privacy accounting and quality control in the sage di ff
play

Privacy Accounting and Quality Control in the Sage Di ff erentially - PowerPoint PPT Presentation

Feb 23, 2023 •144 likes •603 views

Privacy Accounting and Quality Control in the Sage Di ff erentially Private ML Platform Mathias Lcuyer With: Riley Spahn, Kiran Vodrahalli, Roxana Geambasu, and Daniel Hsu Machine Learning (ML) introduces a dangerous double standard for data

  1. Privacy Accounting and Quality Control in the Sage Di ff erentially Private ML Platform Mathias Lécuyer With: Riley Spahn, Kiran Vodrahalli, Roxana Geambasu, and Daniel Hsu

  2. Machine Learning (ML) introduces a dangerous double standard for data protection Example: messaging app 2

  3. Example: messaging app ML platform (e.g. TFX) auto- ad recommendation Traditional complete targeting model model model code messages, database Growing Database likes, clicks... 3

  4. Example: messaging app user's messages user's messages (per access control restrictions) API ML platform (e.g. TFX) auto- ad recommendation Traditional complete targeting model model model code Access control messages, database Growing Database likes, clicks... 4

  5. Example: messaging app models and/or predictions (based on everyone's messages, likes, clicks...) API ML platform (e.g. TFX) ( ε g , δ g )-DP ( ε g , δ g )-DP ( ε g , δ g )-DP auto- ad ( ε g , δ g )-DP ( ε g , δ g )-DP ( ε g , δ g )-DP recommendation ad auto- recommendation Traditional complete targeting ad auto- recommendation model targeting complete model model model targeting complete model code model model model model Access control messages, database Growing Database likes, clicks... 5

  6. Example: messaging app ML should only captures general trends from the data, but often captures specific information about individual entries in the dataset. API ML platform (e.g. TFX) ( ε g , δ g )-DP ( ε g , δ g )-DP ( ε g , δ g )-DP auto- ad ( ε g , δ g )-DP ( ε g , δ g )-DP ( ε g , δ g )-DP recommendation ad auto- recommendation Traditional complete targeting ad auto- recommendation model targeting complete model model model targeting complete model code model model model model Access control messages, database Growing Database likes, clicks... 6

  7. Example: messaging app Language models over users’ emails leak secrets. (Carlini+ '18) API ML platform (e.g. TFX) ( ε g , δ g )-DP ( ε g , δ g )-DP ( ε g , δ g )-DP auto- ad ( ε g , δ g )-DP ( ε g , δ g )-DP ( ε g , δ g )-DP recommendation ad auto- recommendation Traditional complete targeting ad auto- recommendation model targeting complete model model model targeting complete model code model model model model Access control messages, database Growing Database likes, clicks... 7

  8. Example: messaging app Recommenders leak information across users. Membership in a training set can be inferred [Calandrino'11] through prediction APIs. (Shokri+17) API ML platform (e.g. TFX) ( ε g , δ g )-DP ( ε g , δ g )-DP ( ε g , δ g )-DP auto- ad ( ε g , δ g )-DP ( ε g , δ g )-DP ( ε g , δ g )-DP recommendation ad auto- recommendation Traditional complete targeting ad auto- recommendation model targeting complete model model model targeting complete model code model model model model Access control messages, database Growing Database likes, clicks... 8

  9. Example: messaging app Recommenders leak information across users. Language models over users’ emails leak secrets. Recommenders leak information across users. [Calandrino'11] (Carlini+ '18) (Calandrino'11) API ML platform (e.g. TFX) ( ε g , δ g )-DP ( ε g , δ g )-DP ( ε g , δ g )-DP auto- ad ( ε g , δ g )-DP ( ε g , δ g )-DP ( ε g , δ g )-DP recommendation ad auto- recommendation Traditional complete targeting ad auto- recommendation model targeting complete model model model targeting complete model code model model model model Access control messages, database Growing Database likes, clicks... 9

