metrics for differential privacy in concurrent systems
play

Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 - PowerPoint PPT Presentation

Dec 29, 2023 •358 likes •868 views

Introduction Three Pseudometrics Summary Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 Konstantinos Chatzikokolakis 2 , 3 Huimin Lin 4 Catuscia Palamidessi 1 , 3 1 INRIA 2 CNRS 3 Ecole Polytechnique 4 Institute of

  1. Introduction Three Pseudometrics Summary Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 Konstantinos Chatzikokolakis 2 , 3 Huimin Lin 4 Catuscia Palamidessi 1 , 3 1 INRIA 2 CNRS 3 Ecole Polytechnique 4 Institute of Software, Chinese Academy of Sciences HotSpot 2014 Xu, Chatzikokolakis, Lin, Palamidessi Metrics for Differential Privacy in Concurrent Systems

  2. Introduction Three Pseudometrics Summary Outline Introduction 1 Concurrent Systems Differential Privacy The Verification Framework Three Pseudometrics 2 The Accumulative Bijection Pseudometric The Amortised Bijection Pseudometric A Multiplicative Variant of the Kantorovich Pseudometric Comparison Xu, Chatzikokolakis, Lin, Palamidessi Metrics for Differential Privacy in Concurrent Systems

  3. Introduction Concurrent Systems Three Pseudometrics Differential Privacy Summary The Verification Framework Motivation The model: Concurrent systems modeled as probabilistic automata. The measure of the level of privacy: Differential privacy Xu, Chatzikokolakis, Lin, Palamidessi Metrics for Differential Privacy in Concurrent Systems

  4. Introduction Concurrent Systems Three Pseudometrics Differential Privacy Summary The Verification Framework Motivation The model: Concurrent systems modeled as probabilistic automata. The measure of the level of privacy: Differential privacy Goal: To verify differential privacy properties for concurrent systems Xu, Chatzikokolakis, Lin, Palamidessi Metrics for Differential Privacy in Concurrent Systems

  5. Introduction Concurrent Systems Three Pseudometrics Differential Privacy Summary The Verification Framework Outline Introduction 1 Concurrent Systems Differential Privacy The Verification Framework Three Pseudometrics 2 The Accumulative Bijection Pseudometric The Amortised Bijection Pseudometric A Multiplicative Variant of the Kantorovich Pseudometric Comparison Xu, Chatzikokolakis, Lin, Palamidessi Metrics for Differential Privacy in Concurrent Systems

  6. Introduction Concurrent Systems Three Pseudometrics Differential Privacy Summary The Verification Framework Our Model A probabilistic automaton is a tuple ( S , s , A , D ) S : a finite set of states; s ∈ S : the start state; A : a finite set of action labels; a D ⊆ S × A × Disc ( S ) : a transition relation. We also write s − → µ . Definition (Concurrent Systems with Secret Information) Let U be a set of secrets. A concurrent system with secret information A is a mapping of secrets to probabilistic automata, where A ( u ) , u ∈ U is the automaton modelling the behavior of the system when running on u . Xu, Chatzikokolakis, Lin, Palamidessi Metrics for Differential Privacy in Concurrent Systems

  7. Introduction Concurrent Systems Three Pseudometrics Differential Privacy Summary The Verification Framework How to Reason about Probabilistic Observations? A scheduler ζ resolves the non-determinism based on the history of a computation, inducing a probability measure over traces. Xu, Chatzikokolakis, Lin, Palamidessi Metrics for Differential Privacy in Concurrent Systems

  8. Introduction Concurrent Systems Three Pseudometrics Differential Privacy Summary The Verification Framework How to Reason about Probabilistic Observations? A scheduler ζ resolves the non-determinism based on the history of a computation, inducing a probability measure over traces. Probabilities of finite traces Let α be the history up to the current state s . The probability of observing a finite trace � t starting from α , denoted by Pr ζ [ α ⊲ � t ] , is defined recursively as follows. if �  1 t is empty,   b ζ [ α ⊲ � if � t = a � � t ′ , ζ ( α ) = s Pr t ] = 0 − → µ and b � = a , t ′ and ζ ( α ) = s a s i µ ( s i ) Pr ζ [ α as i ⊲ � if � t = a � �  t ′ ] � − → µ .  Xu, Chatzikokolakis, Lin, Palamidessi Metrics for Differential Privacy in Concurrent Systems

