Differential Privacy and Verification. Marco Gaboardi University at Buffalo, SUNY
|
|
- Dwight Armstrong
- 5 years ago
- Views:
Transcription
1 Differential Privacy and Verification Marco Gaboardi University at Buffalo, SUNY
2 Given a program P, is it differentially private?
3 P Verification Tool yes? no?
4 Proof P Verification Tool yes? no?
5 Given a differentially private program P, does it maintain its accuracy promises?
6 Given a differentially private program P that maintains its accuracy promises, can we guarantee that it is also efficient?
7 An algorithm Algorithm 2 DualQuery Input: Database D 2 R X (normalized) and linear queries q 1,...,q k 2 {0, 1} X. Initialize: Let Q = S k j=1 q j [ q j, Q 1 uniform distribution on Q, 16 log Q T = 2, = 48 log 2 X T 4, s = 2. For t =1,...,T: Sample s queries {q i } from Q according to Q t. Let q := 1 P s i q i. Find x t with hq, x t i max x hq, xi /4. Update: For each q 2 Q: Q t+1 q := exp( hq, x t Di) Q t q. Normalize Q t+1. Output synthetic database D b := S T t=1 xt.
8 A program
9 Some issues Are the algorithms bug-free? Do the implementations respect their specifications? Is the system architecture bug-free? Is the code efficient? Do the optimization preserve privacy and accuracy? Is the actual machine code correct? Is the full stack attack-resistant?
10 Outline Few more words on program verification, Challenges in the verification of differential privacy, Few verification methods developed so far, Looking forward.
11
12
13 Algorithm 1 An instantiation of the SVT proposed in this paper. Input: D, Q,, T = T 1,T 2,,c. 1: ϵ 1 = ϵ/2, ρ = Lap ( /ϵ 1 ) 2: ϵ 2 = ϵ ϵ 1, count = 0 3: for each query q i Q do 4: ν i = Lap (2c /ϵ 2 ) 5: if q i (D)+ν i T i + ρ then 6: Output a i = 7: count = count + 1, Abort if count c. 8: else 9: Output a i = Algorithm 2 SVT in Dwork and Roth 2014 [8]. Input: D, Q,,T,c. 1: ϵ 1 = ϵ/2, ρ = Lap (c /ϵ 1 ) 2: ϵ 2 = ϵ ϵ 1, count = 0 3: for each query q i Q do 4: ν i = Lap (2c /ϵ 1 ) 5: if q i (D)+ν i T + ρ then 6: Output a i =, ρ = Lap (c /ϵ 2 ) 7: count = count + 1, Abort if count c. 8: else 9: Output a i = Algorithm 3 SVT in Roth s 2011 Lecture Notes [15]. Input: D, Q,,T,c. 1: ϵ 1 = ϵ/2, ρ = Lap ( /ϵ 1 ), 2: ϵ 2 = ϵ ϵ 1, count = 0 3: for each query q i Q do 4: ν i = Lap (c /ϵ 2 ) 5: if q i (D)+ν i T + ρ then 6: Output a i = q i (D)+ν i 7: count = count + 1, Abort if count c. 8: else 9: Output a i = Algorithm 4 SVT in Lee and Clifton 2014 [13]. Input: D, Q,,T,c. 1: ϵ 1 = ϵ/4, ρ = Lap ( /ϵ 1 ) 2: ϵ 2 = ϵ ϵ 1, count = 0 3: for each query q i Q do 4: ν i = Lap ( /ϵ 2 ) 5: if q i (D)+ν i T + ρ then 6: Output a i = 7: count = count + 1, Abort if count c. 8: else 9: Output a i = Algorithm 5 SVT in Stoddard et al [18]. Input: D, Q,,T. 1: ϵ 1 = ϵ/2, ρ = Lap ( /ϵ 1 ) 2: ϵ 2 = ϵ ϵ 1 3: for each query q i Q do 4: ν i =0 5: if q i (D)+ν i T + ρ then 6: Output a i = 7: 8: else 9: Output a i = Algorithm 6 SVT in Chen et al [1]. Input: D, Q,, T = T 1,T 2,. 1: ϵ 1 = ϵ/2, ρ = Lap ( /ϵ 1 ) 2: ϵ 2 = ϵ ϵ 1 3: for each query q i Q do 4: ν i = Lap ( /ϵ 2 ) 5: if q i (D)+ν i T i + ρ then 6: Output a i = 7: 8: else 9: Output a i = Alg. 1 Alg. 2 Alg. 3 Alg. 4 Alg. 5 Alg. 6 ϵ 1 ϵ/2 ϵ/2 ϵ/2 ϵ/4 ϵ/2 ϵ/2 Scale of threshold noise ρ /ϵ 1 c /ϵ 1 /ϵ 1 /ϵ 1 /ϵ 1 /ϵ 1 Reset ρ after each output of (unnecessary) Yes Scale of query noise ν i 2c /ϵ 2 2c /ϵ 2 c /ϵ 1 /ϵ 2 0 /ϵ 2 Outputting q i + ν i instead of (not private) Yes Outputting unbounded s (not private) ( Yes Yes Privacy Property ϵ-dp ϵ-dp -DP 1+6c ϵ ) -DP -DP -DP 4
14 Some successful stories - 1 CompCert - a fully verified C compiler, Sel4, CertiKOS - formal verification of OS kernel A formal proof of the Odd order theorem, A formal proof of Kepler conjecture (lead by T. Hales).
