Paul Francis's Open Diffix project has released SynDiffix, an open-source Python package that generates statistically accurate, privacy preserving synthetic data from structured data. Using SynDiffix, a data owner can safely share data while retaining most of the statistical properties of the original data. Analysts can work with the synthetic data as though it were the original.

Using the novel techniques of sticky noise and range snapping, SynDiffix breaks new ground in data accuracy. It is 10 to 100 times more accurate than the open source tool CTGAN, and 5 to 10 times more accurate than the best commercial synthetic data generators. This makes SynDiffix particularly well suited to descriptive analytics like histograms, heatmaps, averages and standard deviations, column correlations, and so on. Like other tools, however, it can also be used for ML modeling. Francis is hopeful that SynDiffix will find wide practical use as well as motivate more research on synthetic data.

Two MPI-SWS faculty, Maria Christakis and Elissa Redmiles, have earned highly competitive Google Research Scholar awards. Maria Christakis's award was given for her research on metamorphic specification and testing of machine-learning models and Elissa Redmiles's award was given for her research on aligning technical data privacy protections with user concerns.

The Google Research Scholar Program provides unrestricted gifts of up to $60,000 to support research at institutions around the world and is focused on funding world-class research conducted by early-career professors. Award proposals go through an internal, merit-based review process and selected faculty can receive a Google Research Scholar award only once in their career. Award recipients are assigned a liaison at the company to share findings with and as a point of contact for further collaboration.

Open Diffix is an MPI-SWS-supported open software project to develop strong but usable data anonymization. Open Diffix is built on the data anonymization technology Diffix, which has been developed in a research partnership between the group of Paul Francis and Aircloak GmbH. Open Diffix recently released its first tool, "Diffix for Desktop". Designed with extreme ease-of-use in mind, Diffix for Desktop can be used by non-experts to safely release sensitive data to the public. Diffix for Desktop frees users from concerns about anonymity, allowing them to focus on data quality.

MPI-SWS faculty member Elissa Redmiles, along with collaborators Samuel Dooley and Professor John Dickerson from the University of Maryland as well as Professor Dana Turjeman from Reichman University, helped the Louisiana Department of Health advertise their COVID19 contact tracing app. As part of this work, the researchers conducted a randomized, controlled field experiment to provide guidance to other jurisdictions on how to most effectively and ethically advertise these public health tools.The Linux Public Health Foundation has featured their findings as guidance for other jurisdictions looking to advertise their contact tracing apps.

This work is part of a larger project Redmiles leads on ethical adoption of COVID 19 apps: https://covidadoptionproject.mpi-sws.org/.

MPI-SWS faculty member Elissa Redmiles was quoted in Rolling Stone, El Pais -- Spain's largest newspaper -- and in NetzPolitik regarding ongoing research in collaboration with MPI-SWS group member Vaughn Hamilton and MPI-SWS Intern Hanna Barakat (also at Brown University) on the shift toward digital sex work as a result of COVID19, as well as her work with collaborators Catherine Barwulor (Clemson University), Allison McDonald (University of Michigan), and Eszter Hargittai (University of Zurich) on digital discrimination against European sex workers, originally published in ACM CHI.

Ralf Jung's doctoral dissertation on "Understanding and Evolving the Rust Programming Language" has received the ACM Doctoral Dissertation Award Honorable Mention. The ACM Doctoral Dissertation Award is considered to be one of the most prestigious international dissertation awards in the area of computer science, and there are only two Honorable Mentions given for the award each year. The Honorable Mention Award comes with a prize of $10,000 and an invitation to accept the award at the annual ACM Awards Banquet in San Francisco.

Ralf's work has previously received the ETAPS Doctoral Dissertation Award and the Otto Hahn Medal, as well as being featured in the April 2021 issue of Communications of the ACM in an article entitled "Safe Systems Programming in Rust". For more details see the Saarland Informatics Campus press release.