  10. Example: messaging app • Making individual training algorithms Differentially Privacy (DP) is good but insufficient, because old data is reused many times. • No system exists for managing multiple DP training algorithms to enforce a global DP guarantee. API ML platform (e.g. TFX) ( ε g , δ g )-DP ( ε g , δ g )-DP ( ε g , δ g )-DP auto- ad ( ε g , δ g )-DP ( ε g , δ g )-DP ( ε g , δ g )-DP recommendation ad auto- recommendation Traditional complete targeting ad auto- recommendation model targeting complete model model model targeting complete model code model model model model Access control messages, database Growing Database likes, clicks... 10

  11. Example: messaging app • Making individual training algorithms Differentially Privacy (DP) is good but insufficient, because old data is reused many times. • No system exists for managing multiple DP training algorithms to enforce a global DP guarantee. API ML platform (e.g. TFX) ( ε , δ )-DP ( ε , δ )-DP ( ε g , δ g )-DP ( ε g , δ g )-DP ( ε g , δ g )-DP ( ε , δ )-DP ( ε g , δ g )-DP ( ε g , δ g )-DP ( ε g , δ g )-DP auto- ad ad auto- recommendation recommendation Traditional ad auto- recommendation complete targeting targeting complete model model targeting complete model code model model model model model model Access control messages, database Growing Database likes, clicks... 11

  12. Can we make Di ff erential Privacy practical for ML applications? 12

  13. Sage • Enforces a global ( ε g , δ g )-DP guarantee across all models ever released from a growing database. API ML platform (e.g. TFX) • Tackles in practical ways two difficult ( ε , δ )-DP ( ε , δ )-DP ( ε g , δ g )-DP ( ε g , δ g )-DP ( ε g , δ g )-DP ( ε , δ )-DP DP challenges: ( ε g , δ g )-DP ( ε g , δ g )-DP ( ε g , δ g )-DP auto- ad ad auto- recommendation recommendation Traditional ad auto- recommendation complete targeting targeting complete model 1. “Running out of budget” model targeting complete model code model model model model model model 2. “Privacy-utility tradeoff.” Access Sage access control global ( ε g , δ g )-DP control messages, database Growing Database likes, clicks... 13

  14. Outline Motivation Di ff erential Privacy Two practical challenges Sage design Evaluation 14

  15. Differential Privacy (DP) (Dwork+ '06) • Developed to allow privacy-preserving statistical analyses on sensitive datasets (e.g., census, drug purchases, …). • First (and only) rigorous definition of privacy suitable for this use case. 15

  16. Definition • DP is a stability constraint on computations running on datasets: it requires that no single data point in an input dataset has a significant influence on the output. • To achieve stability, randomness is added into the computation. 16

  17. Definition • DP is a stability constraint on computations running on datasets: it requires that no single data point in an input dataset has a significant influence on the output. • To achieve stability, randomness is added into the computation. • A randomized computation f: D → O, is ( ε , δ )-DP if for any pair of datasets D and D' di ff ering in one entry, and for any output set S ⊂ O: P(f(D) ∈ S) ≤ e ε P(f(D') ∈ S) + δ 17

  18. DP in ML • Approach: make training algorithms DP . • It prevents membership query and reconstruction attacks (Steinke-Ullman '14; Dwork+ '15; Carlini+ '18). • DP versions exist for most ML training algorithms: • Stochastic gradient descent (SGD) (Abadi+16, Yu+19). • Various regressions (Chaudhuri+08, Kifer+12, Nikolaenko+13, Talwar+15). • Collaborative filtering (McSherry+09). • Language models (McMahan+18). • Feature and model selection (Chaudhuri+13, Smith+13). • Model evaluation (Boyd+15). • Tensorflow/privacy implements several of these algorithms (McMahan+19). 18

  19. Outline Motivation Di ff erential Privacy Two practical challenges Sage design Evaluation 19

  20. Challenge 1 - Running out of privacy budget ML platform (e.g. TFX) ( ε g , δ g )-DP model ( ε g , δ g )-DP model ( ε g , δ g )-DP model ( ε , δ )-DP model Most DP work focuses on a fixed database model: global ( ε g , δ g )-DP • Each model consumes some privacy budget. Privacy loss • When the budget is exhausted, the data cannot be used anymore: the system can "run out of budget". Time Fixed Dataset 20

