TGC 2012: Trustworthy Global Computing pp 198-212 | Cite as

Modular Reasoning about Differential Privacy in a Probabilistic Process Calculus

  • Lili Xu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8191)

Abstract

The verification of systems for protecting sensitive and confidential information is becoming an increasingly important issue. Differential privacy is a promising notion of privacy originated from the community of statistical databases, and now widely adopted in various models of computation. We consider a probabilistic process calculus as a specification formalism for concurrent systems, and we propose a framework for reasoning about the degree of differential privacy provided by such systems. In particular, we investigate the preservation of the degree of privacy under composition via the various operators. We illustrate our idea by proving an anonymity-preservation property for a variant of the Crowds protocol for which the standard analyses from the literature are inapplicable. Finally, we make some preliminary steps towards automatically computing the degree of privacy of a system in a compositional way.

Keywords

Probabilistic Choice Parallel Composition Adjacency Relation Differential Privacy Nondeterministic Choice 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Andrés, M.E., Palamidessi, C., van Rossum, P., Smith, G.: Computing the leakage of information-hiding systems. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 373–389. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  2. 2.
    Barthe, G., Köpf, B., Olmedo, F., Béguelin, S.Z.: Probabilistic relational reasoning for differential privacy. In: Proc. of POPL. ACM (2012)Google Scholar
  3. 3.
    Bhargava, M., Palamidessi, C.: Probabilistic anonymity. In: Abadi, M., de Alfaro, L. (eds.) CONCUR 2005. LNCS, vol. 3653, pp. 171–185. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Braun, C., Chatzikokolakis, K., Palamidessi, C.: Compositional methods for information-hiding. In: Amadio, R.M. (ed.) FOSSACS 2008. LNCS, vol. 4962, pp. 443–457. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Chatzikokolakis, K., Palamidessi, C.: Probable innocence revisited. Theor. Comp. Sci. 367(1-2), 123–138 (2006)MathSciNetCrossRefMATHGoogle Scholar
  6. 6.
    Chaum, D.: The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of Cryptology 1, 65–75 (1988)MathSciNetCrossRefMATHGoogle Scholar
  7. 7.
    Clarke, I., Sandberg, O., Wiley, B., Hong, T.W.: Freenet: A distributed anonymous information storage and retrieval system. In: Federrath, H. (ed.) Anonymity 2000. LNCS, vol. 2009, pp. 44–66. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Cover, T.M., Thomas, J.A.: Elements of Information Theory. J. Wiley & Sons, Inc. (1991)Google Scholar
  9. 9.
    Deng, Y., Pang, J., Wu, P.: Measuring anonymity with relative entropy. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2006. LNCS, vol. 4691, pp. 65–79. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006, Part II. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Dwork, C.: A firm foundation for private data analysis. Communications of the ACM 54(1), 86–96 (2011)CrossRefGoogle Scholar
  12. 12.
    Dwork, C., Lei, J.: Differential privacy and robust statistics. In: Proc. of the 41st Annual ACM Symposium on Theory of Computing (STOC), pp. 371–380. ACM (2009)Google Scholar
  13. 13.
    Halpern, J.Y., O’Neill, K.R.: Anonymity and information hiding in multiagent systems. J. of Comp. Security 13(3), 483–512 (2005)Google Scholar
  14. 14.
    Hamadou, S., Palamidessi, C., Sassone, V., ElSalamouny, E.: Probable innocence in the presence of independent knowledge. In: Degano, P., Guttman, J.D. (eds.) FAST 2009. LNCS, vol. 5983, pp. 141–156. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  15. 15.
    McSherry, F.: Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In: Proc. of the ACM SIGMOD Int. Conf. on Management of Data, pp. 19–30. ACM (2009)Google Scholar
  16. 16.
    Milner, R.: Communication and Concurrency. Series in Comp. Sci. Prentice Hall (1989)Google Scholar
  17. 17.
    Narayanan, A., Shmatikov, V.: De-anonymizing social networks. In: Proc. of S&P, pp. 173–187. IEEE (2009)Google Scholar
  18. 18.
    Reed, J., Pierce, B.C.: Distance makes the types grow stronger: a calculus for differential privacy. In: Proceeding of the 15th ACM SIGPLAN International Conference on Functional Programming (ICFP), pp. 157–168. ACM (2010)Google Scholar
  19. 19.
    Reiter, M.K., Rubin, A.D.: Crowds: anonymity for Web transactions. ACM Trans. on Information and System Security 1(1), 66–92 (1998)CrossRefGoogle Scholar
  20. 20.
    Roy, I., Setty, S.T.V., Kilzer, A., Shmatikov, V., Witchel, E.: Airavat: security and privacy for MapReduce. In: Proc. of the 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI), pp. 297–312. USENIX Association (2010)Google Scholar
  21. 21.
    Sassone, V., ElSalamouny, E., Hamadou, S.: Trust in crowds: Probabilistic behaviour in anonymity protocols. In: Wirsing, M., Hofmann, M., Rauschmayer, A. (eds.) TGC 2010, LNCS, vol. 6084, pp. 88–102. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  22. 22.
    Segala, R.: Modeling and Verification of Randomized Distributed Real-Time Systems. PhD thesis, Tech. Rep. MIT/LCS/TR-676 (1995)Google Scholar
  23. 23.
    Syverson, P.F., Goldschlag, D.M., Reed, M.G.: Anonymous connections and onion routing. In: Proc. of S&P, pp. 44–54 (1997)Google Scholar
  24. 24.
    Tschantz, M.C., Kaynar, D., Datta, A.: Formal verification of differential privacy for interactive systems (extended abstract). Electron. Notes Theor. Comput. Sci. 276, 61–79 (2011)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Xu, L.: Modular Reasoning about Differential Privacy in a Probabilistic Process Calculus (full version). Research report, INRIA (2012), http://hal.inria.fr/hal-00691284

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Lili Xu
    • 1
    • 2
    • 3
  1. 1.INRIA and LIXÉcole PolytechniqueFrance
  2. 2.State Key Lab. of Comp. Sci., Institute of SoftwareChinese Academy of SciencesChina
  3. 3.Chinese Academy of SciencesGraduate UniversityChina

Personalised recommendations