Doctoral Thesis: Automated and Provable Privatization for Black-Box Processing
G882
By: Hanshen Xiao
Thesis Supervisor Srini Devadas
Details
- Date: Monday, August 12
- Time: 2:00 pm - 3:00 pm
- Category: Thesis Defense
- Location: G882
Additional Location Details:
Abstract: Can we automatically and provably quantify and control the information leakage from a black-box processing? From a statistical inference standpoint, in this talk, I will start from a unified framework to summarize existing privacy definitions based on input-independent indistinguishability and unravel the fundamental challenges in crafting privacy proof for general data processing. Yet, the landscape shifts when we gain access to the (still possibly black-box) secret generation. By carefully leveraging its entropy, we unlock the black-box analysis. This breakthrough enables us to automatically “learn” the underlying inference hardness for an adversary to recover arbitrarily-selected sensitive features fully through end-to-end simulations without any algorithmic restrictions. Meanwhile, a set of new information-theoretical tools will be introduced to efficiently minimize additional noise perturbation assisted with sharpened adversarially adaptive composition. I will also unveil the win-win situation between the privacy and stability for simultaneous algorithm improvements. Concrete applications will be given in diverse domains, including privacy-preserving machine learning on image classification and large language models, side-channel leakage mitigation and formalizing long-standing heuristic data obfuscations.
Host
- Hanshen Xiao
- Email: hsxiao@mit.edu