Differential Privacy |
|
|
|
|
| 9/4 |
Course welcome
Reading: How to Read a Paper |
JH |
--- |
|
| 9/6 |
Basic private mechanisms
Reading: Dwork and Roth 3.2-4 |
JH |
--- |
|
| 9/9 |
Composition and closure properties
Reading: Dwork and Roth 3.5 |
JH |
--- |
Signups Due |
| 9/11 |
What does differential privacy actually mean?
Reading: Lunchtime for Differential Privacy |
JH |
--- |
|
| 9/13 |
Differentially private machine learning
Reading: On the Protection of Private Information in Machine Learning Systems: Two Recent Approaches
Reading: Semi-supervised Knowledge Transfer for Deep Learning from Private Training Data |
Robert/Shengwen |
Zach/Jialu |
|
Adversarial Machine Learning |
|
|
|
|
| 9/16 |
Overview and basic concepts |
JH |
--- |
|
| 9/18 |
Adversarial examples
Reading: Intriguing Properties of Neural Networks
Reading: Explaining and Harnessing Adversarial Examples |
JH |
Robert/Shengwen |
|
| 9/20 |
Data poisoning
Reading: Poisoning Attacks against Support Vector Machines
Reading: Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks |
Somya/Zi |
Miru/Pierre |
|
| 9/23 |
Defenses and detection: challenges
Reading: Towards Evaluating the Robustness of Neural Networks
Reading: Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods |
JH |
--- |
|
| 9/25 |
Certified defenses
Reading: Certified Defenses for Data Poisoning Attacks
Reading: Certified Defenses against Adversarial Examples |
Joseph/Nils |
Siddhant/Goutham |
|
| 9/27 |
Adversarial training
Reading: Towards Deep Learning Models Resistant to Adversarial Attacks
Reading: Ensemble Adversarial Training: Attacks and Defenses |
Siddhant/Goutham |
Somya/Zi |
|
Applied Cryptography |
|
|
|
|
| 9/30 |
Overview and basic constructions
See also: Boneh and Shoup, 11.6, 19.4
See also: Evans, Kolesnikov, and Rosulek, Chapter 3 |
JH |
--- |
|
| 10/2 |
SMC for machine learning
Reading: Secure Computation for Machine Learning With SPDZ
Reading: Helen: Maliciously Secure Coopetitive Learning for Linear Models |
Varun/Vibhor/Adarsh |
--- |
|
| 10/4 |
Secure data collection at scale
Reading: Prio: Private, Robust, and Scalable Computation of Aggregate Statistics |
Abhirav/Rajan |
--- |
|
| 10/7 |
Verifiable computing
Reading: SafetyNets: Verifiable Execution of Deep Neural Networks on an Untrusted Cloud |
JH |
--- |
|
| 10/9 |
Side channels and implementation issues
Reading: On Significance of the Least Significant Bits For Differential Privacy |
JH |
--- |
|
| 10/11 |
Model watermarking
Reading: Protecting Intellectual Property of Deep Neural Networks with Watermarking
Reading: Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring |
Noor/Shashank |
Joseph/Nils |
MS1 Due |
Algorithmic Fairness |
|
|
|
|
| 10/14 |
Overview and basic notions
Reading: Barocas, Hardt, and Narayanan, Chapter 1-2 |
JH |
--- |
|
| 10/16 |
Individual and group fairness
Reading: Fairness through Awarness
Reading: Equality of Opportunity in Supervised Learning |
JH |
Jack/Jack |
|
| 10/18 |
Inherent tradeoffs
Reading: Inherent Trade-Offs in the Fair Determination of Risk Scores |
Bobby |
--- |
|
| 10/21 |
Defining fairness: challenges
Reading: 50 Years of Test (Un)fairness: Lessons for Machine Learning
Reading: Barocas, Hardt, and Narayanan, Chapter 4 |
JH |
Bobby |
|
| 10/23 |
Fairness in unsupervised learning
Reading: Man is to Computer Programmer as Woman is to Homemaker? Debiasing Word Embeddings
Reading: Men Also Like Shopping: Reducing Gender Bias Amplification using Corpus-level Constraints |
Zach/Jialu |
Noor/Shashank |
|
| 10/25 |
Beyond observational measures
Reading: Avoiding Discrimination through Causal Reasoning
Reading: Counterfactual Fairness |
Nat/Geetika |
Varun/Vibhor/Adarsh |
|
PL and Verification |
|
|
|
|
| 10/28 |
Overview and basic notions |
JH |
--- |
|
| 10/30 |
Probabilistic programming languages
Reading: Probabilistic Programming |
Miru/Pierre |
Nat/Geetika |
|
| 11/1 |
Automata learning and interpretability
Reading: Model Learning
Reading: Interpreting Finite Automata for Sequential Data |
Jack/Jack |
Abhirav/Rajan |
|
| 11/4 |
Programming languages for differential privacy
Reading: Programming Language Techniques for Differential Privacy |
JH |
--- |
|
| 11/6 |
Verifying neural networks
Reading: AI2: Safety and Robustness Certification of Neural Networks with Abstract Interpretation
Reading: DL2: Training and Querying Neural Networks with Logic |
JH |
--- |
|
| 11/8 |
Verifying probabilistic programs
Reading: Advances and Challenges of Probabilistic Model Checking
Reading: A Program Logic for Union Bounds |
JH |
Miru |
MS2 Due |
No Lectures: Work on Projects |
|
|
|
|
| 12/11 |
Project Presentations 1 |
|
Final Projects |
|
| 12/13 |
Project Presentations 2
TIME AND PLACE: TBD |
|
|
|