patterns and packages
play

Patterns and Packages in PostgreSQL for Privacy Preservation - PowerPoint PPT Presentation

Jun 29, 2023 •250 likes •508 views

PostgreSQL, Planning, PostGIS, Partitioning, PaaS, Permissions and now. Patterns and Packages in PostgreSQL for Privacy Preservation mantaq10 15 November 2019, Sydney www.2019.pgdu.org Atif Rahman I was like her According to Pearson-R

  1. PostgreSQL, Planning, PostGIS, Partitioning, PaaS, Permissions and now…. Patterns and Packages in PostgreSQL for Privacy Preservation mantaq10 15 November 2019, Sydney www.2019.pgdu.org Atif Rahman

  2. I was like her According to Pearson-R We were both outliers • Data Engineering • ML Pipelines • Herding Cats

  3. April 2018 – March 2019 964 NDB Breach Notifications OAIC Report 2019 Human Error Attack Healthcare 55% 35% 60% Error Others Financial 41% www.2019.pgdu.org mantaq10

  4. OAIC Report 2019 www.2019.pgdu.org mantaq10

  5. You can have security but not necessarily privacy www.2019.pgdu.org mantaq10

  6. Security Protection Binary Usage Privacy Contextual ISO/IEC 29100:2011: Privacy Framework www.2019.pgdu.org mantaq10

  7. Privacy Guarantees 𝐺 Loss-less Functions De-Identification (Record Keys (PK, FK, SK)) 1 vs x f(x) Lossy Functions 𝐺 "# Re-Identification (Brute Force & Decryption) 2 Re-Identification (Record Linkage * Math) 3 4 Ethical Computing (Permissibility & Compliance) PII and Attribute “Homomorphic encryption schemes are often Augmentation repackaging vulnerabilities (practical chosen- ciphertext attacks) as features.” – The Internet www.2019.pgdu.org mantaq10

  8. Record Linkage "87% of the U.S. population is uniquely identified by date of birth, gender, postal code.” Latanya Sweeney (k-anonymity) “Decreasing the precision of the data, or perturbing it statistically, makes re-identification gradually harder at a substantial cost to utility”. Chris Culnane, Benjamin Rubinstein, Vanessa Teague @UniMelb www.2019.pgdu.org mantaq10

  9. Privacy vs Utility Trade-off Bleeding Edge Cutting Edge Established DP SM HE AN Better Privacy Utility Guarantee SM: Secure Multiparty Computing DP: Differential Privacy HE: Homomorphic Encryption AN: Anonymisation www.2019.pgdu.org mantaq10

  10. 1. AN: (Pseudo)Anonymisation ID NAME DOB EMPLOYER ZIPCODE FK_SHOP 101 SARAH CONNOR 12-06-1962 JB Vet 63456 12 112 PAMELA LANDY 18-10-1971 FBI 54367 45 REPLACEMENT SUPRESSION (PG String Functions) (reversible or random) REPLACEMENT (PGAnonymizer) PERTURBATION GENERALISATION ID NAME DOB EMPLOYER ZIPCODE FK_SHOP 101 MIKE OBAMA 13-07-1982 JB Vet 63456 12 112 BRUCE LEE 19-11-1991 FBI 54367 45 www.2019.pgdu.org mantaq10

  11. 1. AN: (Pseudo) Anonymisation ID NAME DOB EMPLOYER ZIPCODE FK_SHOP 101 SARAH CONNOR 12-06-1962 JB Vet 63456 12 112 PAMELA LANDY 18-10-1971 FBI 54367 45 REPLACEMENT SUPRESSION (PG String Functions) (Wildcard or Removal) SUPRESSION (PGAnonymizer) - 18 PII Attributes PERTURBATION GENERALISATION ID NAME EMPLOYER ZIPCODE FK_SHOP 101 M*** ****A JB Vet 63456 12 112 B**** **E FBI 54367 45 www.2019.pgdu.org mantaq10

  12. 1. AN: (Pseudo) Anonymisation ID NAME DOB EMPLOYER ZIPCODE FK_SHOP 101 SARAH CONNOR 12-06-1962 JB Vet 63456 12 112 PAMELA LANDY 18-10-1971 FBI 54367 45 REPLACEMENT SUPRESSION (Additive Noise) (PGAnonymizer) (PDF) (Google DP) PERTURBATION (Data Imputation) (Uber DP) PERTURBATION GENERALISATION ID NAME DOB EMPLOYER ZIPCODE FK_SHOP 101 SARAH CONNOR 12-07-1958 JB Vet 64532 12 112 PAMELA LANDY 18-11-1973 FBI 57843 45 www.2019.pgdu.org mantaq10

