Combining Differential Privacy and Mutual Information for Analyzing Leakages in Workflows
Workflows are a notation for business processes, focusing on tasks and data flows between them. We have designed and implemented a method for analyzing leakages in workflows by combining differential privacy and mutual information. The input of the method is a description of leakages for each workflow component, using either differential-privacy- or mutual-information-based quantification (whichever is known for the component). The differential-privacy-based bounds are combined using the triangle inequality and are then converted to mutual-information-based bounds. Then the bounds for the components are combined using a maximum-flow algorithm. The output of the method is a mutual-information-based quantification of leakages of the whole workflow.
KeywordsMutual Information Triangle Inequality Maximum Flow Output Port Secret Sharing
This research was funded by the Air Force Research laboratory (AFRL) and Defense Advanced Research Projects Agency (DARPA) under contract FA8750-16-C-0011. The views expressed are those of the author(s) and do not reflect the official policy or position of the Department of Defense or the U.S. Government. This work has also been supported by Estonian Research Council, grant No. IUT27-1.
- 2.Backes, M., Köpf, B., Rybalchenko, A.: Automatic discovery and quantification of information leaks. In: 30th IEEE Symposium on Security and Privacy (S&P 2009), 17–20 May 2009, Oakland, pp. 141–153. IEEE Computer Society (2009)Google Scholar
- 7.Cuff, P., Yu, L.: Differential privacy as a mutual information constraint. In: CCS 2016 (2016). http://arxiv.org/pdf/1608.03677
- 10.Ebadi, H., Sands, D.: Featherweight PINQ. CoRR, abs/1505.02642 (2015)Google Scholar
- 12.Gaboardi, M., Haeberlen, A., Hsu, J., Narayan, A., Pierce, B.C.: Linear dependent types for differential privacy. In: Giacobazzi, R., Cousot, R. (eds.) The 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2013, Rome, 23–25 January 2013, pp. 357–370. ACM (2013)Google Scholar
- 13.Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: STOC, pp. 218–229. ACM (1987)Google Scholar
- 14.Gover, T.M., Thomas, J.A.: Elements of Information Theory, 2nd edn. Wiley, New York (2006)Google Scholar
- 15.McCamant, S., Ernst, M.D.: Quantitative information flow as network flow capacity. In: Gupta, R., Amarasinghe, S.P. (eds.) Proceedings of the ACM SIGPLAN 2008 Conference on Programming Language Design and Implementation, Tucson, 7–13 June 2008, pp. 193–205. ACM (2008)Google Scholar
- 16.McSherry, F.: Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In: Çetintemel, U., Zdonik, S.B., Kossmann, D., Tatbul, N. (eds.) Proceedings of the ACM SIGMOD International Conference on Management of Data, SIGMOD 2009, Providence, 29 June–2 July 2009, pp. 19–30. ACM (2009)Google Scholar
- 17.Reed, J., Pierce, B.C.: Distance makes the types grow stronger: a calculus for differential privacy. In: Hudak, P., Weirich, S. (eds.) Proceeding of the 15th ACM SIGPLAN International Conference on Functional Programming, ICFP 2010, Baltimore, 27–29 September 2010, pp. 157–168. ACM (2010)Google Scholar