Abstract
Existing approaches for statically enforcing differential privacy in higher order languages use either linear or relational refinement types. A barrier to adoption for these approaches is the lack of support for expressing these “fancy types” in mainstream programming languages. For example, no mainstream language supports relational refinement types, and although Rust and modern versions of Haskell both employ some linear typing techniques, they are inadequate for embedding enforcement of differential privacy, which requires “full” linear types. We propose a new type system that enforces differential privacy, avoids the use of linear and relational refinement types, and can be easily embedded in richly typed programming languages like Haskell. We demonstrate such an embedding in Haskell, demonstrate its expressiveness on case studies, and prove soundness of our type-based enforcement of differential privacy.
- John M. Abowd. 2018. The U.S. Census Bureau Adopts Differential Privacy. In Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD ’18). Association for Computing Machinery, New York, NY, USA. 2867. isbn:9781450355520 https://doi.org/10.1145/3219819.3226070
Google Scholar
Digital Library
- Chiké Abuah, David Darais, and Joseph Near. 2022. Paper Artifact: Solo: A Lightweight Static Analysis for Differential Privacy. https://doi.org/10.5281/zenodo.7079930
Google Scholar
Digital Library
- Chike Abuah, David Darais, and Joseph P Near. 2021. Solo: A Lightweight Static Analysis for Differential Privacy. arXiv preprint arXiv:2105.01632.
Google Scholar
- Chike Abuah, Alex Silence, David Darais, and Joe Near. 2021. DDUO: General-Purpose Dynamic Analysis for Differential Privacy. Proceedings of the IEEE Computer Security Foundations Symposium (CSF).
Google Scholar
Cross Ref
- Aws Albarghouthi and Justin Hsu. 2018. Synthesizing coupling proofs of differential privacy. PACMPL, 2, POPL (2018), 58:1–58:30. https://doi.org/10.1145/3158146
Google Scholar
Digital Library
- Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. FlowDroid: Precise Context, Flow, Field, Object-Sensitive and Lifecycle-Aware Taint Analysis for Android Apps. SIGPLAN Not., 49, 6 (2014), June, 259–269. issn:0362-1340 https://doi.org/10.1145/2666356.2594299
Google Scholar
Digital Library
- Gilles Barthe, Marco Gaboardi, Emilio Jesús Gallego Arias, Justin Hsu, Aaron Roth, and Pierre-Yves Strub. 2015. Higher-Order Approximate Relational Refinement Types for Mechanism Design and Differential Privacy. In POPL. ACM, 55–68.
Google Scholar
- Gilles Barthe, Marco Gaboardi, Benjamin Grégoire, Justin Hsu, and Pierre-Yves Strub. 2016. Proving Differential Privacy via Probabilistic Couplings. In Proceedings of the 31st Annual ACM/IEEE Symposium on Logic in Computer Science (LICS ’16). Association for Computing Machinery, New York, NY, USA. 749–758. isbn:9781450343916 https://doi.org/10.1145/2933575.2934554
Google Scholar
Digital Library
- Gilles Barthe, Boris Köpf, Federico Olmedo, and Santiago Zanella Béguelin. 2012. Probabilistic Relational Reasoning for Differential Privacy. In Proceedings of the 39th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’12). Association for Computing Machinery, New York, NY, USA. 97–110. isbn:9781450310833 https://doi.org/10.1145/2103656.2103670
Google Scholar
Digital Library
- Gilles Barthe, Boris Köpf, Federico Olmedo, and Santiago Zanella-Béguelin. 2013. Probabilistic Relational Reasoning for Differential Privacy. ACM Trans. Program. Lang. Syst., 35, 3 (2013), Article 9, Nov., 49 pages. issn:0164-0925 https://doi.org/10.1145/2492061
Google Scholar
Digital Library
- Benjamin Bichsel, Timon Gehr, Dana Drachsler-Cohen, Petar Tsankov, and Martin Vechev. 2018. Dp-finder: Finding differential privacy violations by sampling and optimization. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 508–524.
Google Scholar
Digital Library
- William J. Bowman and Amal Ahmed. 2015. Noninterference for Free. In Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming (ICFP 2015). Association for Computing Machinery, New York, NY, USA. 101–113. isbn:9781450336697 https://doi.org/10.1145/2784731.2784733
Google Scholar
Digital Library
- Pablo Buiras, Dimitrios Vytiniotis, and Alejandro Russo. 2015. HLIO: Mixing Static and Dynamic Typing for Information-Flow Control in Haskell. In Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming (ICFP 2015). Association for Computing Machinery, New York, NY, USA. 289–301. isbn:9781450336697 https://doi.org/10.1145/2784731.2784758
Google Scholar
Digital Library
- Mark Bun and Thomas Steinke. 2016. Concentrated differential privacy: Simplifications, extensions, and lower bounds. In Theory of Cryptography Conference. 635–658.
