Fuzzi: a three-level logic for differential privacy

Zhang, Hengchu; Roth, Edo; Haeberlen, Andreas; Pierce, Benjamin C.; Roth, Aaron

doi:10.1145/3341697

Cited by 21 publications

(25 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We believe that a promising way forward is to integrate λ obliv 's type-level mechanisms with richer systems for formal reasoning. For example, we could adopt the approach of semantic typing, embedding λ obliv 's type rules as lemmas in a richer logic, as done in RustBelt [Jung et al 2018] or Fuzzi [Zhang et al 2019b]. The logic of Barthe et al [2020] is a good candidate, but it needs further extensions too.…”

Section: Discussionmentioning

confidence: 99%

“…Some prior work aims to quantify the information released by a (possibly randomized) program (e.g., Köpf and Rybalchenko [2013]; Mu and Clark [2009]) according to entropy-based measures. Work on verifying the correctness of differentially private algorithms [Barthe et al 2013;Zhang and Kifer 2017;Zhang et al 2019b], essentially aims to bound possible leakage; by contrast, we enforce that no information leaks due to a program's execution.…”

Section: Related Workmentioning

confidence: 99%

“…Unfortunately, λ obliv 's strict ordering on probability regions is too strong, so the complete ostack implementation will not typecheck. An interesting future direction would be to apply the approach of Zhang et al [2019a] to integrate λ obliv 's type system with a general logic, such as that by Barthe et al [2020], which can be be used to justify that omitting the probability region order check is (locally) safe. We elaborate in Section 6 when we discuss related work and make the case that λ obliv subsumes previous work on type system design for oblivious computation.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A language for probabilistically oblivious computation

Darais

Sweet

Liu

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

An oblivious computation is one that is free of direct and indirect information leaks, e.g., due to observable differences in timing and memory access patterns. This paper presents λ obliv , a core language whose type system enforces obliviousness. Prior work on type-enforced oblivious computation has focused on deterministic programs. λ obliv is new in its consideration of programs that implement probabilistic algorithms, such as those involved in cryptography. λ obliv employs a substructural type system and a novel notion of probability region to ensure that information is not leaked via the observed distribution of visible events. Probability regions support reasoning about probabilistic correlation and independence between values, and our use of probability regions is motivated by a source of unsoundness that we discovered in the type system of ObliVM, a language for implementing state of the art oblivious algorithms. We prove that λ obliv 's type system enforces obliviousness and show that it is expressive enough to typecheck advanced tree-based oblivious RAMs. CCS Concepts: • Security and privacy → Logic and verification.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A language for probabilistically oblivious computation

Darais

Sweet

Liu

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

“…The formalization of linguistic meanings within the theory of fuzzy sets is carried out through membership functions (MFs) . The most widespread methods of constructing MFs are based on the statistical processing of expert information and on paired comparisons [4][5][6][18][19][20][21][22][23]. These methods are mainly used in the development of pure expert systems that apply only expert knowledge [7][8][9][10].…”

Section: The Analysis Of Publicationsmentioning

confidence: 99%

Using Fuzzy Logic to Control Dynamic Loads on Road-Building Machine Construction Elements

Koval

Minka

2020

Bulletin of KhNAHU

View full text Add to dashboard Cite

show abstract

“…Type Systems Enriched with Program Logics. At a high level, Fuzzi [56] has a similar aim to Duet: supporting differential privacy for general-purpose programs and supporting recent variants of differential privacy. Duet is designed primarily as a fully-automated type system with a rich set of primitives for vector-based and higher-order programming; low-level mechanisms in Duet are opaque and trusted.…”

Section: Related Workmentioning

confidence: 99%

Duet: an expressive higher-order language and linear type system for statically enforcing differential privacy

Near

Darais

Abuah

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

During the past decade, differential privacy has become the gold standard for protecting the privacy of individuals. However, verifying that a particular program provides differential privacy often remains a manual task to be completed by an expert in the field. Language-based techniques have been proposed for fully automating proofs of differential privacy via type system design, however these results have lagged behind advances in differentially-private algorithms, leaving a noticeable gap in programs which can be automatically verified while also providing state-of-the-art bounds on privacy.We propose Duet, an expressive higher-order language, linear type system and tool for automatically verifying differential privacy of general-purpose higher-order programs. In addition to general purpose programming, Duet supports encoding machine learning algorithms such as stochastic gradient descent, as well as common auxiliary data analysis tasks such as clipping, normalization and hyperparameter tuning-each of which are particularly challenging to encode in a statically verified differential privacy framework.We present a core design of the Duet language and linear type system, and complete key proofs about privacy for well-typed programs. We then show how to extend Duet to support realistic machine learning applications and recent variants of differential privacy which result in improved accuracy for many practical differentially private algorithms. Finally, we implement several differentially private machine learning algorithms in Duet which have never before been automatically verified by a language-based tool, and we present experimental results which demonstrate the benefits of Duet's language design in terms of accuracy of trained machine learning models. privacy provides a robust solution to this problem, and as a result, a number of differentially private algorithms have been developed for machine learning [3,13,17,28,42,50,51,54].Few practical approaches exist, however, for automatically proving that a general-purpose program satisfies differential privacy-an increasingly desirable goal, since many machine learning pipelines are expressed as programs that combine existing algorithms with custom code. Enforcing differential privacy for a new program currently requires a new, manually-written privacy proof. This process is arduous, error-prone, and must be performed by an expert in differential privacy (and re-performed, each time the program is modified).We present Duet, a programming language, type system and tool for expressing and statically verifying privacy-preserving programs. Duet supports (1) general purpose programming features like compound datatypes and higher-order functions, (2) library functions for matrix-based computations, and (3) multiple state-of-the-art variants of differential privacy-(ϵ, δ )-differential privacy [25], Rényi differential privacy [38], zero-concentrated differential privacy (zCDP) [16], and truncated-concentrated differential privacy (tCDP) [15]-and can be easily extended to...

show abstract

Fuzzi: a three-level logic for differential privacy

Cited by 21 publications

References 39 publications

A language for probabilistically oblivious computation

A language for probabilistically oblivious computation

Using Fuzzy Logic to Control Dynamic Loads on Road-Building Machine Construction Elements

Duet: an expressive higher-order language and linear type system for statically enforcing differential privacy

Contact Info

Product

Resources

About