rigorous foundations for statistical data privacy
play

Rigorous Foundations for Statistical Data Privacy Adam Smith - PowerPoint PPT Presentation

Aug 20, 2022 •117 likes •466 views

Rigorous Foundations for Statistical Data Privacy Adam Smith Boston University CWI, Amsterdam November 15, 2018 Privacy is changing Data-driven systems guiding decisions in many areas Models increasingly complex Privacy

  1. Rigorous Foundations for Statistical Data Privacy Adam Smith Boston University CWI, Amsterdam November 15, 2018

  2. “Privacy” is changing • Data-driven systems guiding decisions in many areas • Models increasingly complex Privacy Benefits of data (better diagnoses, Transparency lower recidivism…) Control 2

  3. Privacy in Statistical Databases Researchers Individuals Summaries queries “Agency” answers Complex models Large collections of personal information • census data Synthetic data • medical/public health • online advertising • education … 3

  4. Two conflicting goals • Utility: release aggregate statistics • Privacy: individual information stays hidden Utility Privacy How do we define “privacy”? • Studied since 1960’s in Ø Statistics Ø Databases & data mining Ø Cryptography • This talk: Rigorous foundations and analysis 4

  5. “Relax – it can only see metadata.” 5

  6. This talk • Why is privacy challenging? Ø Anonymization often fails Ø Example: membership attacks, in theory and in practice • Differential Privacy [DMNS’06] Ø “Privacy” as stability to small changes Ø Widely studied and deployed • The “frontier” of research on statistical privacy Ø Three topics 6

  7. First attempt: Remove obvious identifiers “AI recognizes blurred faces” [McPherson Shokri Shmatikov ’16] N a m e : E t h n i c i t y : [Gymrek McGuire Golan Halperin Erlich ’13] [Pandurangan ‘14] Everything is an identifier [Ganta Kasiviswanathan S ’08] Images: whitehouse.gov, genesandhealth.org, medium.com 7

  8. Is the problem granularity? What if we only release aggregate information? Statistics together may encode data • Example: Average salary before/after resignation • More generally: Too many, “too accurate” statistics reveal individual information Ø Reconstruction attacks [Dinur Nissim 2003, …, Cohen Nissim 2017] Ø Membership attacks [next slide] Cannot release everything everyone would want to know 8

  9. A Few Membership Attacks • [Homer et al. 2008] Exact high-dimensional summaries allow an attacker to test membership in a data set Ø Caused US NIH to change data sharing practices • [Dwork, S , Steinke, Ullman, Vadhan, FOCS ‘15] Distorted high-dimensional summaries allow an attacker to test membership in a data set • [Shokri, Stronati, Song, Shmatikov, Oakland 2017] Membership inference using ML as a service (from exact answers) 9

  10. Membership Attacks Population ! attributes 0 1 1 0 1 0 0 0 1 " data 0 1 0 1 0 1 0 0 1 1 0 1 1 1 1 0 1 0 people 1 1 0 0 1 0 1 0 0 Suppose • We have a data set in which membership is sensitive Ø Participants in clinical trial Ø Targeted ad audience • Data has many binary attributes for each person Ø Genome-wide association studies # = 1 000 000 (“SNPs”), ' < 2000 10

  11. Membership Attacks “Out” Population ! attributes Alice’s data 0 1 1 0 1 0 0 0 1 “In” " data 0 1 0 1 0 1 0 0 1 1 0 1 1 1 1 0 1 0 1 0 1 1 1 1 0 1 0 people 1 1 0 0 1 0 1 0 0 “In”/ # $ Attacker .50 .75 .50 .50 .75 .50 .25 .25 .50 “Out” • Release exact column averages • Attacker succeeds with high probability when there are more attributes than people and % ≪ '/) 11

