2 Linear Dependent Types and Sensitivity Analysis : DFuzz

Function sensitivity—how much a function output can change with respect to changes in the input—is a key property in many research areas. For instance, in the field of differential privacy, a common mechanism for making a (possibly non-private) query private involves establishing a bound on its sensitivity. One way to bound the sensitivity of functional programs is by using a type-based analysis combining linear indexed types and dependent types — the main concept behind DFuzz, a language for differentially private queries. In this paper we propose a type checking algorithm for the system of [1] to make this analysis automatic, by reducing sensitivity analysis to constraint solving — a solution to these constraints provides an upper bound on program sensitivity.

[1]  Ugo Dal Lago,et al.  The geometry of types , 2012, POPL.

[2]  Frank Pfenning,et al.  Dependent types in practical programming , 1999, POPL '99.

[3]  G. Zames Input-output feedback stability and robustness, 1959-85 , 1996 .

[4]  Martin Hofmann,et al.  Type inference in intuitionistic linear logic , 2010, PPDP.

[5]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[6]  Gilles Barthe,et al.  Probabilistic Relational Reasoning for Differential Privacy , 2012, TOPL.

[7]  Vitaly Shmatikov,et al.  Airavat: Security and Privacy for MapReduce , 2010, NSDI.

[8]  Catuscia Palamidessi,et al.  Differential Privacy for Relational Algebra: Improving the Sensitivity Bounds via Constraint Systems , 2012, QAPL.

[9]  Frank McSherry,et al.  Privacy integrated queries: an extensible platform for privacy-preserving data analysis , 2009, SIGMOD Conference.

[10]  Dale Miller,et al.  Logic Programming in a Fragment of Intuitionistic Linear Logic , 1994, Inf. Comput..

[11]  Benjamin C. Pierce,et al.  Distance makes the types grow stronger: a calculus for differential privacy , 2010, ICFP '10.

[12]  Benjamin C. Pierce,et al.  Higher-Order Subtyping , 1994, Theor. Comput. Sci..

[13]  Chiyan Chen,et al.  Combining programming with theorem proving , 2005, ICFP '05.

[14]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[15]  Olivier Bournez,et al.  Robust Computations with Dynamical Systems , 2010, MFCS.

[16]  François Bobot,et al.  Why3: Shepherd Your Herd of Provers , 2011 .

[17]  Martin Odersky,et al.  Type Inference with Constrained Types , 1999, Theory Pract. Object Syst..

[18]  Frank Pfenning,et al.  Efficient resource management for linear logic proof search , 1996, Theor. Comput. Sci..

[19]  Ugo Dal Lago,et al.  Linear Dependent Types and Relative Completeness , 2011, 2011 IEEE 26th Annual Symposium on Logic in Computer Science.

[20]  Benjamin C. Pierce,et al.  Advanced Topics In Types And Programming Languages , 2004 .

[21]  Matteo Maffei,et al.  Differential Privacy by Typing in Security Protocols , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[22]  Sumit Gulwani,et al.  Proving programs robust , 2011, ESEC/FSE '11.

[23]  Andreas Haeberlen,et al.  Linear dependent types for differential privacy , 2013, POPL.

[24]  Kazushige Terui,et al.  Verification of Ptime Reducibility for system F Terms: Type Inference in Dual Light Affine Logic , 2007, Log. Methods Comput. Sci..