• DocumentCode
    154042
  • Title

    Proving Differential Privacy in Hoare Logic

  • Author

    Barthe, Gilles ; Gaboardi, Marco ; Gallego Arias, Emilio Jesus ; Hsu, Justin ; Kunz, Cesar ; Strub, Pierre-Yves

  • Author_Institution
    IMDEA Software Inst., Madrid, Spain
  • fYear
    2014
  • fDate
    19-22 July 2014
  • Firstpage
    411
  • Lastpage
    424
  • Abstract
    Differential privacy is a rigorous, worst-case notion of privacy-preserving computation. Informally, a probabilistic program is differentially private if the participation of a single individual in the input database has a limited effect on the program´s distribution on outputs. More technically, differential privacy is a quantitative 2-safety property that bounds the distance between the output distributions of a probabilistic program on adjacent inputs. Like many 2-safety properties, differential privacy lies outside the scope of traditional verification techniques. Existing approaches to enforce privacy are based on intricate, non-conventional type systems, or customized relational logics. These approaches are difficult to implement and often cumbersome to use. We present an alternative approach that verifies differential privacy by standard, non-relational reasoning on non-probabilistic programs. Our approach transforms a probabilistic program into a non-probabilistic program which simulates two executions of the original program. We prove that if the target program is correct with respect to a Hoare specification, then the original probabilistic program is differentially private. We provide a variety of examples from the differential privacy literature to demonstrate the utility of our approach. Finally, we compare our approach with existing verification techniques for privacy.
  • Keywords
    data privacy; formal logic; Hoare logic; Hoare specification; differential privacy literature; many 2-safety properties; nonprobabilistic programs; nonrelational reasoning; privacy-preserving computation; quantitative 2-safety property; verification techniques; worst-case notion; Data privacy; Databases; Privacy; Probabilistic logic; Safety; Standards; Synchronization; differential privacy; hoare logic; privacy; probabilistic hoare logic; relational hoare logic; verification;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Foundations Symposium (CSF), 2014 IEEE 27th
  • Conference_Location
    Vienna
  • Type

    conf

  • DOI
    10.1109/CSF.2014.36
  • Filename
    6957126