Dynamic Enforcement of Differential Privacy
With recent privacy failures in the release of personal data, differential privacy received considerable attention in the research community.
This mathematical concept, despite its young age (Dwork et al., 2006), has grabbed the attention of many researchers for its robustness against identification of individuals even in presence of background information.
Besides that, its flexible definition makes it compatible with different data sources, data mining algorithms and data release models.
Its compositionality properties facilitate design of differential privacy aware programming languages and frameworks that empower non-experts to construct complex data mining analyses with proven differential privacy guarantees.
The goal of this research is to introduce new (and improve the current) differential privacy backed frameworks, prominent both in utility and flexibility of use.
We study dynamic enforcement of differential privacy both in the centralised model in which a trusted curator process data stored in a centralised database and the local model with no trust on the third party.
For the centralised model the thesis mostly focuses on the privacy impact of the basic building blocks used in these frameworks, proving correctness of the system built upon them.
%The correctness is important since some frameworks (in this case PINQ) derivate from theory without proper justification.
With respect to accuracy, we present personalised differential privacy as an improved method of enforcing privacy that provides better data utilisation and other benefits. In this setting, individuals take control of their privacy requirements rather than being seen as a part of a database. As a result, they can opt-in to a database with their expected privacy level and optionally opt-out later. We further study the privacy implication of other building blocks such as different kinds of sampling and partitioning.
For the local model we propose a general framework in which the users can verify the recieved analyses and with a flexible policy express their privacy preference in different forms such as enforcing their personalised privacy budget.