Privug: Quantifying Leakage using Probabilistic Programming for Privacy Risk Analysis

Disclosure of data analytics has important scientific and commercial justifications. However, no data shall be disclosed without a diligent investigation of risks posed for privacy of subjects. Do data analysts have the right tools to perform such investigations? Privug is a tool-supported method to explore information leakage properties of programs producing the analytics to be disclosed. It uses classical off-the-shelf tools for Bayesian programming, reinterpreting a regular program probabilistically. This in turn allows information-theoretic analysis of program behavior. For privacy researchers, the method provides a fast and lightweight way to experiment with privacy protection measures and mechanisms. We demonstrate that Privug is accurate, scalable, and applicable. We show how to use it to explore parameters of differential privacy, and how to benefit from a range of leakage estimators.