Google Scholar
Digital Library
- Eric Crockett, Chris Peikert, and Chad Sharp. 2018. ALCHEMY: A Language and Compiler for Homomorphic Encryption Made EasY. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS ’18). Association for Computing Machinery, New York, NY, USA. 1020–1037. isbn:9781450356930 https://doi.org/10.1145/3243734.3243828
Google Scholar
Digital Library
- Arthur Azevedo de Amorim, Emilio Jesús Gallego Arias, Marco Gaboardi, and Justin Hsu. 2015. Really Natural Linear Indexed Type Checking. CoRR, abs/1503.04522 (2015), arxiv:1503.04522. arxiv:1503.04522
Google Scholar
- Arthur Azevedo de Amorim, Marco Gaboardi, Justin Hsu, and Shin-ya Katsumata. 2018. Metric Semantics for Probabilistic Relational Reasoning. CoRR, abs/1807.05091 (2018), arxiv:1807.05091. arxiv:1807.05091
Google Scholar
- Arthur Azevedo de Amorim, Marco Gaboardi, Justin Hsu, and Shin-ya Katsumata. 2019. Probabilistic Relational Reasoning via Metrics. In 2019 34th Annual ACM/IEEE Symposium on Logic in Computer Science (LICS). 1–19.
Google Scholar
Cross Ref
- Zeyu Ding, Yuxin Wang, Guanhong Wang, Danfeng Zhang, and Daniel Kifer. 2018. Detecting violations of differential privacy. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 475–489.
Google Scholar
Digital Library
- Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith. 2006. Calibrating noise to sensitivity in private data analysis. In Theory of cryptography conference. 265–284.
Google Scholar
- Cynthia Dwork and Aaron Roth. 2014. The algorithmic foundations of differential privacy. Foundations and Trends® in Theoretical Computer Science, 9, 3–4 (2014), 211–407.
Google Scholar
- Cynthia Dwork and Aaron Roth. 2014. The algorithmic foundations of differential privacy. Foundations and Trends® in Theoretical Computer Science, 9, 3–4 (2014), 211–407.
Google Scholar
- Hamid Ebadi and David Sands. 2015. Featherweight PINQ. arxiv:1505.02642.
Google Scholar
- Hamid Ebadi, David Sands, and Gerardo Schneider. 2015. Differential Privacy: Now it’s Getting Personal. ACM SIGPLAN Notices, 50, https://doi.org/10.1145/2676726.2677005
Google Scholar
Digital Library
- Marco Gaboardi, Andreas Haeberlen, Justin Hsu, Arjun Narayan, and Benjamin C Pierce. 2013. Linear dependent types for differential privacy. In Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages. 357–370.
Google Scholar
Digital Library
- Grenade. 2020. Grenade Machine Learning Library. https://github.com/HuwCampbell/grenade
Google Scholar
- Moritz Hardt, Katrina Ligett, and Frank McSherry. 2012. A simple and practical algorithm for differentially private data release. In Advances in Neural Information Processing Systems. 2339–2347.
Google Scholar
- Moritz Hardt and Guy N Rothblum. 2010. A multiplicative weights mechanism for privacy-preserving data analysis. In 2010 IEEE 51st Annual Symposium on Foundations of Computer Science. 61–70.
Google Scholar
Digital Library
- Naoise Holohan, Stefano Braghin, Pól Mac Aonghusa, and Killian Levacher. 2019. Diffprivlib: the IBM differential privacy library. arXiv preprint arXiv:1907.02444.
Google Scholar
- Shin-ya Katsumata. 2014. Parametric Effect Monads and Semantics of Effect Systems. In Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’14). Association for Computing Machinery, New York, NY, USA. 633–645. isbn:9781450325448 https://doi.org/10.1145/2535838.2535846
Google Scholar
Digital Library
- Li Li, Alexandre Bartel, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick McDaniel. 2014. I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis. arxiv:1404.7431.
Google Scholar
- Elisabet Lobo-Vesga, Alejandro Russo, and Marco Gaboardi. 2020. A Programming Framework for Differential Privacy with Accuracy Concentration Bounds. In 2020 IEEE Symposium on Security and Privacy (SP). 411–428.
Google Scholar
Cross Ref
- Min Lyu, Dong Su, and Ninghui Li. 2017. Understanding the Sparse Vector Technique for Differential Privacy. Proceedings of the VLDB Endowment, 10, 6 (2017).
Google Scholar
Digital Library
- Frank McSherry and Ratul Mahajan. 2010. Differentially-Private Network Trace Analysis. In Proceedings of the ACM SIGCOMM 2010 Conference (SIGCOMM ’10). Association for Computing Machinery, New York, NY, USA. 123–134. isbn:9781450302012 https://doi.org/10.1145/1851182.1851199
Google Scholar
Digital Library
- Frank McSherry and Kunal Talwar. 2007. Mechanism design via differential privacy. In 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS’07). 94–103.
