TAMBA: Testing and Modeling of Brandeis Artifacts
TAMBA will measure the privacy, performance and utility of systems for the Brandeis program, which is focused on developing tools and techniques for building systems in which private data may be used only for its intended purpose and no other.
DARPA’s Brandeis program aims to enable individuals and organizations to maintain control of their private data while allowing that data to participate in computation that provides mutual value, both to the data provider and to the data analyst. TAMBA addresses the Metrics and Analysis technical area, which is focused on evaluation of the privacy-preserving systems constructed during the program. In contrast to many evaluation roles, this will involve substantial new research, as we must answer the question, “how do you effectively measure privacy”?
TAMBA aims to provide the sort of rigorous evaluation of privacy controls that are necessary to firmly establish trust in a system that handles private data at scale. It enables precise measurement of information flow, supporting quantitative assessments of how much privacy was lost due to particular system interactions. The project also incorporates economic principles of utility to describe changes in privacy in terms of the value of the information and the potential impact of disclosure.
Our team is bringing three core technologies to this problem: Cognitive System Engineering (CSE), Quantified Information Flow (QIF), and Economics / Game Theory. QIF allows one to quantify the amount of information flowing between parties. Since information gain by other parties corresponds to a privacy loss by the data owner, this gives us a method to measure changes in privacy. CSE provides a rigorous approach to evaluation of the human factors of the system such as usability and transparency. Economics and game theory allows us to augment the discussion of data leakage with a notion of data value, moving from a description of privacy loss in technical terms to a characterization of loss in economic terms.
TAMBA is a collaboration led by Galois that also includes the University of Pennsylvania, the University of Maryland College Park, Hebrew University, and Charles River Analytics. The TAMBA research effort will result in both theoretical advances and practical tools, all of which will be widely shared. Our software will be released as open source and we will pursue publication in academic venues for any results of broad interest.