Distributed Differential Privacy and Applications

Recent growth in the size and scope of databases has resulted in more research into making productive use of this data. Unfortunately, a significant stumbling block which remains is protecting the privacy of the individuals that populate these datasets. As people spend more time connected to the Internet, and conduct more of their daily lives online, privacy becomes a more important consideration, just as the data becomes more useful for researchers, companies, and individuals. As a result, plenty of important information remains locked down and unavailable to honest researchers today, due to fears that data leakages will harm individuals. Recent research in differential privacy opens a promising pathway to guarantee individual privacy while simultaneously making use of the data to answer useful queries. Differential privacy is a theory that provides provable information theoretic guarantees on what any answer may reveal about any single individual in the database. This approach has resulted in a flurry of recent research, presenting novel algorithms that can compute a rich class of computations in this setting. In this dissertation, we focus on some real world challenges that arise when trying to provide differential privacy guarantees in the real world. We design and build runtimes that achieve the mathematical differential privacy guarantee in the face of three real world challenges: securing the runtimes against adversaries, enabling readers to verify that the answers are accurate, and dealing with data distributed across multiple domains

DStress: Efficient Differentially Private Computations on Distributed Data

In this paper, we present DStress, a system that can efficiently perform computations on graphs that contain confidential data. DStress assumes that the graph is physically distributed across many participants, and that each participant only knows a small subgraph; it protects privacy by enforcing tight, provable limits on how much each participant can learn about the rest of the graph. We also study one concrete instance of this problem: measuring systemic risk in financial networks. Systemic risk is the likelihood of cascading bankruptcies – as, e.g., during the financial crisis of 2008 – and it can be quantified based on the dependencies between financial institutions; however, the necessary data is highly sensitive and cannot be safely disclosed. We show that DStress can implement two different systemic risk models from the theoretical economics literature. Our experimental evaluation suggests that DStress can run the corresponding computations in about five hours, whereas a na¨ıve approach could take several decades

The evolution of India’s industrial labour share and its correlates

There has been substantial recent interest in the decline of labour shares across countries. For the most part, attention has been focused on developed countries. We examine the evolution of India’s labour share in its formal industrial sector from 1983- 2014. Using two datasets corresponding to sectoral aggregate data and plant-level data respectively, we document a secular decline in the labour share across all sectors from 1983, with a stabilisation at very low levels (around 8 to 10 percent) starting around 2005. We then use the plant-level data to identify the reasons for the overall decline in the labour share. We find strong evidence to support multiple causes: increased capital intensity, greater informalisation, greater privatisation, and productivity increases in larger firms. As such, we suggest that the declines in labour share experienced are due to a composite set of factors. Conversely, other potential explanations (for example, regional variation in the labour share) have less explanatory power

Secure Network Provenance

This paper introduces secure network provenance (SNP), a novel technique that enables networked systems to explain to their operators why they are in a certain state – e.g., why a suspicious routing table entry is present on a certain router, or where a given cache entry originated. SNP provides network forensics capabilities by permitting operators to track down faulty or misbehaving nodes, and to assess the damage such nodes may have caused to the rest of the system. SNP is designed for adversarial settings and is robust to manipulation; its tamper-evident properties ensure that operators can detect when compromised nodes lie or falsely implicate correct nodes. We also present the design of SNooPy, a general-purpose SNP system. To demonstrate that SNooPy is practical, we apply it to three example applications: the Quagga BGP daemon, a declarative implementation of Chord, and Hadoop MapReduce. Our results indicate that SNooPy can efficiently explain state in an adversarial setting, that it can be applied with minimal effort, and that its costs are low enough to be practical

Mapping India’s Finances 60 Years of Flow of Funds

As a useful adjunct to other macroeconomic accounts, this paper describes financial flows between different sectors of the Indian economy from 1955 to 2015. It finds that the consolidated government sector has the largest net deficit, while the households sector has the largest net surplus. The private corporate sector is running larger deficits than at any other time in the past, implying more reliance on external credits. With liberalisation and globalisation, the rest of the world sector is now the second-largest net surplus sector in the economy

