skip to main content

Solo: a lightweight static analysis for differential privacy

Published:31 October 2022Publication History
Skip Abstract Section

Abstract

Existing approaches for statically enforcing differential privacy in higher order languages use either linear or relational refinement types. A barrier to adoption for these approaches is the lack of support for expressing these “fancy types” in mainstream programming languages. For example, no mainstream language supports relational refinement types, and although Rust and modern versions of Haskell both employ some linear typing techniques, they are inadequate for embedding enforcement of differential privacy, which requires “full” linear types. We propose a new type system that enforces differential privacy, avoids the use of linear and relational refinement types, and can be easily embedded in richly typed programming languages like Haskell. We demonstrate such an embedding in Haskell, demonstrate its expressiveness on case studies, and prove soundness of our type-based enforcement of differential privacy.

References

  1. John M. Abowd. 2018. The U.S. Census Bureau Adopts Differential Privacy. In Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD ’18). Association for Computing Machinery, New York, NY, USA. 2867. isbn:9781450355520 https://doi.org/10.1145/3219819.3226070 Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Chiké Abuah, David Darais, and Joseph Near. 2022. Paper Artifact: Solo: A Lightweight Static Analysis for Differential Privacy. https://doi.org/10.5281/zenodo.7079930 Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Chike Abuah, David Darais, and Joseph P Near. 2021. Solo: A Lightweight Static Analysis for Differential Privacy. arXiv preprint arXiv:2105.01632. Google ScholarGoogle Scholar
  4. Chike Abuah, Alex Silence, David Darais, and Joe Near. 2021. DDUO: General-Purpose Dynamic Analysis for Differential Privacy. Proceedings of the IEEE Computer Security Foundations Symposium (CSF). Google ScholarGoogle ScholarCross RefCross Ref
  5. Aws Albarghouthi and Justin Hsu. 2018. Synthesizing coupling proofs of differential privacy. PACMPL, 2, POPL (2018), 58:1–58:30. https://doi.org/10.1145/3158146 Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. FlowDroid: Precise Context, Flow, Field, Object-Sensitive and Lifecycle-Aware Taint Analysis for Android Apps. SIGPLAN Not., 49, 6 (2014), June, 259–269. issn:0362-1340 https://doi.org/10.1145/2666356.2594299 Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Gilles Barthe, Marco Gaboardi, Emilio Jesús Gallego Arias, Justin Hsu, Aaron Roth, and Pierre-Yves Strub. 2015. Higher-Order Approximate Relational Refinement Types for Mechanism Design and Differential Privacy. In POPL. ACM, 55–68. Google ScholarGoogle Scholar
  8. Gilles Barthe, Marco Gaboardi, Benjamin Grégoire, Justin Hsu, and Pierre-Yves Strub. 2016. Proving Differential Privacy via Probabilistic Couplings. In Proceedings of the 31st Annual ACM/IEEE Symposium on Logic in Computer Science (LICS ’16). Association for Computing Machinery, New York, NY, USA. 749–758. isbn:9781450343916 https://doi.org/10.1145/2933575.2934554 Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Gilles Barthe, Boris Köpf, Federico Olmedo, and Santiago Zanella Béguelin. 2012. Probabilistic Relational Reasoning for Differential Privacy. In Proceedings of the 39th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’12). Association for Computing Machinery, New York, NY, USA. 97–110. isbn:9781450310833 https://doi.org/10.1145/2103656.2103670 Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Gilles Barthe, Boris Köpf, Federico Olmedo, and Santiago Zanella-Béguelin. 2013. Probabilistic Relational Reasoning for Differential Privacy. ACM Trans. Program. Lang. Syst., 35, 3 (2013), Article 9, Nov., 49 pages. issn:0164-0925 https://doi.org/10.1145/2492061 Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Benjamin Bichsel, Timon Gehr, Dana Drachsler-Cohen, Petar Tsankov, and Martin Vechev. 2018. Dp-finder: Finding differential privacy violations by sampling and optimization. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 508–524. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. William J. Bowman and Amal Ahmed. 2015. Noninterference for Free. In Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming (ICFP 2015). Association for Computing Machinery, New York, NY, USA. 101–113. isbn:9781450336697 https://doi.org/10.1145/2784731.2784733 Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Pablo Buiras, Dimitrios Vytiniotis, and Alejandro Russo. 