Schedule

This class is organized in a sequence of topics. For each topic, we first cover basic concepts in an instructor-driven lecture, after which we read papers on the topic and discuss them in class. Below is the approximate class schedule, along with major dates for homework deadlines, midterm, and project milestones.(*) While those dates are set in stone, the specific lecture topics and papers that will covered at each date may change up until the week before.

Topic 0: Course introduction

01/18 Lecture

Topic 1: Privacy risks and attacks

01/18 Lecture

• General privacy concerns in big data
• Running example: privacy risks in modern ML ecosystems
• Privacy attacks against anonymization, aggregates, models
• Demos of privacy attacks

01/25 Reading & discussion

• Nasr, Carlini, Hayase, et al., ArXiv 2023. Scalable Extraction of Training Data from (Production) Language Models. See also the associated blog post.
• Cohen, USENIX Security 2022. Attacks on Deidentification’s Defenses.

01/25 HW 1 assigned (due 02/08)

• HW 1 reading (no discussion in class): Carlini, Liu, Erlingsson, Kos, and Song, USENIX Security 2019. The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks.

Topic 2: Differential privacy (DP)

02/01 Lecture:

• Defining privacy in statistical data analysis
• DP definitions and interpretations
• DP parameters and semantics
• DP mechanisms
• Composite DP algorithms (DP LR, SGD, etc.)
• Code overviews, demos

02/08 Reading & discussion

• Vadhan, Tutorials on the Foundations of Cryptography 2017. The Complexity of Differential Privacy, Section 1 (pp. 3-13).
• Dwork, McSherry, Nissim and Smith, TCC 2006. Calibrating Noise to Sensitivity in Private Data Analysis.

02/08 HW1 due

02/08 HW2 assigned (due 02/22)

• HW 2 reading (no discussion in class): Lécuyer, Spahn, Vodrahalli, Geambasu and Hsu, SOSP 2019. Privacy Accounting and Quality Control in the Sage Differentially Private ML Platform.

Topic 3: DP deployments and systems

02/15 Reading & discussion

• Abowd, Ashmead, Garfinkel, et al., Harvard Data Science Review 2022. The 2020 Census Disclosure Avoidance System TopDown Algorithm.
• Adeleye, Berghel, Desfontaines, et al., PEPR 2022. Publishing Wikipedia usage data with strong privacy guarantees. See also the associated blog post.
• SHORT – Aktay, Bavadekar, Cossoul et al., ArXiv 2020. Google COVID-19 Community Mobility Reports: Anonymization Process Description. See also the associated blog post.

02/22 Reading & discussion

• Rogers, Subramaniam, Peng, et. al., JPC 2021. LinkedIn’s Audience Engagements API: a Privacy Preserving Data Analytics System at Scale.
• Luo, Pan, Tholoniat, Cidon, Geambasu, and Lecuyer, OSDI 2021. Privacy Budget Scheduling.
• SHORT – Berghel, Bohannon, Desfontaines, et al., TPDP 2023. Tumult Analytics: a robust, easy-to-use, scalable, and expressive framework for differential privacy.

02/22 HW2 due

Topic 4: Homomorphic encryption (HE)

02/29 Lecture:

• Limitations of traditional encryption for data exposure risks in (ML) clouds
• Homomorphic encryption and example schemes
• Example system: homomorphic databases
• Code overviews, demos

02/29 HW3 assigned

• HW3 reading (no discussion in class): Popa, Redfield, Zeldovich, and Balakrishnan, SOSP 2011. CryptDB: Protecting Confidentiality with Encrypted Query Processing.

03/07 Reading & discussion

• Viand, Jattke and Hithnawi, SP 2021. SoK: Fully Homomorphic Encryption Compilers.
• Ion, Kreuter, Nergiz et al., EuroSP 2020. On Deploying Secure Computing: Private Intersection-Sum-with-Cardinality. See also the associated blog post.
• SHORT – Popa, Redfield, Zeldovich, and Balakrishnan, SOSP 2011. CryptDB: Protecting Confidentiality with Encrypted Query Processing.

03/21 Midterm & project launch

• Project-related slides
• Main authoritative project instructions are on courseworks

03/21 HW3 due

Topic 5: Secure multiparty computation (MPC)

03/28 Lecture:

• Problem settings
• Secure multiparty computation
• Federated learning
• MPC protocols
• Existing systems

03/28 Project status update: team, selected project

04/04 Reading & discussion

• Corrigan-Gibbs and Boneh, NSDI 2017. Prio: Private, Robust, and Scalable Computation of Aggregate Statistics
• Kairouz, Liu and Steinke, ICML 2021. The Distributed Discrete Gaussian Mechanism for Federated Learning with Secure Aggregation.

04/04 Project status update: three-step execution plan

Topic 6: Private web advertising

04/11 Reading & discussion

• Private advertising proposal 1: Google’s Attribution Reporting API Summary Reports. See also the documentation.
• Private advertising proposal 2: The Hybrid Proposal by Meta and Mozilla.

04/11 Project status update: step 1 report

Topic 7: Compositions and tensions of privacy technologies

4/18 Lecture

• Connections and tradeoffs of advanced privacy technologies
• Composing them in systems to address privacy risks in modern ML ecosystems

04/18 Reading & discussion

• Bittau, Erlingsson, Maniatis et al., SOSP 2017. PROCHLO: Strong Privacy for Analytics in the Crowd.
• Margolin, Newatia, Luo, Roth and Haeberlen, SOSP 2023. Arboretum: A Planner for Large-Scale Federated Analytics with Differential Privacy.

04/18 Project status update: step 2 report

Topic 8: Beyond technology: legal and policy perspectives of privacy

04/25 Invited lecture

04/25 Project status update: step 3 report

Final project presentations

Final project presentations will be delivered on the final exam day as scheduled by the Registrar, though the timing is slightly modified.

---

(*) We are distributing the papers from our own repository to avoid problems with unstable Internet links. The originals can be easily found by searching for papers’ titles/authors.