Differential Privacy for SQL QueriesElastic Sensitivity and FLEXNoah Johnson, Joe Near, and Dawn SongAboutFLEX is a system for enforcing differential privacy for SQL queries that works with a standard SQL database. Elastic sensitivity represents the theory behind FLEX: it is the first tractable approach to leverage local sensitivity for queries with general equijoins. The key insight of our approach is to model the impact of each join in the query using precomputed metrics about the frequency of join keys in the true database. FLEX and elastic sensitivity are compatible with standard, unmodified SQL databases, support queries expressed in standard SQL, and integrate easily into existing data environments. Elastic sensitivity and components of FLEX are currently being deployed at Uber to provide differential privacy for the analytics pipeline used by analysts. PaperA paper describing elastic sensitivity and FLEX will appear at VLDB 2018. A preprint is available here: DownloadWe have released a full implementation of a differential privacy mechanism for SQL queries using elastic sensitivity, including the SQL analysis framework used to build it. The framework is designed to perform dataflow analyses over complex SQL queries. It provides an abstract representation of queries, plus several kinds of built-in dataflow analyses tailored to this representation. This framework can be used to implement other types of dataflow analyses and will soon support additional differential privacy mechanisms for SQL. The repository contains an example demonstrating how to use the analysis to enforce differential privacy for SQL queries. It is available here: |