  12. Membership Attacks “Out” Population ( attributes Alice’s data 0 1 1 0 1 0 0 0 1 “In” ) data 0 1 0 1 0 1 0 0 1 1 0 1 1 1 1 0 1 0 1 0 1 1 1 1 0 1 0 people 1 1 0 0 1 0 1 0 0 “In”/ * + Attacker .50 .75 .50 .50 .75 .50 .25 .25 .50 “Out” ± " in each coordinate .4 .7 .6 .5 .8 .4 .2 .3 .6 • Release exact distorted column averages ( ± ") No matter how • Attacker succeeds with high probability when distortion performed there are more attributes than people and " ≪ %/' 12

  13. Machine Learning as a Service Model Prediction API Training API Input from Classification DATA users, apps … Sensitive! Transactions, preferences, online and offline behavior 13

  14. Exploiting Trained Models Model Prediction API Training API Input from Classification the training set DATA Input not from Classification the training set recognize the difference 14

  15. Exploiting Trained Models … without knowing the specifics of the actual model! Model Prediction API Training API Input from Classification the training set DATA Input not from Classification the training set Train a model to… recognize the difference 15

  16. This talk • Why is privacy challenging? Ø Anonymization often fails Ø Example: membership attacks, in theory and in practice • Differential Privacy [DMNS’06] Ø “Privacy” as stability to small changes Ø Widely studied and deployed • The “frontier” of research on statistical privacy Ø Three topics 16

  17. Differential Privacy • Several current deployments Apple Google US Census • Burgeoning field of research Databases, Crypto, Statistics, Game theory, Law, Algorithms programming security learning economics policy languages 17

  18. Differential Privacy A A(x) random bits • Data set ! Ø Domain D can be numbers, categories, tax forms Ø Think of x as fixed (not random) • A = randomized procedure Ø A(x) is a random variable Ø Randomness might come from adding noise, resampling, etc. 18

  19. Differential Privacy A A A(x’) A(x) random random bits bits • A thought experiment Ø Change one person’s data (or add or remove them) For any set of Ø Will the probabilities of outcomes change? outcomes, (e.g. I get denied health insurance) about the same probability in both worlds 19

  20. Differential Privacy A A A(x’) A(x) local random local random coins coins !’ is a neighbor of ! if they differ in one data point Neighboring databases induce close distributions Definition : A is # -differentially private if, on outputs for all neighbors $ , $’ , 0 1 for all subsets S of outputs Pr ' $ ∈ ) ≤ (1 + #) Pr ' $ / ∈ ) # is a leakage measure 20

  21. Randomized Response [Warner 1965] A 1 ! = ' ( , … , ' + local random coins • Say we want to release the proportion of diabetics in a data set Ø Each person’s data is 1 bit: ! " = 0 or ! " = 1 • Randomized response: each individual rolls a die Ø 1, 2, 3 or 4: Report true value ! " Ø 5 or 6: Report opposite value & ! " • Output is list of reported values ' ( , … , ' + Ø Satisfies our definition when , ≈ 0.7 Ø Can estimate fraction of ! " ’s that are 1 when 0 is large 22

  22. Laplace Mechanism function f A 0 " = ! " + 23456 local random coins • Say we want to release a summary ! " ∈ ℝ % Ø e.g., proportion of diabetics: " & ∈ 0,1 and ! " = + , ∑ & " & • Simple approach: add noise to !(") Ø How much noise is needed? Ø Idea: Calibrate noise to some measure of ! ’s volatility 23

  23. Laplace Mechanism function f A ! " = $ " + &'()* local random coins • Global Sensitivity: Ø Example: f(x) x f(x’) x’ 24

  24. Laplace Mechanism function f A % & = ( & + *+,-. local random coins • Global Sensitivity: Ø Example: Ø Laplace distribution Lap $ has density Ø Changing one point translates curve 25

  25. Attacks “match” differential privacy function f A & ' = ) ' + +,-./ local random coins # • Can release ! proportions with noise ≈ $% per entry • Requires “approximate” variant of DP 2 2 Differential Reconstruction Robust 1/ + privacy attacks 34 4 membership attacks Sampling error 26

  26. A rich algorithmic field Noise addition Exponential sampling ! ∼ # $ % ∝ exp(+ ⋅ -./012$ $, % ) Local 5 6 Untrusted perturbation 5 7 aggregator 5 8 A 27

