Cohere: Privacy Management in Large Scale Systems

The need for a privacy management layer in today's systems started to manifest with the emergence of new systems for privacy-preserving analytics and privacy compliance. As a result, we began to see many independent efforts emerge that try to provide system support for privacy. Recently, the scope of privacy solutions used in systems has expanded to encompass more complex techniques such as Differential Privacy (DP). The use of these solutions in large-scale systems imposes new challenges and requirements. Careful planning and coordination are necessary to ensure that privacy guarantees are maintained across a wide range of heterogeneous applications and data systems. This requires new solutions for managing shared application state and allocating scarce and non-replenishable privacy resources. In this paper, we introduce Cohere, a new data management system that simplifies the use of DP in large-scale systems. Cohere implements a unified interface that allows heterogeneous applications to operate on a unified view of users' data. Cohere further extends existing accounting systems with the ability to manage and optimally allocate shared privacy resources, i.e., budget, under complex preferences. We show that Cohere can effectively enable advanced privacy solutions in existing large-scale systems with minimal modifications to existing data management systems and with moderate overhead.