SPLASH 2020
Sun 15 - Sat 21 November 2020 Online Conference
Fri 20 Nov 2020 10:00 - 10:20 at SPLASH-III - F-2B Chair(s): Hridesh Rajan
Fri 20 Nov 2020 22:00 - 22:20 at SPLASH-III - F-2B Chair(s): Steve Blackburn, Alex Potanin

Differential privacy has emerged as a leading theoretical framework for privacy-preserving data gathering and analysis. It allows meaningful statistics to be collected for a population without revealing ``too much'' information about any individual member of the population. For software profiling, this machinery allows profiling data from many users of a deployed software system to be collected and analyzed in a privacy-preserving manner. Such a solution is appealing to many stakeholders, including software users, software developers, infrastructure providers, and government agencies.

We propose an approach for differentially-private collection of frequency vectors from software executions. Frequency information is reported with the addition of random noise drawn from the Laplace distribution. A key observation behind the design of our scheme is that event frequencies are closely correlated due to the static code structure. Differential privacy protections must account for such relationships; otherwise, a seemingly-strong privacy guarantee is actually weaker than it appears. Motivated by this observation, we propose a novel and general differentially-private profiling scheme when correlations between frequencies can be expressed through linear inequalities. Using a linear programming formulation, we show how to determine the magnitude of random noise that should be added to achieve meaningful privacy protections under such linear constraints. Next, we develop an efficient instance of this general machinery for an important subclass of constraints. Instead of LP, our solution uses a reachability analysis of a constraint graph. As an exemplar, we employ this approach to implement differentially-private method frequency profiling for Android apps.

Any differentially-private scheme has to balance two competing aspects: privacy and accuracy. Through an experimental study to characterize these trade-offs, we (1) show that our proposed randomization achieves much higher accuracy compared to related prior work, (2) demonstrate that high accuracy and high privacy protection can be achieved simultaneously, and (3) highlight the importance of linear constraints in the design of the randomization. These promising results provide evidence that our approach is a good candidate for privacy-preserving frequency profiling of deployed software.

Fri 20 Nov

Displayed time zone: Central Time (US & Canada) change

09:00 - 10:20
F-2BOOPSLA at SPLASH-III +12h
Chair(s): Hridesh Rajan Iowa State University, USA
09:00
20m
Talk
Feedback-Driven Semi-supervised Synthesis of Program Transformations
OOPSLA
Xiang Gao National University of Singapore, Shraddha Barke University of California at San Diego, Arjun Radhakrishna Microsoft, Gustavo Soares Microsoft, Sumit Gulwani Microsoft, Alan Leung Microsoft, Nachiappan Nagappan Microsoft Research, Ashish Tiwari Microsoft
Link to publication DOI Media Attached
09:20
20m
Talk
Testing Differential Privacy with Dual Interpreters
OOPSLA
Hengchu Zhang University of Pennsylvania, Edo Roth University of Pennsylvania, Andreas Haeberlen University of Pennsylvania, Benjamin C. Pierce University of Pennsylvania, Aaron Roth University of Pennsylvania
Link to publication DOI Media Attached
09:40
20m
Talk
Unifying Execution of Imperative Generators and Declarative Specifications
OOPSLA
Pengyu Nie University of Texas at Austin, Marinela Parovic University of Texas at Austin, Zhiqiang Zang University of Texas at Austin, Sarfraz Khurshid University of Texas at Austin, Aleksandar Milicevic Microsoft, Milos Gligoric University of Texas at Austin
Link to publication DOI Media Attached
10:00
20m
Talk
Differentially-Private Software Frequency Profiling under Linear Constraints
OOPSLA
Hailong Zhang Fordham University, Yu Hao Ohio State University, Sufian Latif Ohio State University, Raef Bassily Ohio State University, Atanas Rountev Ohio State University
Link to publication DOI Media Attached
21:00 - 22:20
F-2BOOPSLA at SPLASH-III
Chair(s): Steve Blackburn Australian National University, Alex Potanin Victoria University of Wellington
21:00
20m
Talk
Feedback-Driven Semi-supervised Synthesis of Program Transformations
OOPSLA
Xiang Gao National University of Singapore, Shraddha Barke University of California at San Diego, Arjun Radhakrishna Microsoft, Gustavo Soares Microsoft, Sumit Gulwani Microsoft, Alan Leung Microsoft, Nachiappan Nagappan Microsoft Research, Ashish Tiwari Microsoft
Link to publication DOI Media Attached
21:20
20m
Talk
Testing Differential Privacy with Dual Interpreters
OOPSLA
Hengchu Zhang University of Pennsylvania, Edo Roth University of Pennsylvania, Andreas Haeberlen University of Pennsylvania, Benjamin C. Pierce University of Pennsylvania, Aaron Roth University of Pennsylvania
Link to publication DOI Media Attached
21:40
20m
Talk
Unifying Execution of Imperative Generators and Declarative Specifications
OOPSLA
Pengyu Nie University of Texas at Austin, Marinela Parovic University of Texas at Austin, Zhiqiang Zang University of Texas at Austin, Sarfraz Khurshid University of Texas at Austin, Aleksandar Milicevic Microsoft, Milos Gligoric University of Texas at Austin
Link to publication DOI Media Attached
22:00
20m
Talk
Differentially-Private Software Frequency Profiling under Linear Constraints
OOPSLA
Hailong Zhang Fordham University, Yu Hao Ohio State University, Sufian Latif Ohio State University, Raef Bassily Ohio State University, Atanas Rountev Ohio State University
Link to publication DOI Media Attached