15 Some successful stories - 1 CompCert - a fully verified C compiler, Sel4, CertiKOS - formal verification of OS kernel A formal proof of the Odd order theorem, A formal proof of Kepler conjecture (lead by T. Hales). Years of work from very specialized researchers!
16 Some successful stories - II Automated verification for Integrated Circuit Design. Automated verification for Floating point computations, Automated verification of Boeing flight control - Astree, Automated verification of Facebook code - Infer.
17 Some successful stories - II Automated verification for Integrated Circuit Design. Automated verification for Floating point computations, Automated verification of Boeing flight control - Astree, Automated verification of Facebook code - Infer. The years of work go in the design of the techniques!
18 Verification trade-offs required expertise granularity of the analysis expressivity
19 What program verification isn t Algorithm design, Trial and error, Program testing, System engineering, A certification process.
20 What program verification can help with Designing languages for non-experts, Guaranteeing the correctness of algorithms, Guaranteeing the correctness of code, Designing automated techniques for guaranteeing differential privacy, Help providing tools for certification process.
21 The challenges of differential privacy Given ε,δ 0, a mechanism M: db O is (ε,δ)-differentially private iff b1, b2 :db at distance one and for every S O: Pr[M(b1) S] exp(ε) Pr[M(b2) S] + δ Relational reasoning, Probabilistic reasoning, Quantitative reasoning
22 A 10 thousand ft view on program verification + expert provided annotations verification tools (semi)-decision procedures (SMT solvers, ITP)
23 Work-flow mechanism described as a program expert manually adds assertions program annotated with assertions proof checker generates VCs whole set of VCs automatic solver checks VCs VCs not solvable automatically interactive solver checks VCs verified mechanism VCs = Verification Conditions
24 Semi-decision procedures Require a good decomposition of the problem, Handle well logical formulas, numerical formulas and their combination, Limited support for probabilistic reasoning (usually through decision procedures for counting).
25 Compositional Reasoning about the privacy budget Sequential Composition Let M i be i -di erentially private (1 apple i apple k). Then M(x) =(M 1 (x),...,m k (x)) is P k i=0 i. We can reason about DP programs by monitoring the privacy budget, If we have basic components for privacy we can just focus on counting, It requires a limited reasoning about probabilities, This way of reasoning adapt to other compositions.
26 Iterated - CDF CDF(X) = number of records with value X. Joe diabets Black Bob tumor Jim flue Alice Smey diabets CDF(Xn)... CDF(50)=4 CDF(40)=3 Bill anemia Sam diabets... List of buckets CDF(30)=2
27 PINQ-like languages - McSherry it-cdf (raw : data) (budget : R) (buckets : list) (ε: R) { } : list var agent = new PINQAgentBudget(budget); var db = new PINQueryable<data>(rawdata, agent); foreach (var b in buckets) b = db.where(y => y.val b).noisycount(ε); yield return b;
28 PINQ-like languages - McSherry it-cdf (raw : data) (budget : R) (buckets : list) (ε: R) { } : list var agent = new PINQAgentBudget(budget); var db = new PINQueryable<data>(rawdata, agent); foreach (var b in buckets) b = db.where(y => y.val b).noisycount(ε); yield return b; agent is responsible for the budget
29 PINQ-like languages - McSherry it-cdf (raw : data) (budget : R) (buckets : list) (ε: R) { } : list var agent = new PINQAgentBudget(budget); var db = new PINQueryable<data>(rawdata, agent); foreach (var b in buckets) b = db.where(y => y.val b).noisycount(ε); yield return b; raw data are accessed through a PINQueryable
30 PINQ-like languages - McSherry it-cdf (raw : data) (budget : R) (buckets : list) (ε: R) { } : list var agent = new PINQAgentBudget(budget); var db = new PINQueryable<data>(rawdata, agent); foreach (var b in buckets) b = db.where(y => y.val b).noisycount(ε); yield return b; we have transformations (scaling factor)
31 PINQ-like languages - McSherry it-cdf (raw : data) (budget : R) (buckets : list) (ε: R) { : list var agent = new PINQAgentBudget(budget); var db = new PINQueryable<data>(rawdata, agent); foreach (var b in buckets) b = db.where(y => y.val b).noisycount(ε); yield return b; } we have transformations (scaling factor) aggregate operations (actual budget consumption)
32 Enough budget? it-cdf (raw : data) (budget : R) (buckets : list) (ε: R) { } : list var agent = new PINQAgentBudget(budget); var db = new PINQueryable<data>(rawdata, agent); foreach (var b in buckets) b = db.where(y => y.val b).noisycount(ε); yield return b; We can check local vs global budget
33 Compositional reasoning about sensitivity GS(f) = max v v 0 f(v) f(v0 ) It allows to decompose the analysis/construction of a DP program, A metric property of the function (DMNS06), It requires a limited reasoning about probabilities, Similar worst case reasoning as basic composition.
