Curators of sensitive datasets sometimes need to know whether queries against the data are {\em differentially private}. Two sorts of logics have been proposed for checking this property: (1) {\em type systems} and other static analyses, which fully automate straightforward reasoning with concepts like program sensitivity'' and
privacy loss,'' and (2) full-blown program logics such as apRHL (an approximate, probabilistic, relational Hoare logic), which support more flexible reasoning about subtle privacy-preserving algorithmic techniques but offer only minimal automation.
We propose a {\em three-level logic} for differential privacy in an imperative setting and present a prototype implementation called Fuzzi. Fuzzi’s lowest level is a general-purpose logic; its middle level is apRHL; and its top level is a novel {\em sensitivity logic} adapted from the linear-logic-inspired type system of Fuzz, a differentially private functional language. The key novelty is a high degree of integration between the sensitivity logic and the two lower-level logics: the judgments and proofs of the sensitivity logic can be easily translated into apRHL; conversely, privacy properties of key algorithmic building blocks can be proved manually in apRHL and the base logic, then packaged up as typing rules that can be applied by a checker for the sensitivity logic to automatically construct privacy proofs for composite programs of arbitrary size.
We demonstrate Fuzzi’s utility by implementing four different private machine-learning algorithms and showing that Fuzzi’s checker is able to derive tight sensitivity bounds.
Tue 20 AugDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
10:30 - 12:00 | Program Analysis & SynthesisResearch Papers at Aurora Borealis Chair(s): Daniel Winograd-Cort Target Corp | ||
10:30 22mTalk | Relational Cost Analysis for Functional-Imperative Programs Research Papers Weihao Qu University at Buffalo, SUNY, Marco Gaboardi University at Buffalo, SUNY, Deepak Garg Max Planck Institute for Software Systems | ||
10:52 22mTalk | Fuzzi: A Three-Level Logic for Differential Privacy Research Papers Hengchu Zhang University of Pennsylvania, Edo Roth University of Pennsylvania, Andreas Haeberlen University of Pennsylvania, USA, Benjamin C. Pierce University of Pennsylvania, Aaron Roth University of Pennsylvania, USA | ||
11:15 22mTalk | Synthesizing Differentially Private Programs Research Papers | ||
11:37 22mTalk | Synthesizing Symmetric Lenses Research Papers Anders Miltner Princeton University, Solomon Maina University of Pennsylvania, Kathleen Fisher Tufts University, USA, Benjamin C. Pierce University of Pennsylvania, David Walker Princeton University, Steve Zdancewic University of Pennsylvania Pre-print |