Differential Privacy Case Studies (CMU-MSR Mindswap on Privacy 2007)Denny Lee
This document discusses case studies using differential privacy to analyze sensitive data. It describes analyzing Windows Live user data to study web analytics and customer churn. Clinical researchers' perspectives on differential privacy were also examined. Researchers wanted unaffected statistics and the ability to access original data if needed. Future collaboration with OHSU aims to develop a healthcare template for applying differential privacy.
Complete and Interpretable Conformance Checking of Business ProcessesMarlon Dumas
This document presents a new approach for conformance checking of business processes that identifies all differences between a process model and an event log. It generates natural language statements to describe each difference. The approach works by translating the model and log into prime event structures and extracting mismatches by comparing their partially synchronized product. It can identify seven elementary mismatch patterns to characterize deviations. The approach was implemented in a standalone Java tool and evaluated on a real-life process with over 150,000 event traces.
This document summarizes Catuscia Palamidessi's talk on differential privacy and its applications to location privacy. The talk introduces privacy issues with anonymizing data and statistical databases. It describes differential privacy as a framework that adds controlled noise to query answers to prevent privacy breaches. The talk discusses applying these concepts to location-based services through geo-indistinguishability. It also evaluates the tradeoff between privacy and utility for different mechanisms providing differential privacy, including a planar Laplacian mechanism.
This document discusses data mining with differential privacy. It introduces differential privacy and mechanisms like Laplace and Exponential that add noise to query results to protect individual privacy. It then describes three different algorithms for differentially private decision tree learning: SQL-based ID3 using Laplace noise, DiffP-ID3 using Exponential mechanism in the PINQ framework, and DiffP-C4.5 extending ID3 to handle continuous attributes. Experiments show the private algorithms can achieve reasonable accuracy even with limited privacy budgets, with accuracy improving as more training data is available. Future work aims to improve accuracy further through alternative splitting criteria and budget distribution tactics.
Differential Privacy Case Studies (CMU-MSR Mindswap on Privacy 2007)Denny Lee
This document discusses case studies using differential privacy to analyze sensitive data. It describes analyzing Windows Live user data to study web analytics and customer churn. Clinical researchers' perspectives on differential privacy were also examined. Researchers wanted unaffected statistics and the ability to access original data if needed. Future collaboration with OHSU aims to develop a healthcare template for applying differential privacy.
Complete and Interpretable Conformance Checking of Business ProcessesMarlon Dumas
This document presents a new approach for conformance checking of business processes that identifies all differences between a process model and an event log. It generates natural language statements to describe each difference. The approach works by translating the model and log into prime event structures and extracting mismatches by comparing their partially synchronized product. It can identify seven elementary mismatch patterns to characterize deviations. The approach was implemented in a standalone Java tool and evaluated on a real-life process with over 150,000 event traces.
This document summarizes Catuscia Palamidessi's talk on differential privacy and its applications to location privacy. The talk introduces privacy issues with anonymizing data and statistical databases. It describes differential privacy as a framework that adds controlled noise to query answers to prevent privacy breaches. The talk discusses applying these concepts to location-based services through geo-indistinguishability. It also evaluates the tradeoff between privacy and utility for different mechanisms providing differential privacy, including a planar Laplacian mechanism.
This document discusses data mining with differential privacy. It introduces differential privacy and mechanisms like Laplace and Exponential that add noise to query results to protect individual privacy. It then describes three different algorithms for differentially private decision tree learning: SQL-based ID3 using Laplace noise, DiffP-ID3 using Exponential mechanism in the PINQ framework, and DiffP-C4.5 extending ID3 to handle continuous attributes. Experiments show the private algorithms can achieve reasonable accuracy even with limited privacy budgets, with accuracy improving as more training data is available. Future work aims to improve accuracy further through alternative splitting criteria and budget distribution tactics.
ホスティングサービスにおいて,仮想ホスト単位で権限を分離するためには,Web サーバ上のアクセス制御である suEXEC 等を利用する.しかし,既存の Web サーバにおけるアクセス制御方式は,プロセスの生成,破棄が必要となり,パフォーマンスが低く,Web API のような動的コンテンツに適していない.また,インタプリタやプログラム実行方式別に複数用意されており,システム開発者が扱いにくい.そこで,本稿では,コンテンツ処理時にサーバプロセス上で新規スレッドを生成し,スレッドで権限分離を行った上で,スレッド経由でコンテンツの処理を行うアクセス制御手法 “mod_process_security” を提案する.この手法は,高速に動作し,かつ,煩雑になっている Web サーバ上のアクセス制御手法を統一することで,システム開発者が扱いやすくなる.実装は,広く使われている Linux と Apache HTTP Server に対して Apache モジュールとして組み込む形式をとった.
6. Timing attacks
• 結果の応答時間を測ることで秘密情報を奪取
• rがAlice&&cancerなら1秒停止し, 0を返す.
• クエリの結果 = rの戻り値の総和 + ノイズ
• 1秒停止したら, Aliceがcancerであることがわかる!!!
noisy sum, foreach r in db, of{
if(r.has( cancer )&&r.name( Alice ))
then{pause for 1 second};
return 0 }
7. Privacy budget attack
• privacy budgetがどれくらい減ったかを知ること
によって, 秘密の情報を奪取
• rがAlice&&cancerならbudgetを大量消費
• budgetを確かめることで, 秘密の情報を奪取
noisy sum, foreach r in db, of{
if(r.has( cancer )&&r.name( Alice ))
then{run sub-query that uses
a lot of privacy budget }
return 0 }