Data-driven technology is having an impressive impact on society but privacy concerns restrict the way data can be used and released. Differential privacy has emerged as a leading notion supporting efficient and accurate data analyses that respect privacy. But designing and implementing efficient differentially private data analyses with high utility can be challenging and error prone. Even privacy experts have released code with bugs or designed incorrect algorithms. Programming platforms and formal verification tools can assist data analysts in designing differentially private data analyses without bugs. However, the current approaches have two limitations: first, they support reasoning about privacy but not about accuracy and efficiency which are two other important aspects of data analyses; second, they support reasoning about idealized data analyses but not about their implementations on finite computers. The goal of this project is to overcome these two limitations by developing novel formal verification techniques and tools supporting formal reasoning combining privacy, accuracy, and efficiency guarantees for both data analyses, and their implementations. The results of this project will contribute to develop foundational methods for privacy-preserving technology which can benefit society by improving and promoting safer practices in handling private or sensitive data. Moreover, the project will support educational activities aimed at training students with a global view on data privacy and its practices, and outreach activities aimed at investigating ways in which privacy policies and standards can be impacted by the results of this research. The technical goal of this proposal is the theoretical and technological development of verification techniques and tools that can enable the design of data analyses that are private, accurate, efficient, and with verified implementations. To achieve this goal the project will focus on three concrete directions: first, it will develop formal verification techniques to reason in a formal way about the accuracy of differentially private data analyses; second, it will develop resource analysis techniques to reason about the efficiency of a data analysis in terms of computing time and space, and in terms of the number of needed data samples; third, it will develop reasoning techniques to verify the privacy, accuracy and efficiency of implementations of differentially private algorithms on finite computers. These techniques will be implement as a type-based verification framework, named FormalDP, which will thus support type-based formal reasoning combining privacy, accuracy and efficiency for data analyses and their implementations. The effectiveness of this approach will be assessed through experimental studies about the level of accuracy and efficiency that verified differentially private implementations can achieve.
CAREER: FormalDP: Formally Verified, Private, Accurate and Efficient Data Analysis