Not All Attributes are Created Equal: dX -Private Mechanisms for Linear Queries

Open access

Abstract

Differential privacy provides strong privacy guarantees simultaneously enabling useful insights from sensitive datasets. However, it provides the same level of protection for all elements (individuals and attributes) in the data. There are practical scenarios where some data attributes need more/less protection than others. In this paper, we consider dX -privacy, an instantiation of the privacy notion introduced in [6], which allows this flexibility by specifying a separate privacy budget for each pair of elements in the data domain. We describe a systematic procedure to tailor any existing differentially private mechanism that assumes a query set and a sensitivity vector as input into its dX -private variant, specifically focusing on linear queries. Our proposed meta procedure has broad applications as linear queries form the basis of a range of data analysis and machine learning algorithms, and the ability to define a more flexible privacy budget across the data domain results in improved privacy/utility tradeoff in these applications. We propose several dX -private mechanisms, and provide theoretical guarantees on the trade-off between utility and privacy. We also experimentally demonstrate the effectiveness of our procedure, by evaluating our proposed dX -private Laplace mechanism on both synthetic and real datasets using a set of randomly generated linear queries.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] M. Alaggan S. Gambs and A. M. Kermarrec. Heterogeneous differential privacy. arXiv preprint arXiv:1504.06998 2015.

  • [2] M. E. Andrés N. E. Bordenabe K. Chatzikokolakis and C. Palamidessi. Geo-indistinguishability: Differential privacy for location-based systems. Proceedings of the ACM SIGSAC conference on Computer & communications security pages 901–914 2013.

  • [3] B. Barak K. Chaudhuri C. Dwork S. Kale F. McSherry and K. Talwar. Privacy accuracy and consistency too: a holistic solution to contingency table release. Proceedings of the ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems pages 273–282 2007.

  • [4] A. Blum C. Dwork F. McSherry and K. Nissim. Practical privacy: the SuLQ framework. Proceedings of the ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems pages 128–138 2005.

  • [5] A. Blum K. Ligett and A. Roth. A learning theory approach to noninteractive database privacy. Journal of the ACM (JACM) 60(2):12 2013.

  • [6] K. Chatzikokolakis M. E. Andrés N. E. Bordenabe and C. Palamidessi. Broadening the scope of differential privacy using metrics. International Symposium on Privacy Enhancing Technologies Symposium pages 82–102 2013.

  • [7] C. Dwork M. Hardt T. Pitassi O. Reingold and R. Zemel. Fairness through awareness. Proceedings of the Innovations in Theoretical Computer Science Conference pages 214–226 2012.

  • [8] C. Dwork F. McSherry K. Nissim and A. Smith. Calibrating Noise to Sensitivity in Private Data Analysis. Proceedings of the Conference on Theory of Cryptography pages 265–284 2006.

  • [9] C. Dwork and A. Roth. The algorithmic foundations of differential privacy. Foundations and Trends® in Theoretical Computer Science pages 211–407 2014.

  • [10] S. E. Fienberg A. Rinaldo and X. Yang. Differential privacy and the risk-utility tradeoff for multi-dimensional contingency tables. In International Conference on Privacy in Statistical Databases pages 187–199 2010.

  • [11] A. Ghosh and A. Roth. Selling privacy at auction. Games and Economic Behavior pages 334–346 2015.

  • [12] A. Ghosh T. Roughgarden and M. Sundararajan. Universally utility-maximizing privacy mechanisms. SIAM Journal on Computing pages 1673–1693 2012.

  • [13] S. Haney A. Machanavajjhala and B. Ding. Design of policy-aware differentially private algorithms. Proceedings of the VLDB Endowment pages 264–275 2015.

  • [14] M. Hardt K. Ligett and F. McSherry. A simple and practical algorithm for differentially private data release. Advances in Neural Information Processing Systems pages 2339–2347 2012.

  • [15] M. Hardt and K. Talwar. On the geometry of differential privacy. Proceedings of the ACM symposium on Theory of computing pages 705–714 2010.

  • [16] X. He A. Machanavajjhala and B. Ding. Blowfish privacy: Tuning privacy-utility trade-offs using policies. Proceedings of the ACM SIGMOD international conference on Management of data pages 1447–1458 2014.

  • [17] Z. Jorgensen T. Yu and G. Cormode. Conservative or liberal? Personalized differential privacy. International Conference on Data Engineering pages 1023–1034 2015.

  • [18] C. Li and G. Miklau. Efficient batch query answering under differential privacy. arXiv preprint arXiv:1103.1367 2011.

  • [19] C. Li and G. Miklau. An adaptive mechanism for accurate query answering under differential privacy. Proceedings of the VLDB Endowment pages 514–525 2012.

  • [20] Google Maps. Google Elevation API. https://developers.google.com/maps/documentation/elevation/intro 2018.

  • [21] F. McSherry and K. Talwar. Mechanism design via differential privacy. In Foundations of Computer Science pages 94–103 2007.

  • [22] V. Vadhan. The complexity of Differential Privacy. Tutorials on the Foundations of Cryptography pages 347–450 Springer 2017.

  • [23] SimpleMaps. United States Cities Database. https://simplemaps.com/data/us-cities 2018.

  • [24] S. J. Wright. Coordinate descent algorithms. Mathematical Programming pages 3–34 2015.

  • [25] Y. Xu and W. Yin. A block coordinate descent method for regularized multiconvex optimization with applications to nonnegative tensor factorization and completion. SIAM Journal on imaging sciences pages 1758–1789 2013.

Search
Journal information
Metrics
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 11 11 11
PDF Downloads 9 9 9