Presented by:

A1f5b18aa0583df8ef30cb8198f2ccff

Celia Zhang

Google

Hello! I work at Google on a team enabling differentially private SQL queries.

F460ea48a86d4bee67fb8e5e579e9511

Royce Wilson

Google
71de107e9702cd9f043beed5b31b5a50

Bryant Gipson

Google
No video of the event yet, sorry!

Differential privacy (DP) provides formal guarantees that the output of a database query does not reveal too much information about any individual present in the database. While many differentially private algorithms have been proposed in the scientific literature, there are only a few end-to-end implementations of differentially private query engines. Crucially, existing systems assume that each individual is associated with at most one database record, which is unrealistic in practice.

In our paper “Differentially Private SQL with Bounded User Contribution”, we proposed a generic and scalable method to perform differentially private aggregations on databases, even when individuals can each be associated with arbitrarily many rows. We expressed this method as an operator in relational algebra, and implemented it in an internal SQL engine. To validate this system, we tested the utility of typical queries on industry benchmarks, and verified its correctness with a stochastic test framework we developed. We highlighted the promises and pitfalls learned when deploying such a system in practice, and we published its core components as open-source software (https://github.com/google/differential-privacy/).

It would be an exciting step for privacy to enable the capability of issuing differential private queries for PostgreSQL, as one of the leading open-source relational database management systems. In our open-sourced software we have created a Postgres extension adding anonymous statistical aggregation functions. These aggregation functions do not fully provide differentially private guarantees. In order to do so, the syntax trees in Postgres underlying DP queries must be additionally rewritten. We would like to explore the possibility of making this a Postgres community project.

In this workshop, we will provide a demo of our Postgres extension. We will relate examples using the extension back to the theoretical tenets of our privacy model. In addition, we will explore the extension’s privacy limitations and the steps we will need to take to provide a fully user-level differentially private mechanism. We will discuss privacy-conscious data design strategy and architecture.

Date:
2020 March 26 14:00
Duration:
3 h
Room:
Ziegfeld
Conference:
Postgres Conference 2020
Language:
Track:
Development
Difficulty:
Medium
Requires Registration:
Yes (Registered: 1/30)