22 research outputs found
Verifying and Synthesizing Constant-Resource Implementations with Types
We propose a novel type system for verifying that programs correctly
implement constant-resource behavior. Our type system extends recent work on
automatic amortized resource analysis (AARA), a set of techniques that
automatically derive provable upper bounds on the resource consumption of
programs. We devise new techniques that build on the potential method to
achieve compositionality, precision, and automation.
A strict global requirement that a program always maintains constant resource
usage is too restrictive for most practical applications. It is sufficient to
require that the program's resource behavior remain constant with respect to an
attacker who is only allowed to observe part of the program's state and
behavior. To account for this, our type system incorporates information flow
tracking into its resource analysis. This allows our system to certify programs
that need to violate the constant-time requirement in certain cases, as long as
doing so does not leak confidential information to attackers. We formalize this
guarantee by defining a new notion of resource-aware noninterference, and prove
that our system enforces it.
Finally, we show how our type inference algorithm can be used to synthesize a
constant-time implementation from one that cannot be verified as secure,
effectively repairing insecure programs automatically. We also show how a
second novel AARA system that computes lower bounds on resource usage can be
used to derive quantitative bounds on the amount of information that a program
leaks through its resource use. We implemented each of these systems in
Resource Aware ML, and show that it can be applied to verify constant-time
behavior in a number of applications including encryption and decryption
routines, database queries, and other resource-aware functionality.Comment: 30, IEEE S&P 201
Privacy-Aware Eye Tracking Using Differential Privacy
With eye tracking being increasingly integrated into virtual and augmented
reality (VR/AR) head-mounted displays, preserving users' privacy is an ever
more important, yet under-explored, topic in the eye tracking community. We
report a large-scale online survey (N=124) on privacy aspects of eye tracking
that provides the first comprehensive account of with whom, for which services,
and to what extent users are willing to share their gaze data. Using these
insights, we design a privacy-aware VR interface that uses differential
privacy, which we evaluate on a new 20-participant dataset for two privacy
sensitive tasks: We show that our method can prevent user re-identification and
protect gender information while maintaining high performance for gaze-based
document type classification. Our results highlight the privacy challenges
particular to gaze data and demonstrate that differential privacy is a
potential means to address them. Thus, this paper lays important foundations
for future research on privacy-aware gaze interfaces.Comment: 9 pages, 8 figures, supplementary materia
A type III complement factor D deficiency: Structural insights for inhibition of the alternative pathway.
Abstract
Background: Complement factor D (FD) is the rate-limiting enzyme of the alternative complement pathway. Previous reports of FD deficiency featured absent plasma FD (type I deficiency) and susceptibility to meningococcal infection. A new FD mutant, which is non-functional but fully expressed, was identified in a patient with invasive meningococcal disease.
Objectives: We sought to investigate the molecular features of this novel FD mutant.
Methods: We performed complement haemolytic assays, western blot analysis of serum FD and Sanger sequencing of the CFD gene. Recombinant mutant FD was assessed by in vitro catalytic assays, circular dichroism, thermal shift assays, esterolytic assays and surface plasmon resonance. Molecular dynamics simulation was used to visualise the structural changes in mutant FD.
Results: A homozygous single-nucleotide variation of the CFD gene in the patient and their sibling resulted in an arginine to proline (R176P) substitution in FD. While R176P FD was stable and fully expressed in blood, it had minimal catalytic activity. Mutation R176P caused key FD-C3bB binding exosite loop 156-162 to lose its binding-competent conformation and stabilised the inactive conformation of FD. Consequently, R176P FD was unable to bind its natural substrate, C3bB. Neither patient nor sibling demonstrated the glucose homeostasis impairment that occurs in FD-null mice.
Conclusions: Here, we report the first genetically confirmed functional, or type III, deficiency of an activating complement serine protease. This novel mechanism of FD inhibition can inform further development of alternative pathway inhibitors to treat common inflammatory diseases such as age-related macular degeneration
Using GANs for Sharing Networked Time Series Data: Challenges, Initial Promise, and Open Questions
Limited data access is a longstanding barrier to data-driven research and
development in the networked systems community. In this work, we explore if and
how generative adversarial networks (GANs) can be used to incentivize data
sharing by enabling a generic framework for sharing synthetic datasets with
minimal expert knowledge. As a specific target, our focus in this paper is on
time series datasets with metadata (e.g., packet loss rate measurements with
corresponding ISPs). We identify key challenges of existing GAN approaches for
such workloads with respect to fidelity (e.g., long-term dependencies, complex
multidimensional relationships, mode collapse) and privacy (i.e., existing
guarantees are poorly understood and can sacrifice fidelity). To improve
fidelity, we design a custom workflow called DoppelGANger (DG) and demonstrate
that across diverse real-world datasets (e.g., bandwidth measurements, cluster
requests, web sessions) and use cases (e.g., structural characterization,
predictive modeling, algorithm comparison), DG achieves up to 43% better
fidelity than baseline models. Although we do not resolve the privacy problem
in this work, we identify fundamental challenges with both classical notions of
privacy and recent advances to improve the privacy properties of GANs, and
suggest a potential roadmap for addressing these challenges. By shedding light
on the promise and challenges, we hope our work can rekindle the conversation
on workflows for data sharing.Comment: Published in IMC 2020. 20 pages, 26 figure
ZØ: An Optimizing Distributing Zero-Knowledge Compiler
Applications increasingly rely on privacy-sensitive user data, but storing user’s data in the cloud creates challenges for the application provider, as concerns arise relating to the possibility of data leaks, responding to regulatory pressure, and initiatives such as DoNotTrack. However, storing data in the cloud is not the only option: a recent trend explored in several recent research projects has been to move functionality to the client. Because execution happens on the client, such as a mobile device or even in the browser, this alone provides a degree of privacy in the computation, with only relevant data disclosed to the server. However, in many cases moving functionality to the client conflicts with a need for computationa