Diagnostic accuracy of non-invasive tests for advanced fibrosis in patients with NAFLD: an individual patient data meta-analysis

Objective Liver biopsy is still needed for fibrosis staging in many patients with non-alcoholic fatty liver disease. The aims of this study were to evaluate the individual diagnostic performance of liver stiffness measurement by vibration controlled transient elastography (LSM-VCTE), Fibrosis-4 Index (FIB-4) and NAFLD (non-alcoholic fatty liver disease) Fibrosis Score (NFS) and to derive diagnostic strategies that could reduce the need for liver biopsies. Design Individual patient data meta-analysis of studies evaluating LSM-VCTE against liver histology was conducted. FIB-4 and NFS were computed where possible. Sensitivity, specificity and area under the receiver operating curve (AUROC) were calculated. Biomarkers were assessed individually and in sequential combinations. Results Data were included from 37 primary studies (n=5735; 45% women; median age: 54 years; median body mass index: 30 kg/m2; 33% had type 2 diabetes; 30% had advanced fibrosis). AUROCs of individual LSM-VCTE, FIB-4 and NFS for advanced fibrosis were 0.85, 0.76 and 0.73. Sequential combination of FIB-4 cut-offs (<1.3; ≥2.67) followed by LSM-VCTE cut-offs (<8.0; ≥10.0 kPa) to rule-in or rule-out advanced fibrosis had sensitivity and specificity (95% CI) of 66% (63–68) and 86% (84–87) with 33% needing a biopsy to establish a final diagnosis. FIB-4 cut-offs (<1.3; ≥3.48) followed by LSM cut-offs (<8.0; ≥20.0 kPa) to rule out advanced fibrosis or rule in cirrhosis had a sensitivity of 38% (37–39) and specificity of 90% (89–91) with 19% needing biopsy. Conclusion Sequential combinations of markers with a lower cut-off to rule-out advanced fibrosis and a higher cut-off to rule-in cirrhosis can reduce the need for liver biopsies

Conclave: secure multi-party computation on big data (extended TR)

Secure Multi-Party Computation (MPC) allows mutually distrusting parties to run joint computations without revealing private data. Current MPC algorithms scale poorly with data size, which makes MPC on "big data" prohibitively slow and inhibits its practical use. Many relational analytics queries can maintain MPC's end-to-end security guarantee without using cryptographic MPC techniques for all operations. Conclave is a query compiler that accelerates such queries by transforming them into a combination of data-parallel, local cleartext processing and small MPC steps. When parties trust others with specific subsets of the data, Conclave applies new hybrid MPC-cleartext protocols to run additional steps outside of MPC and improve scalability further. Our Conclave prototype generates code for cleartext processing in Python and Spark, and for secure MPC using the Sharemind and Obliv-C frameworks. Conclave scales to data sets between three and six orders of magnitude larger than state-of-the-art MPC frameworks support on their own. Thanks to its hybrid protocols, Conclave also substantially outperforms SMCQL, the most similar existing system.Comment: Extended technical report for EuroSys 2019 pape

Unusual magnetic and transport properties in HoMn6_6Sn6_6 kagome magnet

With intricate lattice structures, kagome materials are an excellent platform to study various fascinating topological quantum states. In particular, kagome materials, revealing large responses to external stimuli such as pressure or magnetic field, are subject to special investigation. Here, we study the kagome-net HoMn$_6$Sn$_6$ magnet that undergoes paramagnetic to ferrimagnetic transition (below 376 K) and reveals spin-reorientation transition below 200 K. In this compound, we observe the topological Hall effect and substantial contribution of anomalous Hall effect above 100 K. We unveil the pressure effects on magnetic ordering at a low magnetic field from the pressure tunable magnetization measurement. By utilizing high-resolution angle-resolved photoemission spectroscopy, Dirac-like dispersion at the high-symmetry point K is revealed in the vicinity of the Fermi level, which is well supported by the first-principles calculations, suggesting a possible Chern-gapped Dirac cone in this compound. Our investigation will pave the way to understand the magneto-transport and electronic properties of various rare-earth-based kagome magnets