34 Fuzz-like languages - Penn it-cdf (b : data) (buckets : list) : list { case buckets of nil => nil x::xs => size (filter (fun y => y x) b))) :: it-cdf xs b }
35 Fuzz-like languages - Penn How sensitive? it-cdf (b :[??] data) (buckets : list) : list { case buckets of nil => nil x::xs => size (filter (fun y => y x) b))) :: it-cdf xs b }
36 Fuzz-like languages - Penn it-cdf (b :[??] data) (buckets : list) : list { case buckets of nil => nil x::xs => size (filter (fun y => y x) b))) :: it-cdf xs b } Let s assume - size : [1]data --o R
37 Fuzz-like languages - Penn it-cdf (b :[??] data) (buckets : list) : list { case buckets of nil => nil x::xs => size (filter (fun y => y x) b))) :: it-cdf xs b } Similarly, - filter : [ ]prop --o [1]data --o R
38 Fuzz-like languages - Penn it-cdf (b :[??] data) (buckets : list) : list { (b :[0] data) case buckets of nil => nil x::xs => size (filter (fun y => y x) b))) :: it-cdf xs b } (b :[n+1] data)
39 Fuzz-like languages - Penn n-sensitive! it-cdf (b :[n] data) (buckets : list[n]) : list { case buckets of nil => nil x::xs => size (filter (fun y => y x) b))) :: it-cdf xs b }
40 Fuzz-like languages - Penn it-cdf (b :[ε*n] data) (buckets : list[n]) (ε:num): nlist { case buckets of nil => nil x::xs => Lap ε size (filter (fun y => y x) b))) :: it-cdf xs b } adding Noise!
41 Reasoning about DP via probabilistic coupling - BGGHS For two (sub)-distributions µ 1,µ 2 2 Dist(A) we have an approximate coupling µ 1 C, (R) µ 2 i there exists µ 2 Dist(A A) s.t. suppµ R i µ apple µ i max A ( i µ e µ i,µ i e i µ) apple Generalize indistinguishability to other relations allowing more general relational reasoning, More involved reasoning about probability distances and divergences, Preserving the ability to use semi-decision logical and numerical procedures.
42 prhl-like languages CDF example similar to the previous ones b b 0 ) (itcdf bl ) C,0 (=) (itcdf b 0 l )
43 prhl-like languages CDF example similar to the previous ones b b 0 ) (itcdf bl ) C,0 (=) (itcdf b 0 l ) Having two copies of the program allows to compare different parts of the same program.
44 Why this helps? It allows to internalize better the properties of Laplace (Lap (1/ ) v 1 ) C k+v1 v 2,0(x 1 + k = x 2 )(Lap (1/ ) v 2 ) can be used to assert symbolically several facts about probabilities.
45 Why this helps? (Lap (1/ ) v 1 ) C v1 v 2,0(x 1 = x 2 )(Lap (1/ ) v 2 ) expresses log Pr(Lap (1/ ) v1 = r) Pr(Lap (1/ ) v 2 = r) apple v 1 v 2
46 Why this helps? v 1 v 2 apple k ) (Lap (1/ ) v 1 ) C 2k,0 (x 1 + k = x 2 )(Lap (1/ ) v 2 ) expresses v 1 v 2 apple k ) log Pr(Lap (1/ ) v1 = r + k) Pr(Lap (1/ ) v 2 = r) apple 2k
47 Why this helps? (Lap (1/ ) v 1 ) C 0,0 (x 1 x 2 = v 1 v 2 )(Lap (1/ ) v 2 ) expresses log Pr(Lap (1/ ) v2 + k = r + k) Pr(Lap (1/ ) v 2 = r) apple 0
48 Other works Bisimulation based methods (Tschantz&al - Xu&al) Fuzz with distributed code (Eigner&Maffei) Satisfiability modulo counting (Friedrikson&Jha) Bayesian Inference (BFGGHS) Adaptive Fuzz (Penn) Accuracy bounds (BGGHS) Continuous models (Sato) Lightweight verification - injective function argument (Zhang&Kifer) Relational symbolic execution for R - generating DP counterexamples (Chong&Farina&Gaboardi) Formalizing the local model (Ebadi&Sands) zcdp (BGHS)
49 Challenges All of these tools are research projects and most of them are usable only by experts. Can we use them to certify correct a library of basic mechanism? Which non-expert we should aim for?
50 Other Challenges Are there other fundamental principles that we can use? How can we extend them to verify accuracy and efficiency? There are several works on the verification of randomness, floating points, SMC, etc. Can we combine the different approaches? How can we internalize more involved data models assumptions? From benchmarks to certification?
