Schedule

The class is split into two parts: Basic Concepts, based on lectures and well-structured homeworks (01/19 – 03/23); and Applied Technologies, based on paper discussions and student-formulated projects (03/30 – 04/27). Below is the approximate schedule for both parts. While the dates of the midterm, homework deadlines, and project milestones/updates are fixed in stone, the specific topics and papers that will covered at each date may change up until the week before.

PART 1: Basic Concepts (01/19 – 03/23)

Lecture- and homework-based. Topics:

• Course introduction (01/19)

• Privacy attacks (01/19-01/26)
  • General privacy concerns in big data
  • Running example: privacy risks in modern ML ecosystems
  • Privacy attacks against anonymization, aggregates, models

• HW1 (privacy attacks) due: 02/08

• Differential privacy (DP) (02/02-02/16)
  • Defining privacy in statistical data analyses
  • DP definitions and interpretations
  • DP parameters and properties
  • DP mechanisms
  • Composite DP algorithms (DP LR, SGD and more)
  • Broader topics and connections to other properties of statistical analysis

• HW2 (differential privacy) due: 02/22

• Homomorphic encryption (HE) (02/23)
  • Limitations of traditional encryption (including in the context of modern ML ecosystems)
  • Homomorphic encryption and example schemes
  • Example system: homomorphic databases

• HW3 (homomorphic encryption) due: 03/08

• Hardware enclaves (03/02)
  • Basic concepts
  • Secure boot and remote attestation
  • Existing technologies and systems
• Private collaborative learning (above slide deck) (03/02,03/09)
  • Problem settings
  • Secure multi-party computation
  • Federated learning
  • Existing technologies and systems
• Putting it all together (above slide deck) (03/09)
  • Connections and tradeoffs of advanced privacy technologies
  • Composing them in systems to address privacy risks in modern ML ecosystems
• Midterm quiz (03/23)
  • Tests concepts learned in Part 1

PART 2: Applied Technologies (03/30 – 04/27)

Each class reserves 75 minutes for paper discussion and 30 minutes for per-team project updates. Papers focus on deployments or systems that apply the previously learned concepts in real-life settings. Schedule, with paper links (*):

• Part 2 introduction

• 03/30
  • Papers: privacy attacks in reality.
    • Carlini, Liu, Erlingsson, Kos, and Song, USENIX Security 2019. The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks
    • Garfinkel, Abowd, Martindale, Communications of the ACM, 2018. Understanding Database Reconstruction Attacks on Public Data
  • Project milestone: groups formed, topic picked; present proposal in class
• 04/06
  • Papers: differential privacy deployments.
    • Abowd, Ashmead, Garfinkel, et. al., Harvard Data Science Review 2022. The 2020 Census Disclosure Avoidance System TopDown Algorithm
    • Apple Differential Privacy Team, 2017. Learning with Privacy at Scale
  • Project milestone: related work reviewed, three specific steps identified; present related work and specific steps in class
• 04/13
  • Papers: differential privacy deployments, secure and private federated learning.
    • Desfontaines, 2021. A list of real-world uses of differential privacy
      • The above is not standard paper. Each “lead” picks a deployment (not covered in class), finds out more details about it, and presents it in class.
    • Bonawitz, Ivanov, Kreuter, et. al, CCS 2017. Practical Secure Aggregation for Privacy-Preserving Machine Learning
  • Project milestone: step 3 done; review of steps 1-2 and update on step 3 presented in class
• 04/20
  • Papers: DP system designs.
    • Rogers, Subramaniam, Peng, et. al., JPC 2021. LinkedIn’s Audience Engagements API: a Privacy Preserving Data Analytics System at Scale
    • Luo, Pan, Tholoniat, Cidon, Geambasu, and Lecuyer, OSDI 2021. Privacy Budget Scheduling
  • Project milestone: step 1 done; project update in class
• 04/27
  • Papers: homomorphic encryption and secret sharing, applied.
    • Popa, Redfield, Zeldovich, and Balakrishnan, SOSP 2011. CryptDB: Protecting Confidentiality with Encrypted Query Processing
    • Corrigan-Gibbs and Boneh, NSDI 2017. Prio: Private, Robust, and Scalable Computation of Aggregate Statistics
  • Project milestone: step 2 done; review of step 1 and update on stop 2 presented in class
• (Likely) 05/11
  • Final project presentations will be delivered during the final exam slot scheduled by the Registrar (specific date will be decided by Registrar).

---

(*) We are distributing the papers from our own repository to avoid problems with unstable Internet links. The originals can be easily found by searching for papers’ titles/authors.