# Calendar (Tentative) For differential privacy, we will use the textbook *Algorithmic Foundations of Data Privacy* (AFDP) by Cynthia Dwork and Aaron Roth, available [here](https://www.cis.upenn.edu/~aaroth/Papers/privacybook.pdf). Date | Topic | Presenter :----:|-------|:---------: |

**Differential Privacy**

| 9/5 | [Course welcome, introducing differential privacy](../resources/slides/lecture01.html)
**Paper:** Keshav. [*How to Read a Paper*](https://web.stanford.edu/class/ee384m/Handouts/HowtoReadPaper.pdf). | Justin 9/10 | Basic private mechanisms
**Reading:** AFDP 3.2, 3.3 | Justin 9/12 | Composition and closure properties
**Reading:** AFDP 3.5 | Justin 9/17 | What does differential privacy actually mean?
**Reading:** McSherry. [*Lunchtime for Differential Privacy*](https://github.com/frankmcsherry/blog/blob/master/posts/2016-08-16.md) (see also these [two](https://github.com/frankmcsherry/blog/blob/master/posts/2016-06-14.md) [posts](https://github.com/frankmcsherry/blog/blob/master/posts/2016-08-29.md)) | Justin 9/19 | Exponential mechanism
**Paper:** McSherry and Talwar. [*Mechanism Design via Differential Privacy*](http://kunaltalwar.org/papers/expmech.pdf).
**Due: Project topics and groups**
| Justin **9/21 (FRI)** | Identity-Based Encryption from the Diffie-Hellman Assumption
**SPECIAL TIME AND PLACE: 4 PM, CS 1240**
| Sanjam Garg 9/24 | Advanced mechanisms
Report-noisy-max, Sparse Vector Technique, and Private Multiplicative Weights
**Reading:** AFDP 3.3, 3.5, 4.2 | Justin 9/26 | Privacy for data streams
**Paper:** Chan, Shi, and Song. [*Private and Continual Release of Statistics*](https://eprint.iacr.org/2010/076.pdf). | Yinglun 10/1 | Local differential privacy
**Paper:** Erlingsson, Pihur, and Korolova. [*RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response*](https://arxiv.org/pdf/1407.6981.pdf). | Justin |

**Adversarial Machine Learning**

| 10/3 | [AML: overview and basics](../resources/slides/somesh-aml.pdf)
**GUEST LECTURE**
| Somesh Jha 10/8 | History of Adversarial ML
**Paper:** Biggio and Roli. [*Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning*](https://arxiv.org/pdf/1712.03141). | Meghana 10/10 | Adversarial examples
**Paper:** Szegedy, Zaremba, Sutskever, et al. [*Intriguing Properties of Neural Networks*](https://arxiv.org/pdf/1312.6199.pdf). | Shimaa 10/15 |
**NO CLASS: INSTRUCTOR AWAY**
| 10/17 |
**NO CLASS: INSTRUCTOR AWAY**
**Due: Milestone 1**
| 10/22 | Adversarial examples
**Paper:** Goodfellow, Schlens, and Szegedy. [*Explaining and Harnessing Adversarial Examples*](https://arxiv.org/abs/1412.6572). | Kyrie 10/24 | Real-world attacks
**Paper:** Eykholt, Evtimov, Fernandes, et al. [*Robust Physical-World Attacks on Deep Learning Models*](https://arxiv.org/pdf/1707.08945.pdf). | Hiba 10/29 | Detection methods
**Paper:** Carlini and Wagner. [*Towards Evaluating the Robustness of Neural Networks*](https://arxiv.org/pdf/1608.04644.pdf). | Yiqin 10/31 | Detection methods
**Paper:** Carlini and Wagner. [*Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods*](https://arxiv.org/pdf/1705.07263.pdf). | Junxiong 11/5 | Defensive measures
**Paper:** Steinhardt, Koh, and Liang. [*Certified Defenses for Data Poisoning Attacks*](https://arxiv.org/pdf/1706.03691.pdf). | Yaman 11/7 | Defensive measures
**Paper:** Madry, Makelov, Schmidt, Schmidt, Tsipras, and Valdu. [*Towards Deep Learning Models Resistant to Adversarial Attacks*](https://arxiv.org/pdf/1706.06083.pdf). | Maddie |

**Cryptographic Techniques**

| 11/12 | Applied crypto: overview and basics | Justin 11/14 | Verifiable differential privacy
**Paper:** Narayan, Feldman, Papadimitriou, and Haeberlen. [*Verifiable Differential Privacy*](https://www.cis.upenn.edu/~ahae/papers/verdp-eurosys2015.pdf).
**Due: Milestone 2**
| Fayi 11/19 | Homomorphic encryption
**Paper:** Halevi and Shoup. [*Algorithms in HElib*](https://www.shoup.net/papers/helib.pdf). | Yue |

**Language-Based Security**

| 11/21 | Language-based security: overview and basics | Justin 11/26 | Languages for privacy
**Paper:** Reed and Pierce. [*Distance Makes the Types Grow Stronger: A Calculus for Differential Privacy*](https://www.cis.upenn.edu/~bcpierce/papers/dp.pdf). | Sam 11/28 | Bonus lecture on applied crypto
**GUEST LECTURE**
| Somesh Jha 12/3 | Languages for authenticated datastructures
**Paper:** Miller, Hicks, Katz, and Shi. [*Authenticated Data Structures, Generically*](https://www.cs.umd.edu/~mwh/papers/gpads.pdf). | Zichuan 12/5 | Languages for oblivous computing
**Paper:** Zahur and Evans. [*Obliv-C: A Language for Extensible Data-Oblivious Computation*](https://eprint.iacr.org/2015/1153.pdf). | Zhiyi 12/10 | Languages for information flow
**Paper:** Griffin, Levy, Stefan, et al. [*Hails: Protecting Data Privacy in Untrusted Web Applications*](https://www.usenix.org/system/files/conference/osdi12/osdi12-final-35.pdf). | Arjun 12/12 | Languages for preventing timing channels
**Paper:** Zhang, Askarov, and Myers. [*Language-Based Control and Mitigation of Timing Channels*](https://www.cs.cornell.edu/andru/papers/pltiming-pldi12.pdf). | Yan