Aastha Mehta, a doctoral student in the Distributed Systems group and the Security & Privacy group, has accepted a position as a tenure-track assistant professor in the Department of Computer Science at University of British Columbia, Vancouver, Canada. Congratulations Aastha!

Aastha's research interests span systems security, data privacy, operating systems, and distributed systems. She has worked on building systems for ensuring policy compliance and for mitigating network side-channel leaks in online services. You can find out more about her work at https://people.mpi-sws.org/~aasthakm/.

On January 9, 2020, MPI-SWS faculty member Paul Francis published the article Dear Differential Privacy: Put Up or Shut Up, on Medium. The article, which has now reached 1000 views, describes the failure of Differential Privacy as the basis for data protection in the Facebook / Social Sciences One project.

The Facebook / Social Sciences One project is an attempt to release Facebook data on URL sharing to researchers so as to better understand the role of Facebook in influencing elections. The project raised 11 million dollars from private funders, and research grants were awarded to twelve research teams around the world. Facebook decided to use Differential Privacy as the means of anonymizing the data. After one year, however, Facebook had not supplied the data. When the funders threatened to pull the funding, Facebook did release a dataset, but the quality of the data was so poor that the proposed research could not be done.

Francis' article describes how and why the data release failed, discusses the shortcomings of Differential Privacy, and calls on the privacy research community to expand the scope of what passes for valid data anonymity research.

The paper "ERIM: Secure, Efficient, In-process Isolation with Memory Protection Keys (MPK)" received a Distinguished Paper Award at the 2019 Usenix Security Symposium. It was selected as one of 6 distinguished papers out of 113 papers that appeared in the conference proceedings.

The work was also selected as the recipient of the Usenix Internet Defense Prize, along with a USD 100k gift from Facebook to support  further development of the technology.

The paper was authored by MPI-SWS doctoral students Anjo Vahldiek-Oberwagner, Eslam Elnikety, and Michael Sammler, along with MPI-SWS intern Nuno Duarte and MPI-SWS faculty members Deepak Garg and Peter Druschel.

Read more about ERIM here.

A long-standing problem both within research and in society generally is that of how to analyze data about people without risking the privacy of those people. There is an ever-growing amount of data about people: medical, financial, social, government, geo-location, etc. This data is very valuable in terms of better understanding ourselves. Unfortunately, analyzing the data in its raw form carries the risk of exposing private information about people.

The problem of how to analyze data while protecting privacy has been around for more than 40 years---ever since the first data processing systems were developed. Most workable solutions are ad hoc: practitioners try things like removing personally identifying information (e.g. names and addresses), aggregating data, removing outlying data, and even swapping some data between individuals. This process can work reasonably well, but it is time-consuming, requires substantial expertise to get right, and invariably limits the accuracy of the analysis or the types of analysis that can be done.

A holy grail within computer science is to come up with an anonymization system that has formal guarantees of anonymity and provides good analytics. Most effort in this direction has focused on two ideas, K-anonymity and Differential Privacy. Both can provide strong anonymity, but except in rare cases neither can do so while still providing adequate analytics. As a result, common practice is still to use informal ad hoc techniques with weak anonymization, and to mitigate risk by for instance sharing data only with trusted partners.

The European Union has raised the stakes with the General Data Protection Regulation (GDPR). The GDPR has strict rules on how personal data may be used, and threatens large fines to organizations that do not follow the rules. However, GDPR says that if data is anonymous, then it is not considered personal and does not fall under the rules. Unfortunately, there are no precise guidelines on how to determine if data is anonymous or not. Member states are expected to come up with certification programs for anonymity, but do not know how to do so.

