IEEE Transactions on Software Engineering
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A note on the confinement problem
Communications of the ACM
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards
E-SMART '01 Proceedings of the International Conference on Research in Smart Cards: Smart Card Programming and Security
Electromagnetic Analysis: Concrete Results
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Practical privacy: the SuLQ framework
Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
The worst-case execution-time problem—overview of methods and survey of tools
ACM Transactions on Embedded Computing Systems (TECS)
Robust De-anonymization of Large Sparse Datasets
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Opportunities and Limits of Remote Timing Attacks
ACM Transactions on Information and System Security (TISSEC)
The Differential Privacy Frontier (Extended Abstract)
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
RTAS '09 Proceedings of the 2009 15th IEEE Symposium on Real-Time and Embedded Technology and Applications
Differentially private recommender systems: building privacy into the net
Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining
Privacy integrated queries: an extensible platform for privacy-preserving data analysis
Proceedings of the 2009 ACM SIGMOD International Conference on Management of data
Differential privacy: a survey of results
TAMC'08 Proceedings of the 5th international conference on Theory and applications of models of computation
Airavat: security and privacy for MapReduce
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
Distance makes the types grow stronger: a calculus for differential privacy
Proceedings of the 15th ACM SIGPLAN international conference on Functional programming
Predictive black-box mitigation of timing channels
Proceedings of the 17th ACM conference on Computer and communications security
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Toward privacy in public databases
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Our data, ourselves: privacy via distributed noise generation
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Calibrating noise to sensitivity in private data analysis
TCC'06 Proceedings of the Third conference on Theory of Cryptography
GUPT: privacy preserving data analysis made easy
SIGMOD '12 Proceedings of the 2012 ACM SIGMOD International Conference on Management of Data
Towards statistical queries over distributed private user data
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
Software abstractions for trusted sensors
Proceedings of the 10th international conference on Mobile systems, applications, and services
On significance of the least significant bits for differential privacy
Proceedings of the 2012 ACM conference on Computer and communications security
DJoin: differentially private join queries over distributed databases
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Linear dependent types for differential privacy
POPL '13 Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Probabilistic Relational Reasoning for Differential Privacy
ACM Transactions on Programming Languages and Systems (TOPLAS)
PHANTOM: practical oblivious computation in a secure processor
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
| Hi-index | 0.00 |
Anonymizing private data before release is not enough to reliably protect privacy, as Netflix and AOL have learned to their cost. Recent research on differential privacy opens a way to obtain robust, provable privacy guarantees, and systems like PINQ and Airavat now offer convenient frameworks for processing arbitrary userspecified queries in a differentially private way. However, these systems are vulnerable to a variety of covertchannel attacks that can be exploited by an adversarial querier. We describe several different kinds of attacks, all feasible in PINQ and some in Airavat. We discuss the space of possible countermeasures, and we present a detailed design for one specific solution, based on a new primitive we call predictable transactions and a simple differentially private programming language. Our evaluation, which relies on a proof-of-concept implementation based on the Caml Light runtime, shows that our design is effective against remotely exploitable covert channels, at the expense of a higher query completion time.