Coupled Relational Symbolic Execution for Differential Privacy

Farina, Gian Pietro; Chong, Stephen; Gaboardi, Marco

doi:10.1007/978-3-030-72019-3_8

Cited by 7 publications

(6 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are also many domain-specific automated analyses for specific probabilistic properties, such as termination and resource analysis [Chatterjee et al 2016;Moosbrugger et al 2021;Wang et al 2021], accuracy Smith et al 2019], reliability [Carbin et al 2012], differential privacy [Albarghouthi and Hsu 2018b;Barthe et al 2021] and other relational properties [Albarghouthi and Hsu 2018a;Farina et al 2021], and long-run properties of probabilistic loops [Bartocci et al 2019[Bartocci et al , 2020. Our approach aims to create a general-purpose analysis.…”

Section: Related Workmentioning

confidence: 99%

Symbolic Execution for Randomized Programs

Susag,

Lahiri,

Hsu

et al. 2022

Preprint

View full text Add to dashboard Cite

We propose a symbolic execution method for programs that can draw random samples. In contrast to existing work, our method can verify randomized programs with unknown inputs and can prove probabilistic properties that universally quantify over all possible inputs. Our technique augments standard symbolic execution with a new class of probabilistic symbolic variables, which represent the results of random draws, and computes symbolic expressions representing the probability of taking individual paths. We implement our method on top of the KLEE symbolic execution engine alongside multiple optimizations and use it to prove properties about probabilities and expected values for a range of challenging case studies written in C++, including Freivalds' algorithm, randomized quicksort, and a randomized property-testing algorithm for monotonicity. We evaluate our method against Psi, an exact probabilistic symbolic inference engine, and Storm, a probabilistic model checker, and show that our method significantly outperforms both tools. CCS Concepts: • Mathematics of computing → Probabilistic inference problems; • Software and its engineering → Software verification; Automated static analysis; • Theory of computation → Automated reasoning; Program verification.

show abstract

Section: Related Workmentioning

confidence: 99%

Symbolic Execution for Randomized Programs

Susag,

Lahiri,

Hsu

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…We presented the first compositional, incremental method for detecting memory-safety and information leakage vulnerabilities, free of false alarms. Existing techniques for the automatic discovery of these types of vulnerabilities include relational symbolic execution [Daniel et al 2020[Daniel et al , 2021Farina et al 2019Farina et al , 2021 and differential fuzzing [Nilizadeh et al 2019], which generalise the traditional vulnerability discovery techniques of symbolic execution and fuzzing respectively to allow them to compare program executions. Recent work also explores hybrid approaches that combine these techniques [Noller et al 2020].…”

Section: Related Work and Conclusionmentioning

confidence: 99%

Compositional Vulnerability Detection with Insecurity Separation Logic

Murray¹,

Yan²,

Ernst³

2021

Preprint

View full text Add to dashboard Cite

We present the first compositional, incremental static analysis for detecting memory-safety and information leakage vulnerabilities in C-like programs. To do so, we develop the first under-approximate relational program logics, including Insecurity Separation Logic (InsecSL). We show how InsecSL can be automated via backpropagating symbolic execution (BPSE) to build a bottom-up, inter-procedural and incremental analysis for detecting vulnerabilities. We prove our approach sound in Isabelle/HOL and implement it in a proof-of-concept tool, Underflow, for analysing C programs, which we apply to various case studies.

show abstract

“…Recent work [4,26,47] targets both proving and disproving differential privacy. CheckDP [47] also relies on the Randomness Alignment technique.…”

Section: Related Workmentioning

confidence: 99%

“…However, these programs only allow a bounded number of samples from the Laplace distribution, and their inputs and outputs are from a finite domain. Farina [26] builds a relational symbolic execution framework, which when combined with probabilistic couplings, is able to prove differential privacy for SVT or generate failing traces for its two incorrect variants.…”

Section: Related Workmentioning

confidence: 99%

“…Counterexample detectors for differential privacy [12,13,20,29] can find evidence that an (incorrect) privacy mechanism fails to satisfy its claimed privacy levels. Moreover, a few tools can combine both functionalities: either proving a mechanism is correct or finding a counterexample [4,26,47]. While these tools are invaluable for ensuring correctness of privacy mechanisms, they all require a putative differentially private algorithm as a starting point.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

DPGen: Automated Program Synthesis for Differential Privacy

Wang,

Ding,

Xiao

et al. 2021

Preprint

View full text Add to dashboard Cite

Differential privacy has become a de facto standard for releasing data in a privacy-preserving way. Creating a differentially private algorithm is a process that often starts with a noise-free (nonprivate) algorithm. The designer then decides where to add noise, and how much of it to add. This can be a non-trivial process -if not done carefully, the algorithm might either violate differential privacy or have low utility.In this paper, we present DPGen, a program synthesizer that takes in non-private code (without any noise) and automatically synthesizes its differentially private version (with carefully calibrated noise). Under the hood, DPGen uses novel algorithms to automatically generate a sketch program with candidate locations for noise, and then optimize privacy proof and noise scales simultaneously on the sketch program. Moreover, DPGen can synthesize sophisticated mechanisms that adaptively process queries until a specified privacy budget is exhausted. When evaluated on standard benchmarks, DPGen is able to generate differentially private mechanisms that optimize simple utility functions within 120 seconds. It is also powerful enough to synthesize adaptive privacy mechanisms. CCS CONCEPTS• Security and privacy → Logic and verification; • Theory of computation → Program analysis.

show abstract

Coupled Relational Symbolic Execution for Differential Privacy

Cited by 7 publications

References 26 publications

Symbolic Execution for Randomized Programs

Symbolic Execution for Randomized Programs

Compositional Vulnerability Detection with Insecurity Separation Logic

DPGen: Automated Program Synthesis for Differential Privacy

Contact Info

Product

Resources

About