This is where we come in. Paul Francis' group, in research partnership with the startup Aircloak, has been developing an anonymizing technology called Diffix over the last five years. Diffix is an empirical, not a formal technology, and so the question remains "how anonymous is Diffix?" While it may not be possible to precisely answer that question, one way we try to answer that question is through a bounty program: we pay attackers who can demonstrate how to compromise anonymity in our system. Last year we ran the first (and still only) bounty program for anonymity. The program was successful in that some attacks were found, and in the process of designing defensive measures, Diffix has improved.

In order to run the bounty program, we naturally needed a measure of anonymity so that we could decide how much to pay attackers. We designed a measure based on how much confidence an attacker has in a prediction of an individual's data values, among other things. At some point, we realized that our measure applies not just to attacks on Diffix, but to any anonymization system. We also realized that our measure might be useful in the design of certification programs for anonymity.

We decided to develop a general score for anonymity, and to build tools that would allow anyone to apply the measure to any anonymization technology. The score is called the GDA Score, for General Data Anonymity Score.

The primary strength of the GDA Score is that it can be applied to any anonymization method, and therefore is apples-to-apples. The primary weakness is that it is based on empirical attacks (real attacks against real systems), and therefore the score is only as good as the attacks themselves. If there are unknown attacks on a system, then the score won't reflect this and may therefore make a system look more anonymous than it is.

Our hope is that over time enough attacks will be developed that we can have high confidence in the GDA Score. Towards that end, we've started the Open GDA Score Project. This is a community effort to provide software and databases in support of developing new attacks, and a repository where the scores can be viewed. We recently launched the project in the form of a website, www.gda-score.org, and some initial tools and simple attacks. We will continue to develop tools and new attacks, but our goal is to attract broad participation from the community.

For more information, visit www.gda-score.org.

We have launched the Open GDA Score Project at www.gda-score.org.  This is an open project to develop a set of tools and databases to generate anonymity scores for any data anonymization technique. The GDA Score, which stands for General Data Anonymity Score, is the first data anonymization measurement methodology that works with any anonymization technique. The GDA Score is a generalization of the measurement technique developed by Francis' group for the Diffix bounty program run last year. This was the first bounty program for anonymity. The GDA Score is of particular interest in Europe, where member states are expected to produce certification programs for anonymity.

MPI-SWS faculty member Krishna Gummadi and MPI-SWS alumnus Alan Mislove have been awarded a "Secure the Internet" grant by Facebook. Their proposal, “Towards privacy-protecting aggregate statistics in PII-based targeted advertising,” has been awarded $60,000 to develop techniques for revealing advertising statistics that provide hard guarantees of user privacy, based on a (principles-first) approach. Their goal is to develop a differential privacy-like approach that can be applied to existing advertising systems.

The Facebook "Secure the Internet" grant program is designed to improve the security, privacy, and safety of internet users. Gummadi and Mislove's proposal was one of only 10 winning proposals, which were together awarded more than $800,000 by Facebook.

The French Data Protection Authority CNIL has recognized the benefits of Diffix anonymization by republishing an article by Paul Francis in which the utility of Diffix anonymization is highlighted. Diffix is the anonymization technology developed in joint research between Francis' group and Aircloak GmbH.

Last year, CNIL published an article titled "Can anonymized data still be useful." The purpose of the article was to demonstrate that strong anonymization does not necessarily prevent useful analytics. In this work, CNIL uses K-anonymity on the New York City taxi database. Inspired by this effort, Francis shows that Diffix can be used for a wide range of analysis on the NYC taxi database, including trip times to LaGuardia airport, taxi driver work profiles, and congestion in the Manhattan financial district.

CNIL re-published the article under the title "Anonymity vs. Utility: Another shot at Anonymizing the New York City taxi dataset".

