Sensitivity Analysis of SQL Queries

The sensitivity of a function is the maximum change of its output for a unit change of its input. In this paper we present a method for determining the sensitivity of SQL queries, seen as functions from databases to datasets, where the change is measured in the number of rows that differ. Given a query, a database schema and a number, our method constructs a formula that is satisfiable only if the sensitivity of the query is bigger than this number. Our method is composable, and can also be applied to SQL workflows. Our results can be used to calibrate the amount of noise that has to be added to the output of the query to obtain a certain level of differential privacy.

[1]  Benjamin C. Pierce,et al.  Distance makes the types grow stronger: a calculus for differential privacy , 2010, ICFP '10.

[2]  Matteo Maffei,et al.  Differential Privacy by Typing in Security Protocols , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[3]  Surajit Chaudhuri,et al.  Database Access Control and Privacy: Is there a common ground? , 2011, CIDR.

[4]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[5]  Benjamin I. P. Rubinstein,et al.  Pain-Free Random Differential Privacy with Sensitivity Sampling , 2017, ICML.

[6]  Sofya Raskhodnikova,et al.  Smooth sensitivity and sampling in private data analysis , 2007, STOC '07.

[7]  Marlon Dumas,et al.  Differential Privacy Analysis of Data Processing Workflows , 2016, GraMSec@CSF.

[8]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[9]  Sofya Raskhodnikova,et al.  Testing and Reconstruction of Lipschitz Functions with Applications to Data Privacy , 2013, SIAM J. Comput..

[10]  Sushil Jajodia,et al.  Toward a multilevel secure relational data model , 1991, SIGMOD '91.

[11]  Marco Gaboardi,et al.  Sensitivity of Counting Queries , 2016, ICALP.

[12]  Gilles Barthe,et al.  Higher-Order Approximate Relational Refinement Types for Mechanism Design and Differential Privacy , 2014, POPL.

[13]  Catuscia Palamidessi,et al.  Differential Privacy for Relational Algebra: Improving the Sensitivity Bounds via Constraint Systems , 2012, QAPL.

[14]  David Sands,et al.  Featherweight PINQ , 2015, J. Priv. Confidentiality.

[15]  Andreas Haeberlen,et al.  Linear dependent types for differential privacy , 2013, POPL.