Paul Francis to give keynote at Oakland ’17 Workshop on Privacy Engineering
Paul Francis will give the keynote address at the Oakland (IEEE S&P) Workshop on Privacy Engineering. The talk, entitled „The Diffix Framework: Revisiting Noise, Again“, presents the first database anonymization system that exhibits low noise, unlimited queries, simple configuration, and rich query semantics while still giving strong anonymity.
The workshop will be held May 25 in San Jose, CA.
For over 40 years, the holy grail of database anonymization is a system that allows a wide variety of statistical queries with minimal answer distortion, places no limits on the number of queries, is easy to configure, and gives strong protection of individual user data. This keynote presents Diffix, a database anonymization system that promises to finally bring us within reach of that goal. Diffix adds noise to query responses, but „fixes“ the noise to the response so that repeated instances of the same response produce the same noise. While this addresses the problem of averaging attacks, it opens the system to „difference attacks“ which can reveal individual user data merely through the fact that two responses differ. Diffix proactively examines queries and responses to defend against difference attacks. This talk presents the design of Diffix, gives a demo of a commercial-quality implementation, and discusses shortcomings and next steps.