  27. Interpreting Differential Privacy • A naïve hope: Your beliefs about me are the same after you see the output as they were before • Impossible Ø Suppose you know that I smoke Ø Clinical study: “smoking and cancer correlated” Ø You learn something about me • Whether or not my data were used • Differential privacy implies: No matter what you know ahead of time, You learn (almost) the same things about me whether or not my data are used Ø Provably resists attacks mentioned earlier 28

  28. Research on (differential) privacy • Definitions Ø Pinning down “privacy” • Algorithms: what can we compute privately? Ø Fundamental techniques Ø Specific applications • Usable systems • Attacks: “Cryptanalysis” for data privacy • Protocols: Cryptographic tools for large-scale analysis • Implications for other areas Ø Adaptive data analysis Ø Law and policy 29

  29. This talk • Why is privacy challenging? Ø Anonymization often fails Ø Example: membership attacks, in theory and in practice • Differential Privacy [DMNS’06] Ø “Privacy” as stability to small changes Ø Widely studied and deployed • The “frontier” of research on statistical privacy Ø Three topics 30

  30. Frontier 1: Deep Learning with DP [Abadi et al 2016, …] s r e t e m a r a P Sensitive Deep Data Learning Revealed now, Thought of as but should be private now, but hidden Model better to reason as if public 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Foundations of Computing II Lecture 26: Applications Differential Privacy Stefano Tessaro

Foundations of Computing II Lecture 26: Applications Differential Privacy Stefano Tessaro

CSE 312 Foundations of Computing II Lecture 26: Applications Differential Privacy Stefano Tessaro tessaro@cs.washington.edu 1 Setting Data mining Statistical queries Medical data Query logs Social network data 2 Setting

1.03k views • 21 slides
Review Review Course Overview Privacy Querying Published data, Encrypted Data yp Statistical

Review Review Course Overview Privacy Querying Published data, Encrypted Data yp Statistical

Review Review Course Overview Privacy Querying Published data, Encrypted Data yp Statistical databases Statistical databases, Differential privacy, Location-based privacy Encryption E ti Insider Threat/ DBMS Steganographic Intrusion

394 views • 24 slides
CS573 Data Privacy and Security Statistical Databases Statistical Databases Li Xiong Today

CS573 Data Privacy and Security Statistical Databases Statistical Databases Li Xiong Today

CS573 Data Privacy and Security Statistical Databases Statistical Databases Li Xiong Today Statistical databases Definitions Early query restriction methods Output perturbation and differential privacy Output perturbation and

549 views • 42 slides
Statistical Foundations for Analyzing Human Microbiome Data Human Microbiome Data Patricio S. La

Statistical Foundations for Analyzing Human Microbiome Data Human Microbiome Data Patricio S. La

Statistical Foundations for Analyzing Human Microbiome Data Human Microbiome Data Patricio S. La Rosa 1 , Paul Brooks 2 , Yanjiao Zhou 1 , Elena Deych 1 , Berkley Shands 1 , Ed Boone 2 , David Edwards 2 , Qin Wang 2 , Erica Sodergren 1 , George

296 views • 13 slides
Statistical Databases Query Auditing Li Xiong CS573 Data Privacy and Anonymity Partial

Statistical Databases Query Auditing Li Xiong CS573 Data Privacy and Anonymity Partial

Statistical Databases Query Auditing Li Xiong CS573 Data Privacy and Anonymity Partial slides credit: Vitaly Shmatikov, Univ Texas at Austin Query Audit Problem Maintaining privacy of data Auditor Q 1 Q 2 Q n Database

305 views • 27 slides
Privacy-Preserving Statistical Data Analysis on Federated Databases Dan Bogdanov Liina Kamm

Privacy-Preserving Statistical Data Analysis on Federated Databases Dan Bogdanov Liina Kamm

Privacy-Preserving Statistical Data Analysis on Federated Databases Dan Bogdanov Liina Kamm Sven Laur Pille Pruulmann-Vengerfeldt Riivo Talviste Jan Willemson Annual Privacy Forum Athens, Greece May 20, 2014 UaESMC Problem Statement