  21. Challenge 1 - Running out of privacy budget ML platform (e.g. TFX) ( ε g , δ g )-DP model ( ε g , δ g )-DP model ( ε g , δ g )-DP model ( ε , δ )-DP model Most DP work focuses on a fixed database model: global ( ε g , δ g )-DP • Each model consumes some privacy budget. Privacy loss • When the budget is exhausted, the data cannot be used anymore: the system can "run out of budget". Time Fixed Dataset 21

  22. Challenge 1 - Running out of privacy budget ML platform (e.g. TFX) ( ε g , δ g )-DP model ( ε g , δ g )-DP model ( ε g , δ g )-DP model ( ε , δ )-DP model Most DP work focuses on a fixed database model: global ( ε g , δ g )-DP • Each model consumes some privacy budget. Privacy loss • When the budget is exhausted, the data cannot be used anymore: the system can "run out of budget". Time Fixed Dataset 22

  23. Challenge 1 - Running out of privacy budget ML platform (e.g. TFX) ( ε g , δ g )-DP model ( ε g , δ g )-DP model ( ε g , δ g )-DP model ( ε , δ )-DP model Most DP work focuses on a fixed database model: global ( ε g , δ g )-DP • Each model consumes some privacy budget. Privacy loss • When the budget is exhausted, the data cannot be used anymore: the system can "run out of budget". Time Fixed Dataset 23

  24. Challenge 2 - Privacy/utility trade-off 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Accounting issues Treasurer's Instructions departure from Accounting Standards Control vs

Accounting issues Treasurer's Instructions departure from Accounting Standards Control vs

Accounting issues Treasurer's Instructions departure from Accounting Standards Control vs joint control Debt Restricted cash Development incentives Rod Whitehead Auditor-General Accounting issues Treasurers Instructions departure

376 views • 8 slides
Sage Inventory What is Sage Inventory Advisor? Advisor Sage Inventory Advisor is an affordable

Sage Inventory What is Sage Inventory Advisor? Advisor Sage Inventory Advisor is an affordable

Sage Inventory Advisor PC Retreat 2015 Sage Inventory What is Sage Inventory Advisor? Advisor Sage Inventory Advisor is an affordable Inventory Optimization Cloud-based solution that integrates with Sage ERP systems to help you optimize your

486 views • 4 slides
Sage CRM and Sage 300 CRE How CRM can help your business Agenda What is CRM? Common business

Sage CRM and Sage 300 CRE How CRM can help your business Agenda What is CRM? Common business

Sage CRM and Sage 300 CRE How CRM can help your business Agenda What is CRM? Common business issues faced by companies today How CRM can help your company What is CRM4CRE and how does it work? Live Demo of Sage CRM and CRM4CRE Q & A

428 views • 20 slides
Introduction to Sage Sage Days 45: Multiple Dirichlet Series, Combinatorics, and Representation

Introduction to Sage Sage Days 45: Multiple Dirichlet Series, Combinatorics, and Representation

Introduction to Sage 2/11/13 11:48 AM Introduction to Sage Sage Days 45: Multiple Dirichlet Series, Combinatorics, and Representation Theory ICERM, Providence, RI February 11, 2013 Mission Sage Mission: To create a viable, free, open source

483 views • 5 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
May 2017 Jeff Tongs Director Technical and Quality Accounting Treats or Threats? Are you

May 2017 Jeff Tongs Director Technical and Quality Accounting Treats or Threats? Are you

Accounting Standards Update May 2017 Jeff Tongs Director Technical and Quality Accounting Treats or Threats? Are you ready for: Australian Accounting Effective Date 30 June Year-end Standard Year beginning on or after AASB

738 views • 72 slides
Greater Sage-Grouse Gunnison Sage-Grouse Kathy Griffin Statewide Grouse Conservation

Greater Sage-Grouse Gunnison Sage-Grouse Kathy Griffin Statewide Grouse Conservation

