Group and Attack: Auditing Differential Privacy

OPEN ACCESS

Downloads

Full text (published version) (PDF, 2.01 MB)

Author / Producer

Lokna, Johan Paradis, Anouk Dimitrov, Dimitar Iliev

Date

2023-11

Publication Type

Conference Paper

ETH Bibliography

yes

Citations

Altmetric
OPEN ACCESS

Downloads

Full text (published version) (PDF, 2.01 MB)

Data

Rights / License

Creative Commons Attribution 4.0 International north_east

Abstract

(ε, δ) differential privacy has seen increased adoption recently, especially in private machine learning applications. While this privacy definition allows provably limiting the amount of information leaked by an algorithm, practical implementations of differentially private algorithms often contain subtle vulnerabilities. This motivates the need for effective tools that can audit (ε, δ) differential privacy algorithms before deploying them in the real world. However, existing state-of-the-art-tools for auditing (ε, δ) differential privacy directly extend the tools for ε-differential privacy by fixing either ε or δ in the violation search, inherently restricting their ability to efficiently discover violations of (ε, δ) differential privacy.We present a novel method to efficiently discover (ε, δ) differential privacy violations based on the key insight that many (ε, δ) pairs can be grouped as they result in the same algorithm. Crucially, our method is orthogonal to existing approaches and, when combined, results in a faster and more precise violation search.We implemented our approach in a tool called Delta-Siege and demonstrated its effectiveness by discovering vulnerabilities in most of the evaluated frameworks, several of which were previously unknown. Further, in 84\% of cases, Delta-Siege outperforms existing state-of-the-art auditing tools. Finally, we show how Delta-Siege outputs can be used to find the precise root cause of vulnerabilities, an option no other differential privacy testing tool currently offers.

Permanent link

https://doi.org/10.3929/ethz-b-000645623

Publication status

published

External links

https://doi.org/10.1145/3576915.3616607 north_east

Editor

Book title

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Journal / series

Volume

Pages / Article No.

1905 - 1918

Publisher

Association for Computing Machinery

Event

30th ACM SIGSAC Conference on Computer and Communications Security (CCS 2023)

Edition / version

Methods

Software

Geographic location

Date collected

Date created

Subject

Differential privacy; Auditing

Organisational unit

03948 - Vechev, Martin / Vechev, Martin check_circle

Notes

Funding

Related publications and datasets

More

Show all metadata