Many applications in our connected world utilize user data to provide data-driven services or to optimize processes. Therefore, there is a constant threat of data leaks. Although many companies follow data protection guidelines or laws that aim to protect the users' privacy, it can be challenging to quantify the exact amount of private information an application leaks about a user. In order to quantify the privacy leakage, several statistical privacy measures have been proposed in the past years [3]. While one well-known privacy measure is (Local) Differential Privacy [1], the semantics, i.e., the operational meaning of differential privacy, can be confusing.

A recently proposed privacy measure dubbed Point-wise Maximal Leakage [2] in contrast, is defined based on a particular adversarial model, providing a clear and concise operational meaning. This seminar topic focuses on the meaning and operational guarantees of Point-wise Maximal Leakage. Besides others, goals are to understand the underlying adversarial models and draw the connection to other privacy metrics, e.g., Differential Privacy.

[1] C. Dwork and A. Roth, "The algorithmic foundations of differential privacy", Found. Trends Theor. Comput. Sci., vol. 9, no. 3, pp. 211-407, 2014.

[2] S. Saeidian, G. Cervia, T. J. Oechtering and M. Skoglund, "Pointwise Maximal Leakage," in IEEE Transactions on Information Theory, vol. 69, no. 12, pp. 8054-8080, Dec. 2023, doi: 10.1109/TIT.2023.3304378.

[3] M. Bloch et al., "An overview of information-theoretic security and privacy: Metrics limits and applications", IEEE J. Sel. Areas Inf. Theory, vol. 2, no. 1, pp. 5-22, Mar. 2021.

• Proficiency in probability theory and statistics
• Basic knowledge in information theory can be beneficial

Federated learning is a machine learning paradigm that aims to learn collaboratively from decentralized private data owned by entities referred to as clients. However, due to its decentralized nature, federated learning is susceptible to model poisoning attacks, where malicious clients try to corrupt the learning process by modifying local model updates. Moreover, the updates sent by the clients might leak information about the private data involved in the learning. The goal of this work is to investigate and combine existing robust aggregation techniques in FL with differential privacy techniques.

References:

[1] - https://arxiv.org/pdf/2304.09762.pdf

[2] - https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9757841

[3] - https://dl.acm.org/doi/abs/10.1145/3465084.3467919

- Basic knowledge about machine learning and gradient descent optimization

- First experience with machine learning in python

- Undergraduate statistics courses

- Prior knowledge about differential privacy is a plus