Maryam Shoaran Alex Thomo Jens Weber. University of Victoria, Canada
Maryam Shoaran Alex Thomo Jens Weber University of Victoria, Canada Introduction Challenge: Evidence of Participation Sample Aggregates Zero-Knowledge Privacy Analysis of Utility of ZKP Conclusions 12/17/2015
More informationLecture 1 Introduction to Differential Privacy: January 28
Introduction to Differential Privacy CSE711: Topics in Differential Privacy Spring 2016 Lecture 1 Introduction to Differential Privacy: January 28 Lecturer: Marco Gaboardi Scribe: Marco Gaboardi This note
More informationPufferfish Privacy Mechanisms for Correlated Data. Shuang Song, Yizhen Wang, Kamalika Chaudhuri University of California, San Diego
Pufferfish Privacy Mechanisms for Correlated Data Shuang Song, Yizhen Wang, Kamalika Chaudhuri University of California, San Diego Sensitive Data with Correlation } Data from social networks, } eg. Spreading
More informationProving differential privacy in Hoare logic
Proving differential privacy in Hoare logic Gilles Barthe, Marco Gaboardi, Emilio Jesús Gallego Arias, César Kunz, Justin Hsu, and Pierre-Yves Strub IMDEA Software Institute, Spain University of Dundee,
More informationHoare Logic I. Introduction to Deductive Program Verification. Simple Imperative Programming Language. Hoare Logic. Meaning of Hoare Triples
Hoare Logic I Introduction to Deductive Program Verification Işıl Dillig Program Spec Deductive verifier FOL formula Theorem prover valid contingent Example specs: safety (no crashes), absence of arithmetic
More informationPrivacy in Statistical Databases
Privacy in Statistical Databases Individuals x 1 x 2 x n Server/agency ) answers. A queries Users Government, researchers, businesses or) Malicious adversary What information can be released? Two conflicting
More informationAnswering Numeric Queries
Answering Numeric Queries The Laplace Distribution: Lap(b) is the probability distribution with p.d.f.: p x b) = 1 x exp 2b b i.e. a symmetric exponential distribution Y Lap b, E Y = b Pr Y t b = e t Answering
More informationRanking Verification Counterexamples: An Invariant guided approach
Ranking Verification Counterexamples: An Invariant guided approach Ansuman Banerjee Indian Statistical Institute Joint work with Pallab Dasgupta, Srobona Mitra and Harish Kumar Complex Systems Everywhere
More informationSynthesizing Coupling Proofs of Differential Privacy
Synthesizing Coupling Proofs of Differential Privacy AWS ALBARGHOUTHI, University of Wisconsin Madison, USA JUSTIN HSU, University College London, UK Differential privacy has emerged as a promising probabilistic
More informationEnabling Accurate Analysis of Private Network Data
Enabling Accurate Analysis of Private Network Data Michael Hay Joint work with Gerome Miklau, David Jensen, Chao Li, Don Towsley University of Massachusetts, Amherst Vibhor Rastogi, Dan Suciu University
More information[Title removed for anonymity]
[Title removed for anonymity] Graham Cormode graham@research.att.com Magda Procopiuc(AT&T) Divesh Srivastava(AT&T) Thanh Tran (UMass Amherst) 1 Introduction Privacy is a common theme in public discourse
More informationCalibrating Noise to Sensitivity in Private Data Analysis
Calibrating Noise to Sensitivity in Private Data Analysis Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith Mamadou H. Diallo 1 Overview Issues: preserving privacy in statistical databases Assumption:
More informationThe Optimal Mechanism in Differential Privacy
The Optimal Mechanism in Differential Privacy Quan Geng Advisor: Prof. Pramod Viswanath 11/07/2013 PhD Final Exam of Quan Geng, ECE, UIUC 1 Outline Background on Differential Privacy ε-differential Privacy:
More informationConcept of Statistical Model Checking. Presented By: Diana EL RABIH
Concept of Statistical Model Checking Presented By: Diana EL RABIH Introduction Model checking of stochastic systems Continuous-time Markov chains Continuous Stochastic Logic (CSL) Probabilistic time-bounded
More informationDifferential Privacy and its Application in Aggregation
Differential Privacy and its Application in Aggregation Part 1 Differential Privacy presenter: Le Chen Nanyang Technological University lechen0213@gmail.com October 5, 2013 Introduction Outline Introduction
More informationModeling Data Correlations in Private Data Mining with Markov Model and Markov Networks. Yang Cao Emory University
Modeling Data Correlations in Private Data Mining with Markov Model and Markov Networks Yang Cao Emory University 207..5 Outline Data Mining with Differential Privacy (DP) Scenario: Spatiotemporal Data
More informationApproximate and Probabilistic Differential Privacy Definitions
pproximate and Probabilistic Differential Privacy Definitions Sebastian Meiser University College London, United Kingdom, e-mail: s.meiser@ucl.ac.uk July 20, 208 bstract This technical report discusses
More informationAutomatic Resource Bound Analysis and Linear Optimization. Jan Hoffmann
Automatic Resource Bound Analysis and Linear Optimization Jan Hoffmann Beyond worst-case analysis Beyond worst-case analysis of algorithms Beyond worst-case analysis of algorithms Resource bound analysis
More informationPropositional Calculus
Propositional Calculus Dr. Neil T. Dantam CSCI-498/598 RPM, Colorado School of Mines Spring 2018 Dantam (Mines CSCI, RPM) Propositional Calculus Spring 2018 1 / 64 Calculus? Definition: Calculus A well
More informationTowards information flow control. Chaire Informatique et sciences numériques Collège de France, cours du 30 mars 2011
Towards information flow control Chaire Informatique et sciences numériques Collège de France, cours du 30 mars 2011 Mandatory access controls and security levels DAC vs. MAC Discretionary access control
More informationDeductive Verification
Deductive Verification Mooly Sagiv Slides from Zvonimir Rakamaric First-Order Logic A formal notation for mathematics, with expressions involving Propositional symbols Predicates Functions and constant
More informationAccuracy First: Selecting a Differential Privacy Level for Accuracy-Constrained Empirical Risk Minimization
Accuracy First: Selecting a Differential Privacy Level for Accuracy-Constrained Empirical Risk Minimization Katrina Ligett HUJI & Caltech joint with Seth Neel, Aaron Roth, Bo Waggoner, Steven Wu NIPS 2017
More informationNonlinear Control as Program Synthesis (A Starter)
Nonlinear Control as Program Synthesis (A Starter) Sicun Gao MIT December 15, 2014 Preliminaries Definition (L RF ) L RF is the first-order language over the reals that allows arbitrary numerically computable
More informationThe TLA + proof system
The TLA + proof system Stephan Merz Kaustuv Chaudhuri, Damien Doligez, Leslie Lamport INRIA Nancy & INRIA-MSR Joint Centre, France Amir Pnueli Memorial Symposium New York University, May 8, 2010 Stephan
More informationNormalization by Evaluation
Normalization by Evaluation Andreas Abel Department of Computer Science and Engineering Chalmers and Gothenburg University PhD Seminar in Mathematical Engineering EAFIT University, Medellin, Colombia 9
More informationLecture 11- Differential Privacy
6.889 New Developments in Cryptography May 3, 2011 Lecture 11- Differential Privacy Lecturer: Salil Vadhan Scribes: Alan Deckelbaum and Emily Shen 1 Introduction In class today (and the next two lectures)
More informationWhat Can We Learn Privately?