Sa Sage-Gr Grouse ouse Sta Status tus Greater Sage-Grouse Gunnison Sage-Grouse Kathy Griffin Statewide Grouse Conservation Coordinator Sage-Gr Grouse ouse Dis istrib ributi ution on - CO CO Gu Gunn nnis ison on Sage-Gr Grouse

430 views • 23 slides
NE ONE IBS Quality Control: Our Partnership with White Horse Laboratories QUALITY CONTROL

NE ONE IBS Quality Control: Our Partnership with White Horse Laboratories QUALITY CONTROL

NE ONE IBS Quality Control: Our Partnership with White Horse Laboratories QUALITY CONTROL GENERAL INSPECTION STEPS The purpose of this procedure is to describe how materials are received, verified, and shipped to customers via IBS

687 views • 46 slides
xBook: Redesigning Privacy Control in Social xBook: Redesigning Privacy Control in Social

xBook: Redesigning Privacy Control in Social xBook: Redesigning Privacy Control in Social

xBook: Redesigning Privacy Control in Social xBook: Redesigning Privacy Control in Social Networking Platforms Networking Platforms Kapil Singh, Sumeer Bhola and Wenke Lee Social networking is growing 2 Privacy concerns are growing

779 views • 54 slides
Sage-Combinat meeting tonight Sages mission: To create a viable high-quality and

Sage-Combinat meeting tonight Sages mission: To create a viable high-quality and

Sage-Combinat meeting tonight Sages mission: To create a viable high-quality and open-source alternative to Maple TM , Mathematica TM , Magma TM , and MATLAB TM ... and to foster a friendly community of users and developers

1.01k views • 63 slides
Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson

Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson

Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson DIG @ CSAIL Monday 12 July 2010 Alternate Definitions of Privacy In 1890, Brandeis and Warren defined privacy as the right to be let alone

541 views • 11 slides
Some very cool things about Sage Or, why I am excited about Sage Franco V. Saliola

Some very cool things about Sage Or, why I am excited about Sage Franco V. Saliola

Some very cool things about Sage Or, why I am excited about Sage Franco V. Saliola saliola@gmail.com Laboratoire de Combinatoire et dInformatique Math ematique Universit e du Qu ebec ` a Montr eal LaCIM Seminar 7 March

630 views • 52 slides
Development and Use of Customized Quality Control Materials for Large- Quality Control Materials

Development and Use of Customized Quality Control Materials for Large- Quality Control Materials

Development and Use of Customized Quality Control Materials for Large- Quality Control Materials for Large Scale Monitoring Projects Ruth E. Wolf and Stephen A. Wilson U.S. Geological Survey, Denver, CO 80225 U.S. Department of the Interior

381 views • 16 slides
LIVE quality control inspections in China www.fba.help 2 www.fba.help The majority of quality

LIVE quality control inspections in China www.fba.help 2 www.fba.help The majority of quality

2020 LIVE quality control inspections in China www.fba.help 2 www.fba.help The majority of quality control companies perform inspections according to the AQL standard (Acceptance Quality Level). It is used to determine how many units should

235 views • 9 slides
Sage A History and Demo History: Where did Sage Come From 19971999 ( Berkeley ) HECKE

Sage A History and Demo History: Where did Sage Come From 19971999 ( Berkeley ) HECKE

Sage A History and Demo History: Where did Sage Come From 19971999 ( Berkeley ) HECKE C++ (modular forms) 19992005 ( Berkeley , Harvard ) I wrote over 25,000 lines of Magma code. Ad hoc languages and closed source devel models of

263 views • 12 slides
Quality Control: Engagement Quality Control Reviews Issues and Recommendations Karin French,

Quality Control: Engagement Quality Control Reviews Issues and Recommendations Karin French,

Quality Control: Engagement Quality Control Reviews Issues and Recommendations Karin French, IAASB Member and Working Group Chair IAASB Meeting September 2016 Agenda Item 5-B Page 1 CAG Feedback Agree the determination of which

301 views • 11 slides
One Year with Sagemaker Our experience of enhancing SaaS products based on custom Deep Learning

One Year with Sagemaker Our experience of enhancing SaaS products based on custom Deep Learning

One Year with Sagemaker Our experience of enhancing SaaS products based on custom Deep Learning Dennis Weyland econda GmbH | September 9, 2019 Community Day 2019 Sponsors Dennis Weyland Big Data & Artificial Intelligence Realtime

2.96k views • 27 slides
ZpL : a p-adic precision package Xavier Caruso, David Roe, Tristan Vaccon Univ. Rennes 1 Univ.

