Indrajit Roy, Srinath Setty, Ann Kilzer, Vitaly Shmatikov, and Emmett Witchel

Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI) 2010.

View PDF or BibTeX.

areas
Distributed Systems, Operating Systems, Security

abstract
We present Airavat, a MapReduce-based system which provides strong security and privacy guarantees for distributed computations on sensitive data. Airavat is a novel integration of mandatory access control and differential privacy. Data providers control the security policy for their sensitive data, including a mathematical bound on potential privacy violations. Users without security expertise can perform computations on the data, but Airavat confines these computations, preventing information leakage beyond the data provider’s policy. Our prototype implementation demonstrates the flexibility of Airavat on several case studies. The prototype is efficient, with run times on Amazon’s cloud computing infrastructure within 32% of a MapReduce system with no security.