Lucas Waye
ABSTRACT
Research on differential privacy is generally concerned with examining data sets that are static. Because the data sets do not change, every computation on them produces "one-shot" query results; the results do not change aside from randomness introduced for privacy. There are many circumstances, however, where this model does not apply, or is simply infeasible. Data streams are examples of non-static data sets where results may change as more data is streamed. Theoretical support for differential privacy with data streams has been researched in the form of differentially private streaming algorithms. In this paper, we present a practical framework for which a non-expert can perform differentially private operations on data streams. The system is built as an extension to PINQ (Privacy Integrated Queries), a differentially private programming framework for static data sets. The streaming extension provides a programmatic interface for the different types of streaming differential privacy from the literature so that the privacy trade-offs of each type of algorithm can be understood by a non-expert programmer.
- T.-H. H. Chan, E. Shi, and D. Song. Private and continual release of statistics. ACM Trans. Inf. Syst. Secur., 14(3):26:1--26:24, Nov. 2011. Google Scholar
Digital Library
- C. Dwork. Differential privacy. In ICALP, pages 1--12. Springer, 2006. Google ScholarDigital Library
- C. Dwork, M. Naor, T. Pitassi, and G. N. Rothblum. Differential privacy under continual observation. In Proc. 42nd ACM symposium on Theory of computing, STOC '10, pages 715--724, New York, NY, USA, 2010. ACM. Google ScholarDigital Library
- C. Dwork, M. Naor, T. Pitassi, G. N. Rothblum, and S. Yekhanin. Pan-private streaming algorithms. In Proc. ICS, 2010.Google Scholar
- A. Haeberlen, B. C. Pierce, and A. Narayan. Differential privacy under fire. In Proc. 20th USENIX conference on Security, SEC'11, pages 33--33, Berkeley, CA, USA, 2011. USENIX Association. Google ScholarDigital Library
- G. Kellaris, S. Papadopoulos, X. Xiao, and D. Papadias. Differentially private event sequences over infinite streams. PVLDB, 7(12):1155--1166, 2014. Google ScholarDigital Library
- F. McSherry. Privacy integrated queries: an extensible platform for privacy-preserving data analysis. Commun. ACM, 53(9):89--97, Sept. 2010. Google ScholarDigital Library
- Microsoft. Linq (language integrated query).Google Scholar
- J. Reed and B. C. Pierce. Distance makes the types grow stronger: a calculus for differential privacy. In Proc. 15th ICFP, ICFP '10, pages 157--168, New York, NY, USA, 2010. ACM. Google ScholarDigital Library
- I. Roy, S. T. V. Setty, A. Kilzer, V. Shmatikov, and E. Witchel. Airavat: security and privacy for mapreduce. In Proc. 7th NSDI, NSDI'10, pages 20--20, Berkeley, CA, USA, 2010. USENIX Association. Google ScholarDigital Library
- L. Sweeney. Weaving technology and policy together to maintain confidentiality. Journal of Law, Medicine & Ethics, 25-2 & 3):98--110, 1997.Google Scholar
Index Terms
- Privacy integrated data stream queries
Recommendations
Preserving Genomic Privacy via Selective Sharing
WPES'20: Proceedings of the 19th Workshop on Privacy in the Electronic SocietyAlthough genomic data has significant impact and widespread usage in medical research, it puts individuals' privacy in danger, even if they anonymously or partially share their genomic data. To address this problem, we present a framework that is ...
Customized privacy preserving for inherent data and latent data
The huge amount of sensory data collected from mobile devices has offered great potentials to promote more significant services based on user data extracted from sensor readings. However, releasing user data could also seriously threaten user privacy. ...
No free lunch in data privacy
SIGMOD '11: Proceedings of the 2011 ACM SIGMOD International Conference on Management of dataDifferential privacy is a powerful tool for providing privacy-preserving noisy query answers over statistical databases. It guarantees that the distribution of noisy query answers changes very little with the addition or deletion of any tuple. It is ...
Comments