  13. 1. AN: (Pseudo)Anonymisation ID NAME DOB EMPLOYER ZIPCODE FK_SHOP 101 SARAH CONNOR 12-06-1962 JB Vet 63456 12 112 PAMELA LANDY 18-10-1971 FBI 54367 45 REPLACEMENT SUPRESSION (PGAnonymizer) GENERALISATION (K-Anonymity or Masking) (PG Aggregate Functions) PERTURBATION 𝝉 _ZIPCODE ID NAME DOB EMPLOYER FK_SHOP GENERALISATION 101 SARAH CONNOR 1960s JB Vet 0.37 12 112 PAMELA LANDY 1970s FBI -0.99 45 www.2019.pgdu.org mantaq10

  14. Privacy vs Utility Trade-off Bleeding Edge Cutting Edge Established DP SM HE AN Better Privacy Utility Guarantee SM: Secure Multiparty Computing DP: Differential Privacy HE: Homomorphic Encryption AN: Anonymisation www.2019.pgdu.org mantaq10

  15. Differential Privacy ? Database with Statistical Perturbations Private The Oracle Ned in it Properties (Noise) Database. Not sure if Ned is there anymore • Works on the Data itself, not on the management environment • Considerably fast compared to encryption techniques. • Quantum Safe (ish) www.2019.pgdu.org mantaq10

  16. Differential Privacy on PostgreSQL https://github.com/google/differential-privacy Privacy Loss Count Sum Mean - Epsilon & Delta Variance - Risk Score for every attribute Standard deviation Order statistics (including min, max, used for a particular person and median) - Risk Score for total number of records with similar values Laplace Functions for UDFs - (rule of thumb) k = 11 www.2019.pgdu.org mantaq10

  17. HE: Homomorphic Encryption Malleable BFV Microsoft SEAL Partial Ability to apply PALISADE HE computations HELib BGV Performance on encrypted HEAAN Full TFHE data! HE CKKS Operators Trade-Offs Categories Schemes Libraries www.2019.pgdu.org mantaq10

  18. Privacy vs Utility Trade-off Bleeding Edge Cutting Edge Established DP SM HE AN Better Privacy Utility Guarantee SM: Secure Multiparty Computing DP: Differential Privacy HE: Homomorphic Encryption AN: Anonymisation www.2019.pgdu.org mantaq10

  19. Secure Multi-party Computing K-Anonymity X4/4 = Avg_pay A X4 = D_pay + X3 X1 = A_pay + 876532 D B X3 = C_pay + X2 C X2 = B_pay + X1 www.2019.pgdu.org mantaq10

  20. Privacy Guarantees 𝐺 Loss-less Functions De-Identification (Record Keys (PK, FK, SK)) 1 vs x f(x) Lossy Functions 𝐺 "# Re-Identification (Brute Force & Decryption) 2 Re-Identification (Record Linkage & Math) 3 4 Ethical Computing (Permissibility & Compliance) PII and Attribute “Homomorphic encryption schemes are often Augmentation repackaging vulnerabilities (practical chosen- ciphertext attacks) as features.” – The Internet www.2019.pgdu.org mantaq10

  21. Typical Data Pipelines Sources Landing Processing Serving ………Privacy Gates 1 1 2 4 3 2 Unified Key 1 2 Management System Ethical Computing (Permissibility & De-Identification (Record Keys (PK, FK, SK)) Re-Identification (Brute Force & Decryption) Re-Identification (Record Linkage) Compliance) www.2019.pgdu.org mantaq10

  22. Emerging Data Architecture (Data Fabrics) [HTAP = OLTP + OLAP] Processing & Serving Persistence Sources *Gaps to Close: Encryption • Performance Developer UX • Admin Tooling • Extensions! • Unified Key Management System Ethical Computing (Permissibility & De-Identification (Record Keys (PK, FK, SK)) Re-Identification (Brute Force & Decryption) Re-Identification (Record Linkage) Compliance) www.2019.pgdu.org mantaq10

  23. Key Takeaways Securing your database doesn ’t guarantee data privacy. There are trade-offs between privacy and utility You can provision privacy controls within PostgreSQL PostgreSQL fits emerging (data) architecture patterns Atif is pledging to build an extension, he needs my help! www.2019.pgdu.org mantaq10

  24. Questions 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to

Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to

Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to Debian CI autopkgtest created back in 2006 (!) 2014: Debian CI launches Goal: provide automated testing for the Debian archive (i.e. run

816 views • 68 slides
Home Care Packages Program 1 Key points Home Care Packages More packages Four levels

Home Care Packages Program 1 Key points Home Care Packages More packages Four levels

Home Care Packages Program 1 Key points Home Care Packages More packages Four levels Existing clients transitioned to new program No Agreements required Single list of care and services Home Care Packages Program

