Threat Models for Differential Privacy

A look at central, local, and hybrid models

All articles in this series

Differential Privacy for Privacy-Preserving Data Analysis

Threat Models for Differential Privacy

Counting Queries: Extracting Key Business Metrics From Datasets

Summation and Average Queries: Detecting Trends in Your Data

Workloads of Counting Queries: Enabling Rich Statistical Analyses With Differential Privacy

Differential Privacy Bugs and Why They’re Hard to Find

It’s not so simple to deploy a practical system that satisfies differential privacy. Our example in the last post was a simple Python program that adds Laplace noise to a function computed over the sensitive data. For this to work in practice, we’d need to collect all the sensitive data on one server to run our program.

What if that server gets hacked? Differential privacy provides no protection in this case—it only protects the output of our program.

When deploying differentially private systems, it’s important to consider the threat model—that is, what kind of adversaries we want the system to protect against. If the threat model includes adversaries who might compromise the server holding the sensitive data, then we need to modify the system to protect against this kind of attack.

…

Want to continue?

By logging in you agree to receive communication from Quality Digest. Privacy Policy.

Create a FREE account

Forgot My Password

Threat Models for Differential Privacy

A look at central, local, and hybrid models

Social Sharing block

Add new comment