  9. Introduction Concurrent Systems Three Pseudometrics Differential Privacy Summary The Verification Framework An example: A PIN-Checking System A ( u ) A ( u ) u 1 u 2 A ( u 1 ) A ( u 2 ) a 1 a 2 a 1 a 2 0 . 4 0 . 6 0 . 4 0 . 6 0 . 6 0 . 4 0 . 6 0 . 4 s 1 s 2 s 3 t 1 t 2 t 3 no no no no ok ok Example: The scheduler executes the a 1 -branch. Pr ζ [ A ( u 1 ) ⊲ a 1 ok ] = 0 . 6 Pr ζ [ A ( u 2 ) ⊲ a 1 ok ] = 0 . 4 Pr ζ [ A ( u 1 ) ⊲ a 1 no ] = Pr ζ [ A ( u 2 ) ⊲ a 1 no ] = 0 . 4 0 . 6 Pr ζ [ A ( u 1 ) ⊲ a 2 ok ] = 0 Pr ζ [ A ( u 2 ) ⊲ a 2 ok ] = 0 Pr ζ [ A ( u 1 ) ⊲ a 2 no ] = 0 Pr ζ [ A ( u 2 ) ⊲ a 2 no ] = 0 Xu, Chatzikokolakis, Lin, Palamidessi Metrics for Differential Privacy in Concurrent Systems

  10. Introduction Concurrent Systems Three Pseudometrics Differential Privacy Summary The Verification Framework Outline Introduction 1 Concurrent Systems Differential Privacy The Verification Framework Three Pseudometrics 2 The Accumulative Bijection Pseudometric The Amortised Bijection Pseudometric A Multiplicative Variant of the Kantorovich Pseudometric Comparison Xu, Chatzikokolakis, Lin, Palamidessi Metrics for Differential Privacy in Concurrent Systems

  11. Introduction Concurrent Systems Three Pseudometrics Differential Privacy Summary The Verification Framework How To Quantify the Amount of Privacy? Definition (Standard Definition of Differential Privacy) A query mechanism A is ǫ -differentially private if for any two adjacent databases u 1 and u 2 , i.e. which differ only for one individual, and any property Z , the probability distributions of A ( u 1 ) , A ( u 2 ) differ on Z at most by e ǫ , namely, Pr [ A ( u 1 ) ∈ Z ] ≤ e ǫ · Pr [ A ( u 2 ) ∈ Z ] . The lower the value ǫ is, the better the privacy is protected. Xu, Chatzikokolakis, Lin, Palamidessi Metrics for Differential Privacy in Concurrent Systems

  12. Introduction Concurrent Systems Three Pseudometrics Differential Privacy Summary The Verification Framework How To Quantify the Amount of Privacy? Definition (Standard Definition of Differential Privacy) A query mechanism A is ǫ -differentially private if for any two adjacent databases u 1 and u 2 , i.e. which differ only for one individual, and any property Z , the probability distributions of A ( u 1 ) , A ( u 2 ) differ on Z at most by e ǫ , namely, Pr [ A ( u 1 ) ∈ Z ] ≤ e ǫ · Pr [ A ( u 2 ) ∈ Z ] . The lower the value ǫ is, the better the privacy is protected. Some Merits of Differential Privacy Strong notion of privacy. Independence from side knowledge. Robustness to attacks based on combining various sources of information. Looser restrictions between non-adjacent secrets. Xu, Chatzikokolakis, Lin, Palamidessi Metrics for Differential Privacy in Concurrent Systems

  13. Introduction Concurrent Systems Three Pseudometrics Differential Privacy Summary The Verification Framework Differential Privacy in the Context of Concurrent Systems The scheduler can easily break many security and privacy properties. We consider a restricted class of schedulers, called admissible schedulers. make them unable to distinguish between secrets in the histories. Definition (Differential Privacy in Our Setting) A concurrent system A satisfies ǫ - differential privacy (DP) iff for any two adjacent secrets u , u ′ , all finite traces � t and all admissible schedulers ζ : t ] ≤ e ǫ · Pr ζ [ A ( u ) ⊲ � ζ [ A ( u ′ ) ⊲ � Pr t ] Xu, Chatzikokolakis, Lin, Palamidessi Metrics for Differential Privacy in Concurrent Systems

  14. Introduction Concurrent Systems Three Pseudometrics Differential Privacy Summary The Verification Framework The PIN-Checking System Revisited Definition (Differential Privacy in Our Setting) A concurrent system A satisfies ǫ - differential privacy (DP) iff for any two adjacent secrets u , u ′ , all finite traces � t and all admissible schedulers ζ : t ] ≤ e ǫ · Pr ζ [ A ( u ) ⊲ � ζ [ A ( u ′ ) ⊲ � Pr t ] Example Pr ζ [ A ( u 1 ) ⊲ a 1 ok ] = Pr ζ [ A ( u 2 ) ⊲ a 1 ok ] = 0 . 6 0 . 4 Pr ζ [ A ( u 1 ) ⊲ a 1 no ] = 0 . 4 Pr ζ [ A ( u 2 ) ⊲ a 1 no ] = 0 . 6 Pr ζ [ A ( u 1 ) ⊲ a 2 ok ] = 0 Pr ζ [ A ( u 2 ) ⊲ a 2 ok ] = 0 Pr ζ [ A ( u 1 ) ⊲ a 2 no ] = 0 Pr ζ [ A ( u 2 ) ⊲ a 2 no ] = 0 In this case, the level of differential privacy ǫ = ln 3 2 . Xu, Chatzikokolakis, Lin, Palamidessi Metrics for Differential Privacy in Concurrent Systems

