Combining Differential Privacy and Mutual Information for Analyzing Leakages in Workflows

Workflows are a notation for business processes, focusing on tasks and data flows between them. We have designed and implemented a method for analyzing leakages in workflows by combining differential privacy and mutual information. The input of the method is a description of leakages for each workflow component, using either differential-privacy- or mutual-information-based quantification whichever is known for the component. The differential-privacy-based bounds are combined using the triangle inequality and are then converted to mutual-information-based bounds. Then the bounds for the components are combined using a maximum-flow algorithm. The output of the method is a mutual-information-based quantification of leakages of the whole workflow.

[1]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[2]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[3]  Tom Chothia,et al.  Statistical Measurement of Information Leakage , 2010, TACAS.

[4]  Frank McSherry,et al.  Privacy integrated queries: an extensible platform for privacy-preserving data analysis , 2009, SIGMOD Conference.

[5]  Andreas Haeberlen,et al.  Linear dependent types for differential privacy , 2013, POPL.

[6]  David Clark,et al.  A static analysis for quantifying information flow in a simple imperative language , 2007, J. Comput. Secur..

[7]  Benjamin C. Pierce,et al.  Distance makes the types grow stronger: a calculus for differential privacy , 2010, ICFP '10.

[8]  Michael Backes,et al.  Automatic Discovery and Quantification of Information Leaks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[9]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[10]  Roberto Gorrieri,et al.  Petri Net Security Checker: Structural Non-interference at Work , 2009, Formal Aspects in Security and Trust.

[11]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[12]  Gilles Barthe,et al.  Probabilistic Relational Reasoning for Differential Privacy , 2012, TOPL.

[13]  João Barros,et al.  Network information flow with correlated sources , 2005, IEEE Transactions on Information Theory.

[14]  Stephen McCamant,et al.  Quantitative information flow as network flow capacity , 2008, PLDI '08.

[15]  Mário S. Alvim,et al.  On the information leakage of differentially-private mechanisms , 2015, J. Comput. Secur..

[16]  Marlon Dumas,et al.  Differential Privacy Analysis of Data Processing Workflows , 2016, GraMSec@CSF.

[17]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[18]  Paul W. Cuff,et al.  Differential Privacy as a Mutual Information Constraint , 2016, CCS.