Google Scholar
Digital Library
- Frank D. McSherry. 2009. Privacy Integrated Queries: An Extensible Platform for Privacy-Preserving Data Analysis. In Proceedings of the 2009 ACM SIGMOD International Conference on Management of Data (SIGMOD ’09). Association for Computing Machinery, New York, NY, USA. 19–30. isbn:9781605585512 https://doi.org/10.1145/1559845.1559850
Google Scholar
Digital Library
- Ilya Mironov. 2017. Rényi Differential Privacy. In 30th IEEE Computer Security Foundations Symposium, CSF 2017, Santa Barbara, CA, USA, August 21-25, 2017. IEEE Computer Society, 263–275. https://doi.org/10.1109/CSF.2017.11
Google Scholar
Cross Ref
- Reinhard Munz, Fabienne Eigner, Matteo Maffei, Paul Francis, and Deepak Garg. 2018. UniTraX: Protecting Data Privacy with Discoverable Biases. In Principles of Security and Trust, Lujo Bauer and Ralf Küsters (Eds.). Springer International Publishing, Cham. 278–299.
Google Scholar
- Andrew C. Myers. 1999. JFlow: Practical Mostly-Static Information Flow Control. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’99). Association for Computing Machinery, New York, NY, USA. 228–241. isbn:1581130953 https://doi.org/10.1145/292540.292561
Google Scholar
Digital Library
- Chaya Nayak. 2020. New privacy-protected Facebook data for independent research on social media’s impact on democracy. https://research.fb.com/blog/2020/02/new-privacy-protected-facebook-data-for-independent-research-on-social-medias-impact-on-democracy/
Google Scholar
- Joseph P Near, David Darais, Chike Abuah, Tim Stevens, Pranav Gaddamadugu, Lun Wang, Neel Somani, Mu Zhang, Nikhil Sharma, and Alex Shan. 2019. Duet: an expressive higher-order language and linear type system for statically enforcing differential privacy. Proceedings of the ACM on Programming Languages, 3, OOPSLA (2019), 1–30.
Google Scholar
Digital Library
- Dominic Orchard, Vilem-Benjamin Liepelt, and Harley Eades III. 2019. Quantitative program reasoning with graded modal types. Proceedings of the ACM on Programming Languages, 3, ICFP (2019), 1–30.
Google Scholar
Digital Library
- Dominic Orchard and Tomas Petricek. 2014. Embedding Effect Systems in Haskell. SIGPLAN Not., 49, 12 (2014), Sept., 13–24. issn:0362-1340 https://doi.org/10.1145/2775050.2633368
Google Scholar
Digital Library
- D. Orchard, Tomas Petricek, and A. Mycroft. 2014. The semantic marriage of monads and effects. ArXiv, abs/1401.5391 (2014).
Google Scholar
- James Parker, Niki Vazou, and Michael Hicks. 2019. LWeb: Information Flow Security for Multi-Tier Web Applications. Proc. ACM Program. Lang., 3, POPL (2019), Article 75, Jan., 30 pages. https://doi.org/10.1145/3290388
Google Scholar
Digital Library
- Peng Li and S. Zdancewic. 2006. Encoding information flow in Haskell. In 19th IEEE Computer Security Foundations Workshop (CSFW’06). 12 pp.–16. https://doi.org/10.1109/CSFW.2006.13
Google Scholar
Digital Library
- Tomas Petricek. 2017. Context-aware programming languages. Ph.D. Dissertation. University of Cambridge.
Google Scholar
- Jason Reed and Benjamin C Pierce. 2010. Distance makes the types grow stronger: a calculus for differential privacy. In Proceedings of the 15th ACM SIGPLAN international conference on Functional programming. 157–168.
Google Scholar
Digital Library
- Alejandro Russo, Koen Claessen, and John Hughes. 2008. A Library for Light-Weight Information-Flow Security in Haskell. In Proceedings of the First ACM SIGPLAN Symposium on Haskell (Haskell ’08). Association for Computing Machinery, New York, NY, USA. 13–24. isbn:9781605580647 https://doi.org/10.1145/1411286.1411289
Google Scholar
Digital Library
- Manu Sridharan, Shay Artzi, Marco Pistoia, Salvatore Guarnieri, Omer Tripp, and Ryan Berg. 2011. F4F: Taint Analysis of Framework-Based Web Applications. In Proceedings of the 2011 ACM International Conference on Object Oriented Programming Systems Languages and Applications (OOPSLA ’11). Association for Computing Machinery, New York, NY, USA. 1053–1068. isbn:9781450309400 https://doi.org/10.1145/2048066.2048145
Google Scholar
Digital Library
- David Terei, Simon Marlow, Simon Peyton Jones, and David Mazières. 2012. Safe Haskell. In Proceedings of the 2012 Haskell Symposium (Haskell ’12). Association for Computing Machinery, New York, NY, USA. 137–148. isbn:9781450315746 https://doi.org/10.1145/2364506.2364524
Google Scholar
Digital Library
- Matías Toro, David Darais, Chike Abuah, Joe Near, Damián Árquez, Federico Olmedo, and Éric Tanter. 2020. Contextual Linear Types for Differential Privacy. arXiv preprint arXiv:2010.11342.
