Abstract
Privacy Integrated Queries (PINQ) is an extensible data analysis platform designed to provide unconditional privacy guarantees for the records of the underlying data sets. PINQ provides analysts with access to records through an SQL-like declarative language (LINQ) amidst otherwise arbitrary C# code. At the same time, the design of PINQ's analysis language and its careful implementation provide formal guarantees of differential privacy for any and all uses of the platform. PINQ's guarantees require no trust placed in the expertise or diligence of the analysts, broadening the scope for design and deployment of privacy-preserving data analyses, especially by privacy nonexperts.
- Adam, N.R., Wortmann, J.C. Security-control methods for statistical databases: A comparative study, ACM Comput. Surv., 21, 4 (1989), 515--556. Google ScholarDigital Library
- Barak, B., Chaudhuri, K., Dwork, C., Kale, S., McSherry, F., Talwar, K. Privacy, accuracy, and consistency too: a holistic solution to contingency table release, in PODS (2007), 273--282. Google ScholarDigital Library
- Barbaro, M., Zeller Jr., T. A face is exposed for AOL searcher no. 4417749, The New York Times, August 9, 2006.Google Scholar
- Blum, A., Dwork, C., McSherry, F., Nissim, K. Practical privacy: The SuLQ framework, in PODS (2005), 128--138. Google ScholarDigital Library
- Dwork, C. Differential privacy, in ICALP (2006), 1--12. Google ScholarDigital Library
- Dwork, C. A firm foundation for private data analysis, Communications of the ACM, Association for Computing Machinery, Inc., 2010. Google ScholarDigital Library
- Dwork, C., Kenthapadi, K., McSherry, F., Mironov, I., Naor, M., Our data, ourselves: Privacy via distributed noise generation, in EUROCRYPT (2006), 486--503. Google ScholarDigital Library
- Dwork, C., McSherry, F., Nissim, K., Smith, A. Calibrating noise to sensitivity in private data analysis, in TCC (2006), 265--284. Google ScholarDigital Library
- Isard, M., Budiu, M., Yu, Y., Birrell, A., Fetterly, D. Dryad: distributed data-parallel programs from sequential building blocks, in EuroSys. ACM (2007), 59--72. Google ScholarDigital Library
- McSherry, F. Privacy integrated queries: an extensible platform for privacy-preserving data analysis, in SIGMOD Conference (2009), 19--30. Google ScholarDigital Library
- McSherry, F., Talwar, K. Mechanism design via differential privacy, in FOCS (2007), 94--103. Google ScholarDigital Library
- McSherry, F., Talwar, K. Synthetic data via differential privacy, Manuscript.Google Scholar
- Mirkovic, J. Privacy-safe nework trace sharing via secure queries, in NDA (2008). Google ScholarDigital Library
- Roy, I., Setty, S.T., Kilzer, A., Shmatikov, V., Witchel, E. Airavat: Security and privacy for mapreduce, in NSDI Conference (2010). Google ScholarDigital Library
- Yu, Y., Isard, M., Fetterly, D., Budiu, M., Erlingsson, U, Gunda, P.K., Currey, J. DryadLINQ: A system for general-purpose distributed data-parallel computing using a high-level language, in OSDI (2008). Google ScholarDigital Library
Index Terms
- Privacy integrated queries: an extensible platform for privacy-preserving data analysis
Recommendations
Privacy integrated queries: an extensible platform for privacy-preserving data analysis
SIGMOD '09: Proceedings of the 2009 ACM SIGMOD International Conference on Management of dataWe report on the design and implementation of the Privacy Integrated Queries (PINQ) platform for privacy-preserving data analysis. PINQ provides analysts with a programming interface to unscrubbed data through a SQL-like language. At the same time, the ...
Privacy integrated data stream queries
PSP '14: Proceedings of the 2014 International Workshop on Privacy & Security in ProgrammingResearch on differential privacy is generally concerned with examining data sets that are static. Because the data sets do not change, every computation on them produces "one-shot" query results; the results do not change aside from randomness ...
Privacy-safe network trace sharing via secure queries
NDA '08: Proceedings of the 1st ACM workshop on Network data anonymizationPrivacy concerns relating to sharing network traces have traditionally been handled via sanitization, which includes removal of sensitive data and IP address anonymization. We argue that sanitization is a poor solution for data sharing that offers ...
Comments