429 views • 17 slides
CS573 Data Privacy and Security Statistical Databases Li Xiong Department of Mathematics and

CS573 Data Privacy and Security Statistical Databases Li Xiong Department of Mathematics and

CS573 Data Privacy and Security Statistical Databases Li Xiong Department of Mathematics and Computer Science Emory University Statistical databases Definitions Early query restriction methods Output perturbation and differential

392 views • 24 slides
Probabilistic Foundations of Statistical Network Analysis Chapter 2: Binary relational data Harry

Probabilistic Foundations of Statistical Network Analysis Chapter 2: Binary relational data Harry

Probabilistic Foundations of Statistical Network Analysis Chapter 2: Binary relational data Harry Crane Based on Chapter 2 of Probabilistic Foundations of Statistical Network Analysis Book website: http://www.harrycrane.com/networks.html Harry

573 views • 13 slides
Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques

Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques

CS573 Data Privacy and Security Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques Composition theorems Statistical Data Privacy Non-interactive vs interactive Privacy goal: individual is

1.15k views • 64 slides
Probabilistic Foundations of Statistical Network Analysis Chapter 5: Statistical modeling paradigm

Probabilistic Foundations of Statistical Network Analysis Chapter 5: Statistical modeling paradigm

Probabilistic Foundations of Statistical Network Analysis Chapter 5: Statistical modeling paradigm Harry Crane Based on Chapter 5 of Probabilistic Foundations of Statistical Network Analysis Book website: http://www.harrycrane.com/networks.html

443 views • 31 slides
A Suggested Framework for National Statistical Offices for Assessing and Managing Privacy Risks

A Suggested Framework for National Statistical Offices for Assessing and Managing Privacy Risks

A Suggested Framework for National Statistical Offices for Assessing and Managing Privacy Risks Related to the Use of Big Data Pascal Jacques Eurostat Local Security Officer 1 UNECE 2014 Project : The Role of Big Data in the Modernisation of

227 views • 12 slides
Dissipation and the Foundations of Classical Statistical Denis J. Evans, Stephen R. Williams

Dissipation and the Foundations of Classical Statistical Denis J. Evans, Stephen R. Williams

Foundations of classical statistical thermodynamics Dissipation and the Foundations of Classical Statistical Denis J. Evans, Stephen R. Williams Research School of Chemistry, Australian National University, Canberra, Australia and Debra J.

516 views • 25 slides
Digital Logic Design: a rigorous approach c Chapter 11: Foundations of combinational circuits

Digital Logic Design: a rigorous approach c Chapter 11: Foundations of combinational circuits

Digital Logic Design: a rigorous approach c Chapter 11: Foundations of combinational circuits Guy Even Moti Medina School of Electrical Engineering Tel-Aviv Univ. April 26, 2020 Book Homepage: http://www.eng.tau.ac.il/~guy/Even-Medina 1

1.14k views • 60 slides
Digital Logic Design: a rigorous approach c Chapter 11: Foundations of combinational circuits

Digital Logic Design: a rigorous approach c Chapter 11: Foundations of combinational circuits

Digital Logic Design: a rigorous approach c Chapter 11: Foundations of combinational circuits Guy Even Moti Medina School of Electrical Engineering Tel-Aviv Univ. April 26, 2020 Book Homepage: http://www.eng.tau.ac.il/~guy/Even-Medina 1

883 views • 56 slides
h s i l a c o L Distributed Models for Statistical Data Privacy Adam Smith Based on

h s i l a c o L Distributed Models for Statistical Data Privacy Adam Smith Based on

h s i l a c o L Distributed Models for Statistical Data Privacy Adam Smith Based on L. Reyzin, A. Smith, S. Yakoubov BU Computer Science https://eprint.iacr.org/2018/997 PPML 2018 Workshop A. Cheu, A. Smith, J. Ullman, D.