What Can We Learn Privately? Sofya Raskhodnikova Penn State University Joint work with Shiva Kasiviswanathan Homin Lee Kobbi Nissim Adam Smith Los Alamos UT Austin Ben Gurion Penn State To appear in SICOMP
More informationPrivacy of Numeric Queries Via Simple Value Perturbation. The Laplace Mechanism
Privacy of Numeric Queries Via Simple Value Perturbation The Laplace Mechanism Differential Privacy A Basic Model Let X represent an abstract data universe and D be a multi-set of elements from X. i.e.
More informationThe Optimal Mechanism in Differential Privacy
The Optimal Mechanism in Differential Privacy Quan Geng Advisor: Prof. Pramod Viswanath 3/29/2013 PhD Prelimary Exam of Quan Geng, ECE, UIUC 1 Outline Background on differential privacy Problem formulation
More informationReport on Differential Privacy
Report on Differential Privacy Lembit Valgma Supervised by Vesal Vojdani December 19, 2017 1 Introduction Over the past decade the collection and analysis of personal data has increased a lot. This has
More informationSMT BASICS WS 2017/2018 ( ) LOGIC SATISFIABILITY MODULO THEORIES. Institute for Formal Models and Verification Johannes Kepler Universität Linz
LOGIC SATISFIABILITY MODULO THEORIES SMT BASICS WS 2017/2018 (342.208) Armin Biere Martina Seidl biere@jku.at martina.seidl@jku.at Institute for Formal Models and Verification Johannes Kepler Universität
More informationPrivacy-Preserving Data Mining
CS 380S Privacy-Preserving Data Mining Vitaly Shmatikov slide 1 Reading Assignment Evfimievski, Gehrke, Srikant. Limiting Privacy Breaches in Privacy-Preserving Data Mining (PODS 2003). Blum, Dwork, McSherry,
More informationBounded Model Checking with SAT/SMT. Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39
Bounded Model Checking with SAT/SMT Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39 Recap: Symbolic Model Checking with BDDs Method used by most industrial strength model checkers:
More informationThe State Explosion Problem
The State Explosion Problem Martin Kot August 16, 2003 1 Introduction One from main approaches to checking correctness of a concurrent system are state space methods. They are suitable for automatic analysis
More informationMachine Learning for Automated Theorem Proving
Machine Learning for Automated Theorem Proving Bernhard Kragl Machine Learning and Applications Course Spring 2015 Outline Introduction to Automated Theorem Proving Machine Learning Applications Strategy
More informationIvy: Safety Verification by Interactive Generalization
Ivy: Safety Verification by Interactive Generalization Oded Padon Verification Day 1-June-2016 [PLDI 16] Oded Padon, Kenneth McMillan, Aurojit Panda, Mooly Sagiv, Sharon Shoham. Ivy: Safety Verification
More informationCIS 800/002 The Algorithmic Foundations of Data Privacy September 29, Lecture 6. The Net Mechanism: A Partial Converse
CIS 800/002 The Algorithmic Foundations of Data Privacy September 29, 20 Lecturer: Aaron Roth Lecture 6 Scribe: Aaron Roth Finishing up from last time. Last time we showed: The Net Mechanism: A Partial
More informationInteractive Theorem Provers
Interactive Theorem Provers from the perspective of Isabelle/Isar Makarius Wenzel Univ. Paris-Sud, LRI July 2014 = Isabelle λ β Isar α 1 Introduction Notable ITP systems LISP based: ACL2 http://www.cs.utexas.edu/users/moore/acl2
More informationCSCI 5520: Foundations of Data Privacy Lecture 5 The Chinese University of Hong Kong, Spring February 2015
CSCI 5520: Foundations of Data Privacy Lecture 5 The Chinese University of Hong Kong, Spring 2015 3 February 2015 The interactive online mechanism that we discussed in the last two lectures allows efficient
More informationCS Communication Complexity: Applications and New Directions
CS 2429 - Communication Complexity: Applications and New Directions Lecturer: Toniann Pitassi 1 Introduction In this course we will define the basic two-party model of communication, as introduced in the
More informationAxiomatic Semantics. Lecture 9 CS 565 2/12/08
Axiomatic Semantics Lecture 9 CS 565 2/12/08 Axiomatic Semantics Operational semantics describes the meaning of programs in terms of the execution steps taken by an abstract machine Denotational semantics
More informationCIS 700 Differential Privacy in Game Theory and Mechanism Design January 17, Lecture 1
CIS 700 Differential Privacy in Game Theory and Mechanism Design January 17, 2014 Lecture 1 Lecturer: Aaron Roth Scribe: Aaron Roth Intro to Differential Privacy for Game Theorists, and Digital Goods Auctions.