  15. Introduction Concurrent Systems Three Pseudometrics Differential Privacy Summary The Verification Framework Outline Introduction 1 Concurrent Systems Differential Privacy The Verification Framework Three Pseudometrics 2 The Accumulative Bijection Pseudometric The Amortised Bijection Pseudometric A Multiplicative Variant of the Kantorovich Pseudometric Comparison Xu, Chatzikokolakis, Lin, Palamidessi Metrics for Differential Privacy in Concurrent Systems

  16. Introduction Concurrent Systems Three Pseudometrics Differential Privacy Summary The Verification Framework Neighboring processes have neighboring behaviors. For example: behavioural equivalences A ( u ) ≃ A ( u ′ ) = ⇒ Secrecy [Abadi and Gordon, the Spi-calculus] The property of differential privacy requires that the observations generated by two adjacent secrets are probabilistically close. Xu, Chatzikokolakis, Lin, Palamidessi Metrics for Differential Privacy in Concurrent Systems

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 , Konstantinos

Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 , Konstantinos

Introduction Two Pseudometrics Non-expansive Process Operators An application to the Dining Cryptographers Protocol Summary Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 , Konstantinos Chatzikokolakis 2 , 3 , Huimin

608 views • 49 slides
Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 Konstantinos

Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 Konstantinos

Introduction Three Pseudometrics Comparison of the Three Pseudometrics Summary Metrics for Differential Privacy in Concurrent Systems Lili Xu 1 , 3 , 4 Konstantinos Chatzikokolakis 2 , 3 Huimin Lin 4 Catuscia Palamidessi 1 , 3 1 INRIA 2 CNRS 3

741 views • 52 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy Generalized definition of differential privacy allowing for a (supposedly small) additive factor Used in a variety of applications A query mechanism M is (

1.27k views • 43 slides
Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Mobile Networks - Module H2 Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; privacy preserving routing in ad hoc networks; Slides adapted from Security and

909 views • 55 slides
Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor

Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor

Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor University of Minnesota 1 Differential privacy? Isnt it just adding noise? How to add smart noise to guarantee privacy without sacrificing

592 views • 57 slides
CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local Differential Privacy in Practice (Module 1) Graham Cormode, Somesh Jha, Tejas Kulkarni, Ninghui Li, Divesh Srivastava, and Tianhao Wang Differential

819 views • 38 slides
Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques

Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques

CS573 Data Privacy and Security Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques Composition theorems Statistical Data Privacy Non-interactive vs interactive Privacy goal: individual is

1.15k views • 64 slides
Toniann Pitassi Outline 1. Differential Privacy: The Basics 2. Differential Privacy in New

Toniann Pitassi Outline 1. Differential Privacy: The Basics 2. Differential Privacy in New

Differential Privacy and Fairness: Foundations and New Frontiers Toniann Pitassi Outline 1. Differential Privacy: The Basics 2. Differential Privacy in New Settings - Pan Privacy - Privacy in multi-party settings - Fairness Outline

947 views • 49 slides
CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong

CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong

CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong Applying Differential Privacy Real world deployments of differential privacy OnTheMap RAPPOR Module 4 Tutorial: Differential Privacy in the Wild

617 views • 30 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy Alexandra Wood Berkman Klein Center for Internet & Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
Entropy-minimizing Mechanism for Differential Privacy of Discrete-time Linear Feedback Systems

Entropy-minimizing Mechanism for Differential Privacy of Discrete-time Linear Feedback Systems

Entropy-minimizing Mechanism for Differential Privacy of Discrete-time Linear Feedback Systems Yu Wang, Zhenqi Huang, Sayan Mitra and Geir E. Dullerud September 25, 2014 General Question Trade-off between privacy and accuracy: a

587 views • 19 slides
Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole

Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole

Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole Polytechnique 1 Plan of the talk General introduction to privacy issues A naive approach to privacy protection: anonymization Why it

740 views • 44 slides
Implementing Differential Privacy & Side-channel attacks CompSci 590.03 Instructor: Ashwin

Implementing Differential Privacy & Side-channel attacks CompSci 590.03 Instructor: Ashwin

Implementing Differential Privacy & Side-channel attacks CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 14 : 590.03 Fall 12 1 Outline Differential Privacy Implementations PINQ: Privacy Integrated Queries [McSherry SIGMOD

