An amateur's introduction to recursive query processing strategies
SIGMOD '86 Proceedings of the 1986 ACM SIGMOD international conference on Management of data
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
k-anonymity: a model for protecting privacy
International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems
\ell -Diversity: Privacy Beyond \kappa -Anonymity
ICDE '06 Proceedings of the 22nd International Conference on Data Engineering
Smooth sensitivity and sampling in private data analysis
Proceedings of the thirty-ninth annual ACM symposium on Theory of computing
MapReduce: simplified data processing on large clusters
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Mechanism Design via Differential Privacy
FOCS '07 Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science
Robust De-anonymization of Large Sparse Datasets
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Composition attacks and auxiliary information in data privacy
Proceedings of the 14th ACM SIGKDD international conference on Knowledge discovery and data mining
Data degradation: making private data less sensitive over time
Proceedings of the 17th ACM conference on Information and knowledge management
Privacy integrated queries: an extensible platform for privacy-preserving data analysis
Proceedings of the 2009 ACM SIGMOD International Conference on Management of data
Attacks on privacy and deFinetti's theorem
Proceedings of the 2009 ACM SIGMOD International Conference on Management of data
Towards an information theoretic metric for anonymity
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Differential privacy under continual observation
Proceedings of the forty-second ACM symposium on Theory of computing
Optimizing linear counting queries under differential privacy
Proceedings of the twenty-ninth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Differentially private aggregation of distributed time-series with transformation and encryption
Proceedings of the 2010 ACM SIGMOD International Conference on Management of data
Airavat: security and privacy for MapReduce
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
Boosting the accuracy of differentially private histograms through consistency
Proceedings of the VLDB Endowment
Proceedings of the 12th ACM conference on Electronic commerce
Privacy-preserving statistical estimation with optimal convergence rates
Proceedings of the forty-third annual ACM symposium on Theory of computing
Differential privacy under fire
SEC'11 Proceedings of the 20th USENIX conference on Security
Calibrating noise to sensitivity in private data analysis
TCC'06 Proceedings of the Third conference on Theory of Cryptography
On significance of the least significant bits for differential privacy
Proceedings of the 2012 ACM conference on Computer and communications security
Linear dependent types for differential privacy
POPL '13 Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Testing the lipschitz property over product distributions with applications to data privacy
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
PrivGene: differentially private model fitting using genetic algorithms
Proceedings of the 2013 ACM SIGMOD International Conference on Management of Data
UMicS: from anonymized data to usable microdata
Proceedings of the 22nd ACM international conference on Conference on information & knowledge management
DiffR-Tree: a differentially private spatial index for OLAP query
WAIM'13 Proceedings of the 14th international conference on Web-Age Information Management
Differentially private histogram publication
The VLDB Journal — The International Journal on Very Large Data Bases
Hi-index | 0.00 |
It is often highly valuable for organizations to have their data analyzed by external agents. However, any program that computes on potentially sensitive data risks leaking information through its output. Differential privacy provides a theoretical framework for processing data while protecting the privacy of individual records in a dataset. Unfortunately, it has seen limited adoption because of the loss in output accuracy, the difficulty in making programs differentially private, lack of mechanisms to describe the privacy budget in a programmer's utilitarian terms, and the challenging requirement that data owners and data analysts manually distribute the limited privacy budget between queries. This paper presents the design and evaluation of a new system, GUPT, that overcomes these challenges. Unlike existing differentially private systems such as PINQ and Airavat, it guarantees differential privacy to programs not developed with privacy in mind, makes no trust assumptions about the analysis program, and is secure to all known classes of side-channel attacks. GUPT uses a new model of data sensitivity that degrades privacy of data over time. This enables efficient allocation of different levels of privacy for different user applications while guaranteeing an overall constant level of privacy and maximizing the utility of each application. GUPT also introduces techniques that improve the accuracy of output while achieving the same level of privacy. These approaches enable GUPT to easily execute a wide variety of data analysis programs while providing both utility and privacy.