More informationA Multiplicative Weights Mechanism for Privacy-Preserving Data Analysis
A Multiplicative Weights Mechanism for Privacy-Preserving Data Analysis Moritz Hardt Guy N. Rothblum Abstract We consider statistical data analysis in the interactive setting. In this setting a trusted
More informationBoosting and Differential Privacy
Boosting and Differential Privacy Cynthia Dwork Guy N. Rothblum Salil Vadhan Abstract Boosting is a general method for improving the accuracy of learning algorithms. We use boosting to construct privacy-preserving
More informationAnswering Many Queries with Differential Privacy
6.889 New Developments in Cryptography May 6, 2011 Answering Many Queries with Differential Privacy Instructors: Shafi Goldwasser, Yael Kalai, Leo Reyzin, Boaz Barak, and Salil Vadhan Lecturer: Jonathan
More informationTowards Lightweight Integration of SMT Solvers
Towards Lightweight Integration of SMT Solvers Andrei Lapets Boston University Boston, USA lapets@bu.edu Saber Mirzaei Boston University Boston, USA smirzaei@bu.edu 1 Introduction A large variety of SMT
More informationANALYZING REAL TIME LINEAR CONTROL SYSTEMS USING SOFTWARE VERIFICATION. Parasara Sridhar Duggirala UConn Mahesh Viswanathan UIUC
ANALYZING REAL TIME LINEAR CONTROL SYSTEMS USING SOFTWARE VERIFICATION Parasara Sridhar Duggirala UConn Mahesh Viswanathan UIUC Real-Time Systems Linear Control Systems Verification Verification Control
More informationCertified Roundoff Error Bounds using Semidefinite Programming
Certified Roundoff Error Bounds using Semidefinite Programming Victor Magron, CNRS VERIMAG joint work with G. Constantinides and A. Donaldson INRIA Mescal Team Seminar 19 November 2015 Victor Magron Certified
More informationChallenges in Privacy-Preserving Analysis of Structured Data Kamalika Chaudhuri
Challenges in Privacy-Preserving Analysis of Structured Data Kamalika Chaudhuri Computer Science and Engineering University of California, San Diego Sensitive Structured Data Medical Records Search Logs
More informationAgent-Based HOL Reasoning 1
Agent-Based HOL Reasoning 1 Alexander Steen Max Wisniewski Christoph Benzmüller Freie Universität Berlin 5th International Congress on Mathematical Software (ICMS 2016) 1 This work has been supported by
More informationLecture 20: Introduction to Differential Privacy
6.885: Advanced Topics in Data Processing Fall 2013 Stephen Tu Lecture 20: Introduction to Differential Privacy 1 Overview This lecture aims to provide a very broad introduction to the topic of differential
More informationQWIRE Practice: Formal Verification of Quantum Circuits in Coq
1 / 29 QWIRE Practice: Formal Verification of Quantum Circuits in Coq Robert Rand, Jennifer Paykin, Steve Zdancewic University of Pennsylvania Quantum Physics and Logic, 2017 2 / 29 QWIRE A high-level
More informationFrom Learning Algorithms to Differentially Private Algorithms
From Learning Algorithms to Differentially Private Algorithms Jonathan Ullman, Harvard University Big Data and Differential Privacy Workshop December 12, 2013 What is this tutorial about? Using powerful
More informationAlgorithmic verification
Algorithmic verification Ahmed Rezine IDA, Linköpings Universitet Hösttermin 2018 Outline Overview Model checking Symbolic execution Outline Overview Model checking Symbolic execution Program verification
More informationSoftware Verification using Predicate Abstraction and Iterative Refinement: Part 1
using Predicate Abstraction and Iterative Refinement: Part 1 15-414 Bug Catching: Automated Program Verification and Testing Sagar Chaki November 28, 2011 Outline Overview of Model Checking Creating Models
More informationCMPUT651: Differential Privacy
CMPUT65: Differential Privacy Homework assignment # 2 Due date: Apr. 3rd, 208 Discussion and the exchange of ideas are essential to doing academic work. For assignments in this course, you are encouraged
More informationProofs of Correctness: Introduction to Axiomatic Verification
Proofs of Correctness: Introduction to Axiomatic Verification Introduction Weak correctness predicate Assignment statements Sequencing Selection statements Iteration 1 Introduction What is Axiomatic Verification?
More informationData Privacy: Tensions and Opportunities
Data Privacy: Tensions and Opportunities Katrina Ligett Caltech!!! based on joint work with Avrim Blum, Arpita Ghosh, Moritz Hardt, Frank McSherry, and Aaron Roth 1 individuals have lots of interesting
More informationFormal Verification of Mathematical Algorithms
Formal Verification of Mathematical Algorithms 1 Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of bugs Formal verification Levels of verification HOL Light Formalizing
More informationLecture 2: Symbolic Model Checking With SAT
Lecture 2: Symbolic Model Checking With SAT Edmund M. Clarke, Jr. School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 (Joint work over several years with: A. Biere, A. Cimatti, Y.