ZpL : a p-adic precision package Xavier Caruso, David Roe, Tristan Vaccon Univ. Rennes 1 Univ.

ZpL : a p-adic precision package ZpL : a p-adic precision package Xavier Caruso, David Roe, Tristan Vaccon Univ. Rennes 1 Univ. Bordeaux; MIT; Universit de Limoges ISSAC 2018 . . . . . . . . . . . . . . . . . . . . . .

1.05k views • 88 slides
A subfield lattice attack on overstretched NTRU assumptions Cryptanalysis of some FHE and Graded

A subfield lattice attack on overstretched NTRU assumptions Cryptanalysis of some FHE and Graded

A subfield lattice attack on overstretched NTRU assumptions Cryptanalysis of some FHE and Graded Encoding Schemes Martin R. Albrecht , Shi Bai and Lo Ducas London-ish Lattice Coding and Cryptography Meeting, Star Wars Day, 2016 Outline

1.35k views • 66 slides
Financial Year 2018 Samantha Jameson Founder, Soapsmith #SageResults Safe harbour The

Financial Year 2018 Samantha Jameson Founder, Soapsmith #SageResults Safe harbour The

Year-end results Financial Year 2018 Samantha Jameson Founder, Soapsmith #SageResults Safe harbour The following presentation is being made only to, and is only directed at, persons to among others: Inherent difficulty in predicting customer

569 views • 45 slides
POTENTIAL USES OF CA Di Discussion: W n: Wha hat d do y you a alr lready kno y know a

POTENTIAL USES OF CA Di Discussion: W n: Wha hat d do y you a alr lready kno y know a

POTENTIAL USES OF CA Di Discussion: W n: Wha hat d do y you a alr lready kno y know a about C CA? 2 POTENTIAL USES OF CA CA a as me metho hodolo logy / y / C CA a as a a b body o y of e empirical f l find nding ngs 3

402 views • 15 slides
SAGE : Can we detect gravitational waves with CubeSats? S . Lacour, P . Bourget, M. Nowak, F .

SAGE : Can we detect gravitational waves with CubeSats? S . Lacour, P . Bourget, M. Nowak, F .

SAGE : Can we detect gravitational waves with CubeSats? S . Lacour, P . Bourget, M. Nowak, F . Vincent, V . Lapeyrere, L. David, A. Le Tiec, A. Kellerer, O. S traub, J. Woillez PICSAT Photometer 100ppm Technology demonstrator for

561 views • 27 slides
Global Observations of Aerosol and Ozone from SAGE III ISS A First Year Showcase 46 th Global

Global Observations of Aerosol and Ozone from SAGE III ISS A First Year Showcase 46 th Global

Global Observations of Aerosol and Ozone from SAGE III ISS A First Year Showcase 46 th Global Monitoring Annual Conference SAGE III ISS Global Perspective Kevin Leavor Kevin R. Leavor 1 SAGE Overview NDACC kevin.r.leavor@nasa.gov

349 views • 15 slides
New Customer Acquisition at Sage: A More Scientific Approach Dan Taylor, Customer Insights

New Customer Acquisition at Sage: A More Scientific Approach Dan Taylor, Customer Insights

New Customer Acquisition at Sage: A More Scientific Approach Dan Taylor, Customer Insights Manager UKI Jen Unwin, Customer Insights Analyst UKI What are we going to cover? About Sage Our Analytics Team Preparing to Model Using Enterprise

199 views • 16 slides

More recommend