[PDF] Testing differential privacy with dual interpreters | Semantic Scholar (2024)

[PDF] Semantic Reader

This work designs a relational symbolic execution technique which supports reasoning about probabilistic coupling, a formal notion that has been shown useful to structure proofs of differential privacy.

Jazz is presented, a language and type system that uses linear types and latent contextual effects to support both advanced variants of differential privacy and higher-order programming, and its expressive power is illustrated through a number of case studies drawn from the recent differential privacy literature.

The complexity of the problem of verifying differential privacy for while-like programs working over boolean values and making probabilistic choices is studied and it is shown that the issue of deciding whether a program is differentially private for specific values of the privacy parameters is PSPACE-complete.

This work develops a method for tight privacy and accuracy bound synthesis using weighted model counting on binary decision diagrams, a state of the art technique from the artificial intelligence and automated reasoning communities for exactly computing probability distributions.

An automatic verification technique for Pufferfish privacy is proposed that can be combined with testing based approach for the purpose of efficiently certifying counterexamples and obtaining a better lower bound for the privacy budget $\epsilon$.

This paper observes that certain DP mechanisms are amenable to a posteriori privacy analysis that exploits the fact that some outputs leak less information about the input database than others, and introduces output differential privacy (ODP) and a new composition experiment to exploit this phenomenon.

A novel approach to identify hot traces from the collected randomized sketches is developed, showing that the very large domain of possible traces can be efficiently explored for hot traces by using the frequency estimates of a visited trace and its prefixes and suffixes.

DP-Sniper is a practical black-box method that automatically finds violations of differential privacy by training a classifier to predict if an observed output was likely generated from one of two possible inputs and transforming this classifier into an approximately optimal attack on differential privacy.

This work devise a methodology for domain experts with limited knowledge of security to estimate the (differential) privacy of an arbitrary mechanism and develops the first approximate estimator for the standard, i.e., non-relative, definition of Distributional Differential Privacy (DDP).

It is concluded that these libraries provide similar utility (except in some notable scenarios), however, there are significant differences in the features provided, and it is found that no single library excels in all areas.

...

...

This paper proposes a new proof technique, called shadow execution, and embed it into a language called ShadowDP, which uses shadow execution to generate proofs of differential privacy with very few programmer annotations and without relying on customized logics and verifiers.

This work proposes the first decision procedure for checking the differential privacy of a non-trivial class of probabilistic computations and implements it for (dis)proving privacy bounds for many well-known examples, including randomized response, histogram, report noisy max and sparse vector.

A new formalism extending apRHL, a relational program logic that has been used for proving differential privacy of non-interactive algorithms, and incorporating a HL, a (non-relational) program logic for accuracy properties is addressed, which exemplifies the three classes of algorithms and explores new variants of the Sparse Vector technique.

This work proposes to streamline the proving of algorithms to be differentially private one at a time with a functional language whose type system automatically guarantees differential privacy, allowing the programmer to write complex privacy-safe query programs in a flexible and compositional way.

It is shown that LightDP verifies sophisticated algorithms with little manual effort, a novel relational type system that separates relational reasoning from privacy budget calculations that is powerful enough to verify sophisticated algorithms where the composition theorem falls short.

A push-button, automated technique for verifying ε-differential privacy of sophisticated randomized algorithms and provides the first automated privacy proofs for a number of challenging algorithms from the differential privacy literature, including Report Noisy Max, the Exponential Mechanism, and the Sparse Vector Mechanism.

DFuzz is presented, an extension of Fuzz with a combination of linear indexed types and lightweight dependent types that allows a richer sensitivity analysis that is able to certify a larger class of queries as differentially private, including ones whose sensitivity depends on runtime information.

The problem of producing counterexamples for incorrect algorithms that make them violate their claimed privacy is considered and an evaluation on a variety of incorrect published algorithms validates the usefulness of the approach.

This paper develops compositional methods for formally verifying differential privacy for algorithms whose analysis goes beyond the composition theorem, based on deep connections between differential privacy and probabilistic couplings, an established mathematical tool for reasoning about stochastic processes.

This work proposes Duet, an expressive higher-order language, linear type system and tool for automatically verifying differential privacy of general-purpose higher- order programs and implements several differentially private machine learning algorithms in Duet which have never before been automatically verified by a language-based tool.

...

...