2015. HLIO: Mixing Static and Dynamic Typing for Information-Flow Control in Haskell. In Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming (ICFP 2015). Association for Computing Machinery, New York, NY, USA. 289–301. isbn:9781450336697 https://doi.org/10.1145/2784731.2784758 Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Mark Bun and Thomas Steinke. 2016. Concentrated differential privacy: Simplifications, extensions, and lower bounds. In Theory of Cryptography Conference. 635–658. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Eric Crockett, Chris Peikert, and Chad Sharp. 2018. ALCHEMY: A Language and Compiler for Homomorphic Encryption Made EasY. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS ’18). Association for Computing Machinery, New York, NY, USA. 1020–1037. isbn:9781450356930 https://doi.org/10.1145/3243734.3243828 Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Arthur Azevedo de Amorim, Emilio Jesús Gallego Arias, Marco Gaboardi, and Justin Hsu. 2015. Really Natural Linear Indexed Type Checking. CoRR, abs/1503.04522 (2015), arxiv:1503.04522. arxiv:1503.04522 Google ScholarGoogle Scholar
  17. Arthur Azevedo de Amorim, Marco Gaboardi, Justin Hsu, and Shin-ya Katsumata. 2018. Metric Semantics for Probabilistic Relational Reasoning. CoRR, abs/1807.05091 (2018), arxiv:1807.05091. arxiv:1807.05091 Google ScholarGoogle Scholar
  18. Arthur Azevedo de Amorim, Marco Gaboardi, Justin Hsu, and Shin-ya Katsumata. 2019. Probabilistic Relational Reasoning via Metrics. In 2019 34th Annual ACM/IEEE Symposium on Logic in Computer Science (LICS). 1–19. Google ScholarGoogle ScholarCross RefCross Ref
  19. Zeyu Ding, Yuxin Wang, Guanhong Wang, Danfeng Zhang, and Daniel Kifer. 2018. Detecting violations of differential privacy. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 475–489. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith. 2006. Calibrating noise to sensitivity in private data analysis. In Theory of cryptography conference. 265–284. Google ScholarGoogle Scholar
  21. Cynthia Dwork and Aaron Roth. 2014. The algorithmic foundations of differential privacy. Foundations and Trends® in Theoretical Computer Science, 9, 3–4 (2014), 211–407. Google ScholarGoogle Scholar
  22. Cynthia Dwork and Aaron Roth. 2014. The algorithmic foundations of differential privacy. Foundations and Trends® in Theoretical Computer Science, 9, 3–4 (2014), 211–407. Google ScholarGoogle Scholar
  23. Hamid Ebadi and David Sands. 2015. Featherweight PINQ. arxiv:1505.02642. Google ScholarGoogle Scholar
  24. Hamid Ebadi, David Sands, and Gerardo Schneider. 2015. Differential Privacy: Now it’s Getting Personal. ACM SIGPLAN Notices, 50, https://doi.org/10.1145/2676726.2677005 Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Marco Gaboardi, Andreas Haeberlen, Justin Hsu, Arjun Narayan, and Benjamin C Pierce. 2013. Linear dependent types for differential privacy. In Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages. 357–370. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Grenade. 2020. Grenade Machine Learning Library. https://github.com/HuwCampbell/grenade Google ScholarGoogle Scholar
  27. Moritz Hardt, Katrina Ligett, and Frank McSherry. 2012. A simple and practical algorithm for differentially private data release. In Advances in Neural Information Processing Systems. 2339–2347. Google ScholarGoogle Scholar
  28. Moritz Hardt and Guy N Rothblum. 2010. A multiplicative weights mechanism for privacy-preserving data analysis. In 2010 IEEE 51st Annual Symposium on Foundations of Computer Science. 61–70. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Naoise Holohan, Stefano Braghin, Pól Mac Aonghusa, and Killian Levacher. 2019. Diffprivlib: the IBM differential privacy library. arXiv preprint arXiv:1907.02444. Google ScholarGoogle Scholar
  30. Shin-ya Katsumata. 2014. Parametric Effect Monads and Semantics of Effect Systems. In Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’14). Association for Computing Machinery, New York, NY, USA. 633–645. isbn:9781450325448 https://doi.org/10.1145/2535838.2535846 Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Li Li, Alexandre Bartel, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick McDaniel. 2014. I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis. arxiv:1404.7431. Google ScholarGoogle Scholar
  32. Elisabet Lobo-Vesga, Alejandro Russo, and Marco Gaboardi. 2020. A Programming Framework for Differential Privacy with Accuracy Concentration Bounds. In 2020 IEEE Symposium on Security and Privacy (SP). 411–428. Google ScholarGoogle ScholarCross RefCross Ref