More informationLOGIC PROPOSITIONAL REASONING
LOGIC PROPOSITIONAL REASONING WS 2017/2018 (342.208) Armin Biere Martina Seidl biere@jku.at martina.seidl@jku.at Institute for Formal Models and Verification Johannes Kepler Universität Linz Version 2018.1
More informationDynamic Semantics. Dynamic Semantics. Operational Semantics Axiomatic Semantics Denotational Semantic. Operational Semantics
Dynamic Semantics Operational Semantics Denotational Semantic Dynamic Semantics Operational Semantics Operational Semantics Describe meaning by executing program on machine Machine can be actual or simulated
More informationInformation Flow Analysis via Path Condition Refinement
Information Flow Analysis via Path Condition Refinement Mana Taghdiri, Gregor Snelting, Carsten Sinz Karlsruhe Institute of Technology, Germany FAST September 16, 2010 KIT University of the State of Baden-Wuerttemberg
More informationDifferential Privacy
CS 380S Differential Privacy Vitaly Shmatikov most slides from Adam Smith (Penn State) slide 1 Reading Assignment Dwork. Differential Privacy (invited talk at ICALP 2006). slide 2 Basic Setting DB= x 1
More informationPrivacy-Preserving Inference in Crowdsourcing Systems. Liyao Xiang Supervisor: Baochun Li Oct. 9, 2017 University of Toronto
Privacy-Preserving Inference in Crowdsourcing Systems Liyao Xiang Supervisor: Baochun Li Oct. 9, 2017 University of Toronto Localization via Crowdsourcing A? dab? dac B dbc C In a crowd, some users know
More information1 Differential Privacy and Statistical Query Learning
10-806 Foundations of Machine Learning and Data Science Lecturer: Maria-Florina Balcan Lecture 5: December 07, 015 1 Differential Privacy and Statistical Query Learning 1.1 Differential Privacy Suppose
More informationA heuristic prover for real inequalities
A heuristic prover for real inequalities Jeremy Avigad Department of Philosophy and Department of Mathematical Sciences Carnegie Mellon University joint work with Robert Y. Lewis and Cody Roux (many slides
More informationDifferential Privacy II: Basic Tools
Differential Privacy II: Basic Tools Adam Smith Computer Science & Engineering Department Penn State IPAM Data 2010 June 8, 2009 Image Oakland Community College 32 33 Techniques for differential privacy
More informationDifferentially Private Linear Regression
Differentially Private Linear Regression Christian Baehr August 5, 2017 Your abstract. Abstract 1 Introduction My research involved testing and implementing tools into the Harvard Privacy Tools Project
More informationIntroduction. Pedro Cabalar. Department of Computer Science University of Corunna, SPAIN 2013/2014
Introduction Pedro Cabalar Department of Computer Science University of Corunna, SPAIN cabalar@udc.es 2013/2014 P. Cabalar ( Department Introduction of Computer Science University of Corunna, SPAIN2013/2014
More informationOn Differentially Private Longest Increasing Subsequence Computation in Data Stream
73 100 On Differentially Private Longest Increasing Subsequence Computation in Data Stream Luca Bonomi 1,, Li Xiong 2 1 University of California San Diego, La Jolla, CA. 2 Emory University, Atlanta, GA.
More informationOn Computing Backbones of Propositional Theories
On Computing Backbones of Propositional Theories Joao Marques-Silva 1 Mikoláš Janota 2 Inês Lynce 3 1 CASL/CSI, University College Dublin, Ireland 2 INESC-ID, Lisbon, Portugal 3 INESC-ID/IST, Lisbon, Portugal
More informationSAT Solvers: Theory and Practice
Summer School on Verification Technology, Systems & Applications, September 17, 2008 p. 1/98 SAT Solvers: Theory and Practice Clark Barrett barrett@cs.nyu.edu New York University Summer School on Verification
More informationSoftware Verification
Software Verification Grégoire Sutre LaBRI, University of Bordeaux, CNRS, France Summer School on Verification Technology, Systems & Applications September 2008 Grégoire Sutre Software Verification VTSA
More informationVerifiable Security of Boneh-Franklin Identity-Based Encryption. Federico Olmedo Gilles Barthe Santiago Zanella Béguelin
Verifiable Security of Boneh-Franklin Identity-Based Encryption Federico Olmedo Gilles Barthe Santiago Zanella Béguelin IMDEA Software Institute, Madrid, Spain 5 th International Conference on Provable
More informationProbabilistic Guarded Commands Mechanized in HOL
Probabilistic Guarded Commands Mechanized in HOL Joe Hurd joe.hurd@comlab.ox.ac.uk Oxford University Joint work with Annabelle McIver (Macquarie University) and Carroll Morgan (University of New South
More informationFrom Electrical Switched Networks to Hybrid Automata. Alessandro Cimatti 1, Sergio Mover 2, Mirko Sessa 1,3
1 2 3 From Electrical Switched Networks to Hybrid Automata Alessandro Cimatti 1, Sergio Mover 2, Mirko Sessa 1,3 Multidomain physical systems Multiple physical domains: electrical hydraulic mechanical
More informationAssertions and Measurements for Mixed-Signal Simulation
Assertions and Measurements for Mixed-Signal Simulation PhD Thesis Thomas Ferrère VERIMAG, University of Grenoble (directeur: Oded Maler) Mentor Graphics Corporation (co-encadrant: Ernst Christen) October
More informationPropositional Reasoning
Propositional Reasoning CS 440 / ECE 448 Introduction to Artificial Intelligence Instructor: Eyal Amir Grad TAs: Wen Pu, Yonatan Bisk Undergrad TAs: Sam Johnson, Nikhil Johri Spring 2010 Intro to AI (CS
More informationMACHINE COMPUTING. the limitations
MACHINE COMPUTING the limitations human computing stealing brain cycles of the masses word recognition: to digitize all printed writing language education: to translate web content games with a purpose