711 views • 48 slides
Digital Logic Design: a rigorous approach c Chapter 19: Foundations of Synchronous Circuits

Digital Logic Design: a rigorous approach c Chapter 19: Foundations of Synchronous Circuits

Digital Logic Design: a rigorous approach c Chapter 19: Foundations of Synchronous Circuits Guy Even Moti Medina School of Electrical Engineering Tel-Aviv Univ. May 30, 2019 Book Homepage: http://www.eng.tau.ac.il/~guy/Even-Medina 1 /

571 views • 55 slides
Technology Tools for Tomorrow GFPS Believes Technology is a tool that supports our mission

Technology Tools for Tomorrow GFPS Believes Technology is a tool that supports our mission

Technology Tools for Tomorrow GFPS Believes Technology is a tool that supports our mission to successfully educate students to navigate their future. Technology engages students and promotes collaboration. As our students prepare

785 views • 25 slides
Stochastic Programming for Financial Applications SAMSI Finance Group Project Adam Schmidt,

Stochastic Programming for Financial Applications SAMSI Finance Group Project Adam Schmidt,

Stochastic Programming for Financial Applications SAMSI Finance Group Project Adam Schmidt, Andrew Hutchens, Hannah Adams, Hao Wang, Nathan Miller, William Pfeiffer Agenda Our Results Limitations Portfolio Our and and Future Optimization

653 views • 21 slides
Investing in U.S. Farmland Table of Contents I. Strategy II. Homestead Team III. Case

Investing in U.S. Farmland Table of Contents I. Strategy II. Homestead Team III. Case

Investing in U.S. Farmland Table of Contents I. Strategy II. Homestead Team III. Case Studies IV. General Terms 1 I. Strategy Farmland Market Overview Significant opportunity for value-add investor with local presence to generate alpha

557 views • 20 slides
Creating a Global Entertainment Content, Digital Media &amp; OTT Powerhouse Disclaimer This

Creating a Global Entertainment Content, Digital Media &amp; OTT Powerhouse Disclaimer This

April 17, 2020 Creating a Global Entertainment Content, Digital Media &amp; OTT Powerhouse Disclaimer This communication contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, or

606 views • 19 slides
Researching the Wonders of Woodchip Ben Raskin - Head of Horticulture and Agroforestry, Soil

Researching the Wonders of Woodchip Ben Raskin - Head of Horticulture and Agroforestry, Soil

The Farmers Researching the Wonders of Woodchip Ben Raskin - Head of Horticulture and Agroforestry, Soil Association Audrey Litterick - Director, Earthcare Technical Ltd Adam Bartkowski -Assistant Production Manager &amp; Innovations Manager,

1.07k views • 84 slides
PRISA Bay County Employees Retirement System April 17, 2018 Confidential information. Not for

PRISA Bay County Employees Retirement System April 17, 2018 Confidential information. Not for

PRISA Bay County Employees Retirement System April 17, 2018 Confidential information. Not for further distribution. Table of Contents PGIM REAL ESTATE REPRESENTATIVES PGIM Real Estate Overview Section I Catherine Minor PRISA Assistant

3.51k views • 91 slides
Council present: Shahid Ahmed, PwC Theresa Hennesy, Comcast Corporation John Barnhill, Genband

Council present: Shahid Ahmed, PwC Theresa Hennesy, Comcast Corporation John Barnhill, Genband

Technical Advisory Council Federal Communications Commission Summary of Meeting September 20 th , 2016 The Technical Advisory Council (TAC) for the FCC was convened for its twenty-second meeting at 12:30 P.M. on September 20 th , 2016 in the

1.94k views • 136 slides
RET Project #5: Cybersecurity Faculty Mentor: Dr. Franco Graduate Research Assistant: Shaunak

RET Project #5: Cybersecurity Faculty Mentor: Dr. Franco Graduate Research Assistant: Shaunak

RET Project #5: Cybersecurity Faculty Mentor: Dr. Franco Graduate Research Assistant: Shaunak Kapoor Teachers: Adam Mesewicz Kelly Hiersche RET is funded by the National Science Foundation, grant # EEC-1710826 1 Table of Contents I.

625 views • 25 slides

More recommend