Frank D. McSherry
ABSTRACT
We report on the design and implementation of the Privacy Integrated Queries (PINQ) platform for privacy-preserving data analysis. PINQ provides analysts with a programming interface to unscrubbed data through a SQL-like language. At the same time, the design of PINQ's analysis language and its careful implementation provide formal guarantees of differential privacy for any and all uses of the platform. PINQ's unconditional structural guarantees require no trust placed in the expertise or diligence of the analysts, substantially broadening the scope for design and deployment of privacy-preserving data analysis, especially by non-experts.
- C. Dwork, F. McSherry, K. Nissim, and A. Smith, "Calibrating noise to sensitivity in private data analysis," in TCC, 2006, pp. 265--284. Google Scholar
Digital Library
- C. Dwork, "Differential privacy," in ICALP, 2006, pp. 1--12. Google ScholarDigital Library
- A. Blum, C. Dwork, F. McSherry, and K. Nissim, "Practical privacy:The SuLQ framework," in PODS, 2005, pp. 128--138. Google ScholarDigital Library
- B. Barak, K. Chaudhuri, C. Dwork, S. Kale, F. McSherry, and K. Talwar, "Privacy, accuracy, and consistency too:a holistic solution to contingency table release," in PODS, 2007, pp. 273--282. Google ScholarDigital Library
- N. R. Adam and J. C. Wortmann, "Security-control methods for statistical databases:A comparative study," ACM Comput. Surv., vol. 21, no. 4, pp. 515--556, 1989. Google ScholarDigital Library
- J. Mirkovic, "Privacy-safe nework trace sharing via secure queries," in NDA, 2008. Google ScholarDigital Library
- P. Samarati and L. Sweeney, "Generalizing data to provide anonymity when disclosing information (abstract)," in PODS . ACM Press, 1998, p. 188. Google ScholarDigital Library
- A. Machanavajjhala, J. Gehrke, D. Kifer, and M. Venkitasubramaniam, "l-diversity:Privacy beyond k-anonymity," in ICDE, 2006, p. 24. Google ScholarDigital Library
- X. Xiao and Y. Tao, "M-invariance:towards privacy preserving re-publication of dynamic datasets," in SIGMOD Conference, 2007, pp. 689--700. Google ScholarDigital Library
- Y. Lindell and B. Pinkas, "Privacy preserving data mining," in CRYPTO, 2000, pp. 36--54. Google ScholarDigital Library
- D. E. Denning, Cryptography and Data Security. Addison-Wesley, 1982. Google ScholarDigital Library
- M. Barbaro and T. Zeller Jr., "A face is exposed for AOL searcher no. 4417749," The New York Times, August 9, 2006.Google Scholar
- S. R. Ganta, S. P. Kasiviswanathan, and A. Smith, "Composition attacks and auxiliary information in data privacy," in KDD, 2008, pp. 265--273. Google ScholarDigital Library
- C. Dwork, K. Kenthapadi, F. McSherry, I. Mironov, and M. Naor, "Our data, ourselves: Privacy via distributed noise generation," in EUROCRYPT, 2006, pp. 486--503. Google ScholarDigital Library
- F. McSherry and K. Talwar, "Mechanism design via differential privacy," in FOCS, 2007, pp. 94--103. Google ScholarDigital Library
- Y. Yu, M. Isard, D. Fetterly, M. Budiu, Úlfar Erlingsson, P.K. Gunda, and J. Currey, "DryadLINQ: A system for general-purpose distributed data-parallel computing using a high-level language," in OSDI, 2008. Google ScholarDigital Library
- M. Isard, M. Budiu, Y. Yu, A. Birrell, and D. Fetterly, "Dryad: distributed data-parallel programs from sequential building blocks," in EuroSys. ACM, 2007, pp. 59--72. Google ScholarDigital Library
- F. McSherry and K. Talwar, "Synthetic data via differential privacy," Manuscript.Google Scholar
Index Terms
- Privacy integrated queries: an extensible platform for privacy-preserving data analysis
Recommendations
Privacy-preserving process mining: A microaggregation-based approach
AbstractThe proper exploitation of vast amounts of event data by means of process mining techniques enables the discovery, monitoring and improvement of business processes, allowing organizations to develop more efficient business intelligence ...
Highlights- Research on privacy-preserving process mining is on the rise.
- Existing privacy-...
Personal privacy vs population privacy: learning to attack anonymization
KDD '11: Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data miningOver the last decade great strides have been made in developing techniques to compute functions privately. In particular, Differential Privacy gives strong promises about conclusions that can be drawn about an individual. In contrast, various syntactic ...
-Differential Privacy for Microdata Releases Does Not Guarantee Confidentiality (Let Alone Utility)
Privacy in Statistical DatabasesAbstractDifferential privacy (DP) is a privacy model that was designed for interactive queries to databases. Its use has then been extended to other data release formats, including microdata. In this paper we show that setting a certain in DP does not ...
Comments