Bug bounty programs are a popular way to find security flaws in deployed systems. We are the first to use a bounty program to find flaws in anonymization schemes, namely the anonymization scheme we designed called Diffix. We take an empirical approach to anonymization rather than the more common formal approach. The empirical approach leads to anonymization schemes with high utility, but also uncertainties about the anonymization properties. The bounty program helps build understanding and confidence in Diffix. To learn more, visit challenge.aircloak.com

The session, entitled “Challenges and Strategies for Certifying Data Anonymization for Data Sharing,” brings together technical and legal experts to explore how Data Protection Officers (DPOs) can manage the complexities and uncertainties of GDPR-compliant data anonymization. The IAPP Congress will be held November 7-9 in Brussels.

Session Abstract:

Data sharing is increasingly important. Companies share data internally across business units to gain business insights, they share data externally with data analytics vendors, and they often share data simply to make money. Ensuring the anonymity of users in the data set is necessary. The process of approving or certifying anonymization however is costly, time consuming, and uncertain. Current approaches to anonymization are ad hoc at best. They require a custom strategy for each new data sharing scenario, and it is often unclear whether the data is really anonymized or not.

In this informative and lively session, corporate DPOs, vendors of analytics solutions, and privacy researchers share their experiences with data anonymization and the approval process. They provide case studies illustrating the pitfalls of "do it yourself" anonymization, and show how some new ready-for-use anonymization can eliminate the delays and guesswork of data anonymization.

Paul Francis will give the keynote address at the Oakland (IEEE S&P) Workshop on Privacy Engineering. The talk, entitled "The Diffix Framework: Revisiting Noise, Again", presents the first database anonymization system that exhibits low noise, unlimited queries, simple configuration, and rich query semantics while still giving strong anonymity.

The workshop will be held May 25 in San Jose, CA.

Talk Abstract:

For over 40 years, the holy grail of database anonymization is a system that allows a wide variety of statistical queries with minimal answer distortion, places no limits on the number of queries, is easy to configure, and gives strong protection of individual user data.  This keynote presents Diffix, a database anonymization system that promises to finally bring us within reach of that goal.  Diffix adds noise to query responses, but "fixes" the noise to the response so that repeated instances of the same response produce the same noise.  While this addresses the problem of averaging attacks, it opens the system to "difference attacks" which can reveal individual user data merely through the fact that two responses differ.  Diffix proactively examines queries and responses to defend against difference attacks.  This talk presents the design of Diffix, gives a demo of a commercial-quality implementation, and discusses shortcomings and next steps.

The paper "A Broad View of the Ecosystem of Socially Engineered Exploit Documents" was accepted at NDSS '17 (Network and Distributed System Security Symposium).  The authors include Stevens Le Blond, Cédric Gilbert, Utkarsh Upadhyay, and Manuel Gomez Rodriguez from MPI-SWS, as well as David Choffnes from Northeastern University.

Our understanding of exploit documents as a vector to deliver targeted malware is limited to a handful of studies done in collaboration with the Tibetans, Uyghurs, and political dissidents in the Middle East. In this measurement study, we present a complementary methodology relying only on publicly available data to capture and analyze targeted attacks with both greater scale and depth. In particular, we detect exploit documents uploaded over one year to a large anti-virus aggregator (VirusTotal) and then mine the social engineering information they embed to infer their likely targets and contextual information of the attacks. We identify attacks against two ethnic groups (Tibet and Uyghur) as well as 12 countries spanning America, Asia, and Europe. We then analyze the exploit documents dynamically in sandboxes to correlate and compare the exploited vulnerabilities and malware families targeting different groups. Finally, we use machine learning to infer the role of the uploaders of these documents to VirusTotal (i.e., attacker, targeted victim, or third-party), which enables their classification based only on their metadata, without any dynamic analysis. We make our datasets available to the academic community.

MPI-SWS Ph.D. student Aastha Mehta was selected to attend the 4th annual Heidelberg Laureate Forum in September 2016. An international committee of experts selected Aastha for one of only 200 spots reserved for young computer scientists and mathematicians from around the world. In addition to participating in the forum, she was one of 6 researchers invited for a blog interview. Aastha was provided funding to attend the forum through a Romberg Grant.