  33. Min Lyu, Dong Su, and Ninghui Li. 2017. Understanding the Sparse Vector Technique for Differential Privacy. Proceedings of the VLDB Endowment, 10, 6 (2017). Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Frank McSherry and Ratul Mahajan. 2010. Differentially-Private Network Trace Analysis. In Proceedings of the ACM SIGCOMM 2010 Conference (SIGCOMM ’10). Association for Computing Machinery, New York, NY, USA. 123–134. isbn:9781450302012 https://doi.org/10.1145/1851182.1851199 Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Frank McSherry and Kunal Talwar. 2007. Mechanism design via differential privacy. In 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS’07). 94–103. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Frank D. McSherry. 2009. Privacy Integrated Queries: An Extensible Platform for Privacy-Preserving Data Analysis. In Proceedings of the 2009 ACM SIGMOD International Conference on Management of Data (SIGMOD ’09). Association for Computing Machinery, New York, NY, USA. 19–30. isbn:9781605585512 https://doi.org/10.1145/1559845.1559850 Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Ilya Mironov. 2017. Rényi Differential Privacy. In 30th IEEE Computer Security Foundations Symposium, CSF 2017, Santa Barbara, CA, USA, August 21-25, 2017. IEEE Computer Society, 263–275. https://doi.org/10.1109/CSF.2017.11 Google ScholarGoogle ScholarCross RefCross Ref
  38. Reinhard Munz, Fabienne Eigner, Matteo Maffei, Paul Francis, and Deepak Garg. 2018. UniTraX: Protecting Data Privacy with Discoverable Biases. In Principles of Security and Trust, Lujo Bauer and Ralf Küsters (Eds.). Springer International Publishing, Cham. 278–299. Google ScholarGoogle Scholar
  39. Andrew C. Myers. 1999. JFlow: Practical Mostly-Static Information Flow Control. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’99). Association for Computing Machinery, New York, NY, USA. 228–241. isbn:1581130953 https://doi.org/10.1145/292540.292561 Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Chaya Nayak. 2020. New privacy-protected Facebook data for independent research on social media’s impact on democracy. https://research.fb.com/blog/2020/02/new-privacy-protected-facebook-data-for-independent-research-on-social-medias-impact-on-democracy/ Google ScholarGoogle Scholar
  41. Joseph P Near, David Darais, Chike Abuah, Tim Stevens, Pranav Gaddamadugu, Lun Wang, Neel Somani, Mu Zhang, Nikhil Sharma, and Alex Shan. 2019. Duet: an expressive higher-order language and linear type system for statically enforcing differential privacy. Proceedings of the ACM on Programming Languages, 3, OOPSLA (2019), 1–30. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Dominic Orchard, Vilem-Benjamin Liepelt, and Harley Eades III. 2019. Quantitative program reasoning with graded modal types. Proceedings of the ACM on Programming Languages, 3, ICFP (2019), 1–30. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Dominic Orchard and Tomas Petricek. 2014. Embedding Effect Systems in Haskell. SIGPLAN Not., 49, 12 (2014), Sept., 13–24. issn:0362-1340 https://doi.org/10.1145/2775050.2633368 Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. D. Orchard, Tomas Petricek, and A. Mycroft. 2014. The semantic marriage of monads and effects. ArXiv, abs/1401.5391 (2014). Google ScholarGoogle Scholar
  45. James Parker, Niki Vazou, and Michael Hicks. 2019. LWeb: Information Flow Security for Multi-Tier Web Applications. Proc. ACM Program. Lang., 3, POPL (2019), Article 75, Jan., 30 pages. https://doi.org/10.1145/3290388 Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Peng Li and S. Zdancewic. 2006. Encoding information flow in Haskell. In 19th IEEE Computer Security Foundations Workshop (CSFW’06). 12 pp.–16. https://doi.org/10.1109/CSFW.2006.13 Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Tomas Petricek. 2017. Context-aware programming languages. Ph.D. Dissertation. University of Cambridge. Google ScholarGoogle Scholar
  48. Jason Reed and Benjamin C Pierce. 2010. Distance makes the types grow stronger: a calculus for differential privacy. In Proceedings of the 15th ACM SIGPLAN international conference on Functional programming. 157–168. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Alejandro Russo, Koen Claessen, and John Hughes. 