332 views • 14 slides
MATLAB 1 Mathematical Software Symbolic Math Packages - This amorphous set of packages can

MATLAB 1 Mathematical Software Symbolic Math Packages - This amorphous set of packages can

MATLAB 1 Mathematical Software Symbolic Math Packages - This amorphous set of packages can be used to perform symbolic analyses. These packages typically can solve algebraic and differential equations, can integrate and differentiate

1.18k views • 72 slides
Parcel Pro Mockup Presentation 2.009 Pink B Packages get lost Packages get stolen

Parcel Pro Mockup Presentation 2.009 Pink B Packages get lost Packages get stolen

Parcel Pro Mockup Presentation 2.009 Pink B Packages get lost Packages get stolen Packages get delayed Mailboxes too small No mailbox access for UPS / FedEx Package delivery outpacing letter delivery

591 views • 14 slides
Building DICE Building DICE Building DICE Building DICE Packages Packages Packages Packages

Building DICE Building DICE Building DICE Building DICE Packages Packages Packages Packages

Building DICE Building DICE Building DICE Building DICE Packages Packages Packages Packages Paul Anderson Division of Informatics University of Edinburgh <paul@dcs.ed.ac.uk> Summary Summary Summary Summary ! Background DICE

490 views • 16 slides
Extending R through packages: Theres a package for everything R packages are available on CRAN

Extending R through packages: Theres a package for everything R packages are available on CRAN

Extending R through packages: Theres a package for everything R packages are available on CRAN (Comprehensive R Archive Network) Well be working with the package ggplot2 ggplot2: A grammar of graphics Traditional plotting: You are a

169 views • 16 slides
A new way to pick up your packages How many student packages arrive on campus annually? A.

A new way to pick up your packages How many student packages arrive on campus annually? A.

INTRODUCING A new way to pick up your packages How many student packages arrive on campus annually? A. 40,00070,000 B. 70,000100,000 C. 100,000130,000 D. More than 130,000 C. 100,000130,000 128,407 packages delivered in AY

557 views • 27 slides
Design Patterns Applications Programming What is design patterns? The design patterns are

Design Patterns Applications Programming What is design patterns? The design patterns are

10/26/2011 G52APR Design Patterns Applications Programming What is design patterns? The design patterns are language- Design Patterns 1 independent strategies for solving common object-oriented design problems. Jiawei Li (Michael)

316 views • 8 slides
More Design Patterns Horstmann ch.10.1,10.4 Design patterns Structural design patterns

More Design Patterns Horstmann ch.10.1,10.4 Design patterns Structural design patterns

More Design Patterns Horstmann ch.10.1,10.4 Design patterns Structural design patterns Adapter Composite Decorator Proxy Behavioral design patterns Iterator Observer Strategy Template method

777 views • 16 slides
Design Patterns in Eiffel Dr. Till Bay design patterns? [Design Patterns] are

Design Patterns in Eiffel Dr. Till Bay design patterns? [Design Patterns] are

Design Patterns in Eiffel Dr. Till Bay design patterns? [Design Patterns] are descriptions of communicating objects and classes that are customized to solve a general design problem in a particular context. Design Patterns,

1.44k views • 69 slides
Packages Packages 1. Every Java object resides in a package . 2. An objects package is

Packages Packages 1. Every Java object resides in a package . 2. An objects package is

Packages Packages 1. Every Java object resides in a package . 2. An objects package is explicitly declared on the first line of code in a .java file: package edu.pcwe.uw.javaintro.misc; public class HelloWorld { public static void main(

1.02k views • 56 slides
Design Patterns 1 What are Design Patterns? Design patterns describe common (and successful)

Design Patterns 1 What are Design Patterns? Design patterns describe common (and successful)

Design Patterns 1 What are Design Patterns? Design patterns describe common (and successful) ways of building software. 2 What are Design Patterns? A pattern describes a problem that occurs often, along with a tried solution to the

727 views • 48 slides
pkgsrc meets pkg-ng Generating pkg-ng packages from pkgsrc pkgsrcCon Berlin, July 4 th 2015

pkgsrc meets pkg-ng Generating pkg-ng packages from pkgsrc pkgsrcCon Berlin, July 4 th 2015

pkgsrc meets pkg-ng Generating pkg-ng packages from pkgsrc pkgsrcCon Berlin, July 4 th 2015 Pierre Pronchery <khorben@defora.org> Why pkg-ng Why not? Binary packages first-class citizens No more options for packages

449 views • 8 slides
4 OO Package Design Principles 4.1 Packages Introduction 4.2 Packages in UML 4.3 Three