The Heidelberg Laureate Forum gives young computer science and math researchers the opportunity to interact with some of the world's top scientists. The twenty speakers for the 2016 Forum, for example, include 12 different Turing Award winners, as well as numerous winners of the Fields Medal and the Abel Prize.

MPI-SWS spinoff Aircloak has won the 2014 Cisco Internet of Things (IoT) Security Grand Challenge. Aircloak was selected for its innovative approach to privacy protection—it is building the world's first anonymized analytics system. As a grand challenge award winner, Aircloak was awarded a $75,000 cash prize and was showcased at the IoT World Forum. In addition, the award also provides the Aircloak team with mentoring, training and access to business expertise from Cisco and other supporting organizations, as well as potential investment and partnering opportunities in the future. For more info see the Cisco award announcement (in English or in German), and the Cisco blog.

MPI-SWS directors Peter Druschel and Rupak Majumdar, along with Gerhard Weikum (Scientific Director at the MPI for Informatics) and Michael Backes (MPI-SWS Fellow and Professor at Saarland University), have jointly been awarded the prestigious ERC Synergy Grant.

Over the next six years their project "imPACT: Privacy, Accountability, Compliance, and Trust in Tomorrow's Internet" will receive almost 10 million euros, which will allow them to explore how to protect users against eavesdropping and fraud on the Internet without restricting trade, freedom of expression or access to information.

We are pleased to announce that three new faculty will join MPI-SWS this fall.

Björn Brandenburg is joining us from the University of North Carolina at Chapel Hill (UNC), where he obtained his Ph.D. in computer science. Björn's research interests include multiprocessor real-time system, real-time synchronization protocols, and operating systems. Björn is the lead designer and developer of LITMUS^RT, an extension of the Linux kernel for real-time scheduling and synchronization on multicore platforms.

Deepak Garg is joining us from the Cybersecurity Lab (CyLab) at Carnegie Mellon University, where he was a post-doctoral researcher. He obtained his Ph.D. from Carnegie Mellon's Computer Science Department. His research interests are in the areas of computer security and privacy, formal logic and programming languages. He is specifically interested in logic-based models of secure systems and formal analysis of security properties of systems.

Ruzica Piskac is joining us from EPFL, where she has completed her Ph.D. in computer science. The goal of her research is to make software development easier and software more reliable via automated reasoning techniques. She is specifically interested in decision procedures, their combinations and applications in program verification and software synthesis.

MPI-SWS fellow Michael Backes has been honored as a recipient of the ERC Starting Grant 2009. Michael was also recently selected by the editors of Technology Review as one of the 35 young innovators under the age of 35 whose work they found most exciting.

The ERC Starting Grant was established in 2007 by the European Research Council to support up-and-coming research leaders in Europe. Recipients are selected based upon "outstanding track-record of early achievements appropriate to their research field and career stage."

Michael's 2009 Young Innovator award is based on his work proving that Internet security protocols can really be trusted. Software designed by Backes' group can prove in less than a second whether an Internet protocol is truly secure.

Michael received his Ph.D. from Saarland University in 2002. He was a Research Staff Member at the IBM Zurich Research laboratory before accepting his current position as a professor at Saarland University in 2006. He was named a fellow of the Max-Planck Institute for Software Systems in 2007.

In the spring of 2009, MPI-SWS graduated its first four PhD students—Andreas Haeberlen, Alan Mislove, Animesh Nandi, and Atul Singh. All four students have landed competitive academic or research positions in a very tight job market.

This fall, Andreas Haeberlen will be an Assistant Professor at the University of Pennsylvania, Alan Mislove will be an Assistant Professor at Northeastern University, Animesh Nandi will be a researcher at Bell Labs, India, and Atul Singh will be a researcher at NEC Labs, Princeton. The students received their PhD degrees from Rice University after spending the last several years of their graduate studies at MPI-SWS.