presents 29th Annual The Medical Management of HIV/AIDS and

305 views • 12 slides
Patient Centered Medical Home primary care that facilitates partnerships between individual

Patient Centered Medical Home primary care that facilitates partnerships between individual

10/1/2013 What is a Patient Centered Medical Home (PCMH)? "an approach to providing comprehensive Patient Centered Medical Home primary care that facilitates partnerships between individual patients, and their personal providers, and when

538 views • 7 slides
Engaging the Clinical Team October 5, 2016 We Want To Hear From You! Type questions into the

Engaging the Clinical Team October 5, 2016 We Want To Hear From You! Type questions into the

Depression Screening & Treatment in Primary Care, Part Two: Workflow and Engaging the Clinical Team October 5, 2016 We Want To Hear From You! Type questions into the Questions Pane at any time during this presentation Patient-Centered

623 views • 46 slides

More recommend