4 OO Package Design Principles 4.1 Packages Introduction 4.2 Packages in UML 4.3 Three

4 OO Package Design Principles 4.1 Packages Introduction 4.2 Packages in UML 4.3 Three Package Design Principles 4.4 Development Environment (Three more principles) 4.5 Summary OO Package Design Principles Stefan Kluth 1 4.1 Packages

392 views • 36 slides
Algorithm Design Patterns and Anti-Patterns Algorithm design patterns. Ex. Greed. O(n log n)

Algorithm Design Patterns and Anti-Patterns Algorithm design patterns. Ex. Greed. O(n log n)

Algorithm Design Patterns and Anti-Patterns Algorithm design patterns. Ex. Greed. O(n log n) interval scheduling. Divide-and-conquer. O(n log n) FFT. Dynamic programming. O(n 2 ) edit distance. Duality. O(n 3 ) bipartite

626 views • 21 slides
Extending R through packages: Theres a package for everything R packages are available on CRAN

Extending R through packages: Theres a package for everything R packages are available on CRAN

Extending R through packages: Theres a package for everything R packages are available on CRAN (Comprehensive R Archive Network) R packages are available on CRAN (Comprehensive R Archive Network) Well be working with the package ggplot2

428 views • 18 slides
Dynamically Time-Capped Possibilistic Testing of SubClassOf Axioms Against RDF Data to Enrich

Dynamically Time-Capped Possibilistic Testing of SubClassOf Axioms Against RDF Data to Enrich

Introduction Principles Possibilistic Scoring Candidate Axiom Testing Subsumption Axiom Testing Experiments Conclusion Dynamically Time-Capped Possibilistic Testing of SubClassOf Axioms Against RDF Data to Enrich Schemas Andrea G. B.

446 views • 25 slides
Measurements of Reactor Neutrinos at Long Baselines: KamLAND and Beyond Brian Kurt Fujikawa

Measurements of Reactor Neutrinos at Long Baselines: KamLAND and Beyond Brian Kurt Fujikawa

Measurements of Reactor Neutrinos at Long Baselines: KamLAND and Beyond Brian Kurt Fujikawa Lawrence Berkeley National Laboratory 2011 APS April Meeting 2011-05-01 1 Reactor Anti-Neutrino Disappearance Experiments Beta Decay of Neuron Rich

668 views • 43 slides
Jewish Agencies: Familiarity and Perception 2 Familiarity with Jewish Agencies (Respondents)

Jewish Agencies: Familiarity and Perception 2 Familiarity with Jewish Agencies (Respondents)

1 1 Jewish Agencies: Familiarity and Perception 2 Familiarity with Jewish Agencies (Respondents) 100% Very Somewhat Not at All 80% 60% 43% 42% 41% 41% 39% 39% 39% 38% 40% 36% 36% 35% 34% 34% 34% 33% 32% 29% 28% 28% 27%

1.81k views • 162 slides
MIT 6.875 & Berkeley CS276 Foundations of Cryptography Lecture 21 TODAY: Homomorphic

MIT 6.875 & Berkeley CS276 Foundations of Cryptography Lecture 21 TODAY: Homomorphic

MIT 6.875 & Berkeley CS276 Foundations of Cryptography Lecture 21 TODAY: Homomorphic Encryption 1. Secure Outsourcing Input: x Program: P Enc (x) x Enc (P(x)) P(x) Client Server (the Cloud) A Special Case: Encrypted Database Lookup

515 views • 38 slides
Selecting an Optimiser for a multinational supply chain - real world case study Eddy Parkinson

Selecting an Optimiser for a multinational supply chain - real world case study Eddy Parkinson

Selecting an Optimiser for a multinational supply chain - real world case study Eddy Parkinson Multi-National Supply Chain Customers in China/USA/Australia etc Exchange Rates Import Tax Transport Costs Factory Costs

509 views • 22 slides
Prt s rts

Prt s rts

Prt s rts rr s r Prt t

322 views • 18 slides
A Framework for System Event Classification and Prediction by Means of Machine Learning Teerat

A Framework for System Event Classification and Prediction by Means of Machine Learning Teerat

A Framework for System Event Classification and Prediction by Means of Machine Learning Teerat Pitakrat, Jonas Grunert, Oliver Kabierschke, Fabian Keller and Andr van Hoorn University of Stuttgart Institute of Software Technology (ISTE)

757 views • 52 slides
Everything in Sight: Kiekers WebGUI in Action Joint Kieker / Palladio Days 2013 Nils

Everything in Sight: Kiekers WebGUI in Action Joint Kieker / Palladio Days 2013 Nils

Everything in Sight: Kiekers WebGUI in Action Joint Kieker / Palladio Days 2013 Nils Christian Ehmke Software Engineering Group Kiel University, Germany November 27, 2013 @ Karlsruhe Nils Christian Ehmke Everything in Sight:

224 views • 19 slides

More recommend