Differentially private budget tracking using Renyi divergence
First Claim
1. A method for bounding a privacy spend for a query to a database storing restricted data, the query received by a differentially private system, the method comprising:
- receiving a database query from the client, the database query comprising a relation indicative of data to perform the query upon and at least one privacy parameter indicative of a level of differential privacy with which to perform the query;
determining a noise type for the query based on a preset configuration of the differentially private system;
generating a representation of probabilistic privacy loss for the query based on the determined noise type;
determining a privacy spend for the query using the generated representation of probabilistic privacy loss;
determining whether the determined privacy spend exceeds a privacy budget associated with the client; and
responsive to determining the determined privacy spend exceeds the privacy budget associated with the client, blocking the query.
2 Assignments
0 Petitions
Accused Products
Abstract
A differentially private security system communicatively coupled to a database storing restricted data receives a database query from a client. The database query includes a relation indicative of data to perform the query upon and at least one privacy parameter indicative of a level of differential privacy with which to perform the query. The differentially private security system determines a noise type for the query. The differentially private security system determines a representation of probabilistic privacy loss for the query based on the determined noise type. The differentially private security system determines a privacy spend for the query using the generated representation of probabilistic privacy loss. The differentially private security system determines whether the determined privacy spend exceeds a privacy budget associated with the client.
-
Citations
20 Claims
-
1. A method for bounding a privacy spend for a query to a database storing restricted data, the query received by a differentially private system, the method comprising:
-
receiving a database query from the client, the database query comprising a relation indicative of data to perform the query upon and at least one privacy parameter indicative of a level of differential privacy with which to perform the query; determining a noise type for the query based on a preset configuration of the differentially private system; generating a representation of probabilistic privacy loss for the query based on the determined noise type; determining a privacy spend for the query using the generated representation of probabilistic privacy loss; determining whether the determined privacy spend exceeds a privacy budget associated with the client; and responsive to determining the determined privacy spend exceeds the privacy budget associated with the client, blocking the query. - View Dependent Claims (2, 3, 4, 5, 6, 7, 19, 20)
-
-
8. A non-transitory computer-readable storage medium storing computer program instructions executable by a processor to perform operations for bounding a privacy spend for a query to a database storing restricted data, the query received by a differentially private system, the operations comprising:
-
receiving a database query from the client, the database query comprising a relation indicative of data to perform the query upon and at least one privacy parameter indicative of a level of differential privacy with which to perform the query; determining a noise type for the query based on a preset configuration of the differentially private system; generating a representation of probabilistic privacy loss for the query based on the determined noise type; determining a privacy spend for the query using the generated representation of probabilistic privacy loss; determining whether the determined privacy spend exceeds a privacy budget associated with the client; and responsive to determining the determined privacy spend exceeds the privacy budget associated with the client, blocking the query. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
a processor; and a non-transitory computer-readable storage medium storing computer program instructions executable by the processor to perform operations for bounding privacy spend for a query to a database storing restricted data, the query received by a differentially private system, the operations comprising; receiving a database query from the client, the database query comprising a relation indicative of data to perform the query upon and at least one privacy parameter indicative of a level of differential privacy with which to perform the query; determining a noise type for the query based on a preset configuration of the differentially private system; generating a representation of probabilistic privacy loss for the query based on the determined noise type; determining a privacy spend for the query using the generated representation of probabilistic privacy loss; determining whether the determined privacy spend exceeds a privacy budget associated with the client; and responsive to determining the determined privacy spend exceeds the privacy budget associated with the client, blocking the query. - View Dependent Claims (16, 17, 18)
-
Specification