1.22k views • 40 slides
Algorithms for Differential Privacy: Exponential & Median Mechanism CompSci 590.03

Algorithms for Differential Privacy: Exponential & Median Mechanism CompSci 590.03

Algorithms for Differential Privacy: Exponential & Median Mechanism CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 7 : 590.03 Fall 12 1 Recap: Differential Privacy For every pair of inputs For every output that differ in one

445 views • 29 slides
Data Mining with Differential Privacy Arik Friedman and Assal Schuster by Slawomir Goryczka

Data Mining with Differential Privacy Arik Friedman and Assal Schuster by Slawomir Goryczka

Data Mining with Differential Privacy Arik Friedman and Assal Schuster by Slawomir Goryczka Differential Privacy A randomized computation M provides -differential privacy if for any datasets A and B that differ by 1 record and any set of

193 views • 17 slides
Day 2 Operations Best Practices Janet Yu, Software Engineer, SignalFx Ben Lin, APAC Tech Lead,

Day 2 Operations Best Practices Janet Yu, Software Engineer, SignalFx Ben Lin, APAC Tech Lead,

Day 2 Operations Best Practices Janet Yu, Software Engineer, SignalFx Ben Lin, APAC Tech Lead, Mesosphere Agenda Overview Architecture Metrics API Demo Continuously Connected World Mobile 4.4B Internet of Things (IoT) 6B

460 views • 44 slides
Distributed Systems Meet Economics: Pricing in the Cloud Presenter: Rishan Chen Peking

Distributed Systems Meet Economics: Pricing in the Cloud Presenter: Rishan Chen Peking

Distributed Systems Meet Economics: Pricing in the Cloud Presenter: Rishan Chen Peking University and Microsoft Research, Asia June 2010, Boston, MA Cloud is a distributed system System metrics Throughput Latency / response time

373 views • 11 slides
Analyze Prometheus Metrics Like a Data Scientist Georg ttl Promcon 2017, Munich About me /

Analyze Prometheus Metrics Like a Data Scientist Georg ttl Promcon 2017, Munich About me /

Analyze Prometheus Metrics Like a Data Scientist Georg ttl Promcon 2017, Munich About me / experiences Enterprise Software Dev. Data Science Services Dev / DevOps / Ops Developer who likes Math Twitter: @goettl Objective talk

363 views • 25 slides
Software Reliability Categorizing and specifying the reliability of software systems CS 422

Software Reliability Categorizing and specifying the reliability of software systems CS 422

Chapter 18 Chapter 18 Software Reliability Learning Objective ... Define the basic principles underlying software reliability engineering (metrics, measurement, and prediction) Frederick T Sheldon Assistant Professor of Computer Science

435 views • 14 slides
Lecture 04: More Process Modelling & Software Metrics 2015-05-04 Prof. Dr. Andreas Podelski,

Lecture 04: More Process Modelling & Software Metrics 2015-05-04 Prof. Dr. Andreas Podelski,

Softwaretechnik / Software-Engineering Lecture 04: More Process Modelling & Software Metrics 2015-05-04 Prof. Dr. Andreas Podelski, Dr. Bernd Westphal 04 2015-05-04 main Albert-Ludwigs-Universit at Freiburg, Germany

702 views • 51 slides
In Interw rwar: Ris ise of Totali litarianism Joseph Stali lin U.S.S.R. during the

In Interw rwar: Ris ise of Totali litarianism Joseph Stali lin U.S.S.R. during the

In Interw rwar: Ris ise of Totali litarianism Joseph Stali lin U.S.S.R. during the Interwar Period Entrenchment of communism Use of totalitarianism to create a powerful communist state Stalins policies (command

289 views • 5 slides
Factors I s Influencing t the Experiences o s of Obst stetrics Care P Patients w s within t

Factors I s Influencing t the Experiences o s of Obst stetrics Care P Patients w s within t

Factors I s Influencing t the Experiences o s of Obst stetrics Care P Patients w s within t the Milit ilitary H Health S Sys ystem 2020 APHA Annual Meeting Presenter: Kimberley Marshall-Aiyelawo, PhD Medically Ready ForceReady

652 views • 15 slides
Immanuel Kant (17241804) Analytic vs. Synthetic Truths On pgs. 78-80, Shapiro discusses

Immanuel Kant (17241804) Analytic vs. Synthetic Truths On pgs. 78-80, Shapiro discusses

Immanuel Kant (17241804) Analytic vs. Synthetic Truths On pgs. 78-80, Shapiro discusses Kants views on conceptual analysis and analytic truths. Im having trouble understanding why conceptual analysis by itself doesnt help us

588 views • 30 slides

More recommend