More information02 Propositional Logic
SE 2F03 Fall 2005 02 Propositional Logic Instructor: W. M. Farmer Revised: 25 September 2005 1 What is Propositional Logic? Propositional logic is the study of the truth or falsehood of propositions or
More informationTutorial 1: Modern SMT Solvers and Verification
University of Illinois at Urbana-Champaign Tutorial 1: Modern SMT Solvers and Verification Sayan Mitra Electrical & Computer Engineering Coordinated Science Laboratory University of Illinois at Urbana
More informationTesting System Conformance for Cyber-Physical Systems
Testing System Conformance for Cyber-Physical Systems Testing systems by walking the dog Rupak Majumdar Max Planck Institute for Software Systems Joint work with Vinayak Prabhu (MPI-SWS) and Jyo Deshmukh
More informationDifferential Privacy and Pan-Private Algorithms. Cynthia Dwork, Microsoft Research
Differential Privacy and Pan-Private Algorithms Cynthia Dwork, Microsoft Research A Dream? C? Original Database Sanitization Very Vague AndVery Ambitious Census, medical, educational, financial data, commuting
More informationA Certified Denotational Abstract Interpreter (Proof Pearl)
A Certified Denotational Abstract Interpreter (Proof Pearl) David Pichardie INRIA Rennes David Cachera IRISA / ENS Cachan (Bretagne) Static Analysis Static Analysis Static analysis by abstract interpretation
More informationStanford University CS254: Computational Complexity Handout 8 Luca Trevisan 4/21/2010
Stanford University CS254: Computational Complexity Handout 8 Luca Trevisan 4/2/200 Counting Problems Today we describe counting problems and the class #P that they define, and we show that every counting
More informationArtificial Intelligence Chapter 7: Logical Agents
Artificial Intelligence Chapter 7: Logical Agents Michael Scherger Department of Computer Science Kent State University February 20, 2006 AI: Chapter 7: Logical Agents 1 Contents Knowledge Based Agents
More informationFrom SAT To SMT: Part 1. Vijay Ganesh MIT
From SAT To SMT: Part 1 Vijay Ganesh MIT Software Engineering & SMT Solvers An Indispensable Tactic for Any Strategy Formal Methods Program Analysis SE Goal: Reliable/Secure Software Automatic Testing
More informationChapter 2. Reductions and NP. 2.1 Reductions Continued The Satisfiability Problem (SAT) SAT 3SAT. CS 573: Algorithms, Fall 2013 August 29, 2013
Chapter 2 Reductions and NP CS 573: Algorithms, Fall 2013 August 29, 2013 2.1 Reductions Continued 2.1.1 The Satisfiability Problem SAT 2.1.1.1 Propositional Formulas Definition 2.1.1. Consider a set of
More informationFloyd-Hoare Style Program Verification
Floyd-Hoare Style Program Verification Deepak D Souza Department of Computer Science and Automation Indian Institute of Science, Bangalore. 9 Feb 2017 Outline of this talk 1 Overview 2 Hoare Triples 3
More informationTuring Machine Recap
Turing Machine Recap DFA with (infinite) tape. One move: read, write, move, change state. High-level Points Church-Turing thesis: TMs are the most general computing devices. So far no counter example Every
More informationIntroduction to Complexity Theory. Bernhard Häupler. May 2, 2006
Introduction to Complexity Theory Bernhard Häupler May 2, 2006 Abstract This paper is a short repetition of the basic topics in complexity theory. It is not intended to be a complete step by step introduction
More informationMatching Logic: Syntax and Semantics
Matching Logic: Syntax and Semantics Grigore Roșu 1 and Traian Florin Șerbănuță 2 1 University of Illinois at Urbana-Champaign, USA grosu@illinois.edu 2 University of Bucharest, Romania traian.serbanuta@unibuc.ro
More informationTermination of LCTRSs
Termination of LCTRSs Cynthia Kop 1 1 Department of Computer Science, University of Innsbruck Technikerstraße 21a, 6020 Innsbruck, Austria Cynthia.Kop@uibk.ac.at Abstract Logically Constrained Term Rewriting
More informationComputational Complexity of Bayesian Networks
Computational Complexity of Bayesian Networks UAI, 2015 Complexity theory Many computations on Bayesian networks are NP-hard Meaning (no more, no less) that we cannot hope for poly time algorithms that
More informationComputational Complexity of Inference
Computational Complexity of Inference Sargur srihari@cedar.buffalo.edu 1 Topics 1. What is Inference? 2. Complexity Classes 3. Exact Inference 1. Variable Elimination Sum-Product Algorithm 2. Factor Graphs
More informationThe SAT Revolution: Solving, Sampling, and Counting
The SAT Revolution: Solving, Sampling, and Counting Moshe Y. Vardi Rice University Boolean Satisfiability Boolean Satisfiability (SAT); Given a Boolean expression, using and ( ) or, ( ) and not ( ), is
More informationAlan Bundy. Automated Reasoning LTL Model Checking
Automated Reasoning LTL Model Checking Alan Bundy Lecture 9, page 1 Introduction So far we have looked at theorem proving Powerful, especially where good sets of rewrite rules or decision procedures have
More informationSolving Quantified Verification Conditions using Satisfiability Modulo Theories
Solving Quantified Verification Conditions using Satisfiability Modulo Theories Yeting Ge, Clark Barrett, Cesare Tinelli Solving Quantified Verification Conditions using Satisfiability Modulo Theories
More informationDifferentially Private Chi-squared Test by Unit Circle Mechanism
A Support Vector Technique We describe Algorithm in detail Algorithm takes as input the sample set S, the query sequence F, the sensitivity of query, the threshold τ, and the stop parameter s Algorithm
More information