2008. A Library for Light-Weight Information-Flow Security in Haskell. In Proceedings of the First ACM SIGPLAN Symposium on Haskell (Haskell ’08). Association for Computing Machinery, New York, NY, USA. 13–24. isbn:9781605580647 https://doi.org/10.1145/1411286.1411289 Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Manu Sridharan, Shay Artzi, Marco Pistoia, Salvatore Guarnieri, Omer Tripp, and Ryan Berg. 2011. F4F: Taint Analysis of Framework-Based Web Applications. In Proceedings of the 2011 ACM International Conference on Object Oriented Programming Systems Languages and Applications (OOPSLA ’11). Association for Computing Machinery, New York, NY, USA. 1053–1068. isbn:9781450309400 https://doi.org/10.1145/2048066.2048145 Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. David Terei, Simon Marlow, Simon Peyton Jones, and David Mazières. 2012. Safe Haskell. In Proceedings of the 2012 Haskell Symposium (Haskell ’12). Association for Computing Machinery, New York, NY, USA. 137–148. isbn:9781450315746 https://doi.org/10.1145/2364506.2364524 Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. Matías Toro, David Darais, Chike Abuah, Joe Near, Damián Árquez, Federico Olmedo, and Éric Tanter. 2020. Contextual Linear Types for Differential Privacy. arXiv preprint arXiv:2010.11342. Google ScholarGoogle Scholar
  53. Omer Tripp, Marco Pistoia, Stephen J. Fink, Manu Sridharan, and Omri Weisman. 2009. TAJ: Effective Taint Analysis of Web Applications. In Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’09). Association for Computing Machinery, New York, NY, USA. 87–97. isbn:9781605583921 https://doi.org/10.1145/1542476.1542486 Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Philip Wadler and Peter Thiemann. 2003. The Marriage of Effects and Monads. ACM Trans. Comput. Logic, 4, 1 (2003), Jan., 1–32. issn:1529-3785 https://doi.org/10.1145/601775.601776 Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. X. Wang, Y. Jhi, S. Zhu, and P. Liu. 2008. STILL: Exploit Code Detection via Static Taint and Initialization Analyses. In 2008 Annual Computer Security Applications Conference (ACSAC). 289–298. https://doi.org/10.1109/ACSAC.2008.37 Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. Yuxin Wang, Zeyu Ding, Daniel Kifer, and Danfeng Zhang. 2020. CheckDP: An Automated and Integrated Approach for Proving Differential Privacy or Finding Precise Counterexamples. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 919–938. Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. Yuxin Wang, Zeyu Ding, Guanhong Wang, Daniel Kifer, and Danfeng Zhang. 2019. Proving differential privacy with shadow execution. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation. 655–669. Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. Royce J Wilson, Celia Yuxing Zhang, William Lam, Damien Desfontaines, Daniel Simmons-Marengo, and Bryant Gipson. 2020. Differentially Private SQL with Bounded User Contribution. Proceedings on Privacy Enhancing Technologies, 2020, 2 (2020). Google ScholarGoogle ScholarCross RefCross Ref
  59. Daniel Winograd-Cort, Andreas Haeberlen, Aaron Roth, and Benjamin C. Pierce. 2017. A framework for adaptive differential privacy. Proc. ACM Program. Lang., 1, ICFP (2017), 10:1–10:29. https://doi.org/10.1145/3110254 Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. Z. Yang and M. Yang. 2012. LeakMiner: Detect Information Leakage on Android with Static Taint Analysis. In 2012 Third World Congress on Software Engineering. 101–104. https://doi.org/10.1109/WCSE.2012.26 Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. Danfeng Zhang and Daniel Kifer. 2017. LightDP: towards automating differential privacy proofs. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages. 888–901. Google ScholarGoogle ScholarDigital LibraryDigital Library
  62. Dan Zhang, Ryan McKenna, Ios Kotsogiannis, Michael Hay, Ashwin Machanavajjhala, and Gerome Miklau. 2018. Ektelo: A framework for defining differentially-private computations. In Proceedings of the 2018 International Conference on Management of Data. 115–130. Google ScholarGoogle ScholarDigital LibraryDigital Library
  63. Hengchu Zhang, Edo Roth, Andreas Haeberlen, Benjamin C Pierce, and Aaron Roth. 2019. Fuzzi: A three-level logic for differential privacy. Proceedings of the ACM on Programming Languages, 3, ICFP (2019), 1–28. Google ScholarGoogle ScholarDigital LibraryDigital Library
  64. Úlfar Erlingsson, Vasyl Pihur, and Aleksandra Korolova. 2014. RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response. In Proceedings of the 21st ACM Conference on Computer and Communications Security. Scottsdale, Arizona. arxiv:1407.6981 Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Solo: a lightweight static analysis for differential privacy

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Article Metrics

        • Downloads (Last 12 months)188
        • Downloads (Last 6 weeks)28

        Other Metrics

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!