Google Scholar
- Omer Tripp, Marco Pistoia, Stephen J. Fink, Manu Sridharan, and Omri Weisman. 2009. TAJ: Effective Taint Analysis of Web Applications. In Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’09). Association for Computing Machinery, New York, NY, USA. 87–97. isbn:9781605583921 https://doi.org/10.1145/1542476.1542486
Google Scholar
Digital Library
- Philip Wadler and Peter Thiemann. 2003. The Marriage of Effects and Monads. ACM Trans. Comput. Logic, 4, 1 (2003), Jan., 1–32. issn:1529-3785 https://doi.org/10.1145/601775.601776
Google Scholar
Digital Library
- X. Wang, Y. Jhi, S. Zhu, and P. Liu. 2008. STILL: Exploit Code Detection via Static Taint and Initialization Analyses. In 2008 Annual Computer Security Applications Conference (ACSAC). 289–298. https://doi.org/10.1109/ACSAC.2008.37
Google Scholar
Digital Library
- Yuxin Wang, Zeyu Ding, Daniel Kifer, and Danfeng Zhang. 2020. CheckDP: An Automated and Integrated Approach for Proving Differential Privacy or Finding Precise Counterexamples. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 919–938.
Google Scholar
Digital Library
- Yuxin Wang, Zeyu Ding, Guanhong Wang, Daniel Kifer, and Danfeng Zhang. 2019. Proving differential privacy with shadow execution. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation. 655–669.
Google Scholar
Digital Library
- Royce J Wilson, Celia Yuxing Zhang, William Lam, Damien Desfontaines, Daniel Simmons-Marengo, and Bryant Gipson. 2020. Differentially Private SQL with Bounded User Contribution. Proceedings on Privacy Enhancing Technologies, 2020, 2 (2020).
Google Scholar
Cross Ref
- Daniel Winograd-Cort, Andreas Haeberlen, Aaron Roth, and Benjamin C. Pierce. 2017. A framework for adaptive differential privacy. Proc. ACM Program. Lang., 1, ICFP (2017), 10:1–10:29. https://doi.org/10.1145/3110254
Google Scholar
Digital Library
- Z. Yang and M. Yang. 2012. LeakMiner: Detect Information Leakage on Android with Static Taint Analysis. In 2012 Third World Congress on Software Engineering. 101–104. https://doi.org/10.1109/WCSE.2012.26
Google Scholar
Digital Library
- Danfeng Zhang and Daniel Kifer. 2017. LightDP: towards automating differential privacy proofs. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages. 888–901.
Google Scholar
Digital Library
- Dan Zhang, Ryan McKenna, Ios Kotsogiannis, Michael Hay, Ashwin Machanavajjhala, and Gerome Miklau. 2018. Ektelo: A framework for defining differentially-private computations. In Proceedings of the 2018 International Conference on Management of Data. 115–130.
Google Scholar
Digital Library
- Hengchu Zhang, Edo Roth, Andreas Haeberlen, Benjamin C Pierce, and Aaron Roth. 2019. Fuzzi: A three-level logic for differential privacy. Proceedings of the ACM on Programming Languages, 3, ICFP (2019), 1–28.
Google Scholar
Digital Library
- Úlfar Erlingsson, Vasyl Pihur, and Aleksandra Korolova. 2014. RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response. In Proceedings of the 21st ACM Conference on Computer and Communications Security. Scottsdale, Arizona. arxiv:1407.6981
Google Scholar
Digital Library
Index Terms
Solo: a lightweight static analysis for differential privacy
Recommendations
Linear dependent types for differential privacy
POPL '13: Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesDifferential privacy offers a way to answer queries about sensitive information while providing strong, provable privacy guarantees, ensuring that the presence or absence of a single individual in the database has a negligible statistical effect on the ...
Linear dependent types for differential privacy
POPL '13Differential privacy offers a way to answer queries about sensitive information while providing strong, provable privacy guarantees, ensuring that the presence or absence of a single individual in the database has a negligible statistical effect on the ...
Duet: an expressive higher-order language and linear type system for statically enforcing differential privacy
During the past decade, differential privacy has become the gold standard for protecting the privacy of individuals. However, verifying that a particular program provides differential privacy often remains a manual task to be completed by an expert in ...






Comments