Quantitative Information Flow, Relations and Polymorphic Types
Journal of Logic and Computation
Assessing security threats of looping constructs
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
An information-theoretic model for adaptive side-channel attacks
Proceedings of the 14th ACM conference on Computer and communications security
Anonymity protocols as noisy channels
Information and Computation
On the Foundations of Quantitative Information Flow
FOSSACS '09 Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Universally utility-maximizing privacy mechanisms
Proceedings of the forty-first annual ACM symposium on Theory of computing
Differential privacy and robust statistics
Proceedings of the forty-first annual ACM symposium on Theory of computing
Quantitative Notions of Leakage for One-try Attacks
Electronic Notes in Theoretical Computer Science (ENTCS)
Universally optimal privacy mechanisms for minimax agents
Proceedings of the twenty-ninth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Towards an axiomatization of statistical privacy and utility
Proceedings of the twenty-ninth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Vulnerability Bounds and Leakage Resilience of Blinded Cryptography under Timing Attacks
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
A firm foundation for private data analysis
Communications of the ACM
Differential privacy in new settings
SODA '10 Proceedings of the twenty-first annual ACM-SIAM symposium on Discrete Algorithms
Impossibility of Differentially Private Universally Optimal Mechanisms
FOCS '10 Proceedings of the 2010 IEEE 51st Annual Symposium on Foundations of Computer Science
On the relation between differential privacy and quantitative information flow
ICALP'11 Proceedings of the 38th international conference on Automata, languages and programming - Volume Part II
Information-Theoretic Bounds for Differentially Private Mechanisms
CSF '11 Proceedings of the 2011 IEEE 24th Computer Security Foundations Symposium
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Quantifying information leakage in process calculi
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Computing the leakage of information-hiding systems
TACAS'10 Proceedings of the 16th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Differential privacy: on the trade-off between utility and information leakage
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Hi-index | 0.00 |
The notion of differential privacy has emerged in the area of statistical databases as a measure of protection of the participants' sensitive information, which can be compromised by selected queries. Differential privacy is usually achieved by using mechanisms that add random noise to the query answer. Thus, privacy is obtained at the cost of reducing the accuracy, and therefore the utility, of the answer. Since the utility depends on the user's side information, commonly modelled as a prior distribution, a natural goal is to design mechanisms that are optimal for every prior. However, it has been shown that such mechanisms do not exist for any query other than (essentially) counting queries ([1]). Given the above negative result, in this paper we consider the problem of identifying a restricted class of priors for which an optimal mechanism does exist. Given an arbitrary query and a privacy parameter, we geometrically characterise a special region of priors as a convex polytope in the priors space. We then derive upper bounds for utility as well as for min-entropy leakage for the priors in this region. Finally we define what we call the tight-constraints mechanism and we discuss the conditions for its existence. This mechanism reaches the bounds for all the priors of the region, and thus it is optimal on the whole region.