DProvDB: Differentially Private Query Processing with Multi-Analyst Provenance

TL;DR

DProvDB introduces a fine-grained privacy management system for multiple data analysts, enabling more accurate query responses by tracking individual privacy loss and allocating budgets based on analyst trust levels.

Contribution

The paper presents DProvDB, a novel framework that tracks privacy loss per analyst and optimizes privacy budget allocation in multi-analyst differential privacy systems.

Findings

Maximizes the number of accurate queries under fixed privacy budgets.

Allocates privacy budgets according to analyst privilege levels.

Enhances fairness and efficiency in privacy budget usage.

Abstract

Recent years have witnessed the adoption of differential privacy (DP) in practical database systems like PINQ, FLEX, and PrivateSQL. Such systems allow data analysts to query sensitive data while providing a rigorous and provable privacy guarantee. However, the existing design of these systems does not distinguish data analysts of different privilege levels or trust levels. This design can have an unfair apportion of the privacy budget among the data analyst if treating them as a single entity, or waste the privacy budget if considering them as non-colluding parties and answering their queries independently. In this paper, we propose DProvDB, a fine-grained privacy provenance framework for the multi-analyst scenario that tracks the privacy loss to each single data analyst. Under this framework, when given a fixed privacy budget, we build algorithms that maximize the number of queries that could be answered accurately and apportion the privacy budget according to the privilege levels of the data analysts.