Cited By
View all- Pramod D(2022)Privacy-preserving techniques in recommender systems: state-of-the-art review and future research agendaData Technologies and Applications10.1108/DTA-02-2022-008357:1(32-55)Online publication date: 4-May-2022
PProx: efficient privacy for recommendation-as-a-service
Authors: 
Guillaume Rosinosky, Simon Da Silva, Sonia Ben Mokhtar, Daniel Négru, Laurent Réveillère, 
Etienne RivièreAuthors Info & Claims
Pages 14 - 26
Abstract
We present PProx, a system preventing recommendation-as-a-service (RaaS) providers from accessing sensitive data about the users of applications leveraging their services. PProx does not impact recommendations accuracy, is compatible with arbitrary recommendation algorithms, and has minimal deployment requirements. Its design combines two proxying layers directly running inside SGX enclaves at the RaaS provider side. These layers transparently pseudonymize users and items and hide links between the two, and PProx privacy guarantees are robust even to the corruption of one of these enclaves. We integrated PProx with Harness's Universal Recommender and evaluated it on a 27-node cluster. Our results indicate its ability to withstand a high number of requests with low end-to-end latency, horizontally scaling up to match increasing workloads of recommendations.
References
[1]
2019. Mediego. https://www.mediego.com/en/.
[2]
2019. Plista. https://www.plista.com.
[3]
2019. Recombee. https://www.recombee.com.
[4]
2020. Intel SGX SDK. https://software.intel.com/en-us/sgx/sdk.
[5]
2020. Intel Software Guard Extensions SSL. https://github.com/intel/intel-sgx-ssl.
[6]
ActionML. [n.d.]a. Harness: microservice based Machine Learning Server. https://actionml.com/harness
[7]
ActionML. [n.d.]b. The Universal Recommender. https://actionml.com/docs/h_ur
[8]
Ioannis Arapakis, Xiao Bai, and B Barla Cambazoglu. 2014. Impact of response latency on user behavior in web search. In <i>37th international ACM SIGIR conference on Research & development in information retrieval</i>.
[9]
Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O'Keeffe, Mark L Stillwell, et al. 2016. SCONE: Secure Linux Containers with Intel SGX. In <i>12th USENIX Symposium on Operating Systems Design and Implementation</i> <i>(OSDI)</i>.
[10]
Naveen Farag Awad and Mayuram S Krishnan. 2006. The personalization privacy paradox: an empirical evaluation of information transparency and the willingness to be profiled online for personalization. <i>MIS quarterly</i> (2006), 13–28.
[11]
Anirban Basu, Jaideep Vaidya, Hiroaki Kikuchi, and Theo Dimitrakos. 2011. Privacy-preserving collaborative filtering for the cloud. In <i>23rd International Conference on Cloud Computing Technology and Science</i> <i>(CloudCom)</i>. IEEE.
[12]
Anirban Basu, Jaideep Vaidya, Hiroaki Kikuchi, and Theo Dimitrakos. 2013. Privacy-preserving collaborative filtering on the cloud and practical implementation experiences. In <i>Sixth IEEE International Conference on Cloud Computing</i>.
[13]
Anirban Basu, Jaideep Vaidya, Hiroaki Kikuchi, Theo Dimitrakos, and Srijith K Nair. 2012. Privacy preserving collaborative filtering for SaaS enabling PaaS clouds. <i>Journal of Cloud Computing: Advances, Systems and Applications</i> 1, 1 (2012), 8.
[14]
Joeran Beel, Alan Griffin, and Conor O’Shea. 2019. Darwin & Goliath: A White-Label Recommender-System As-a-Service with Automated Algorithm-Selection. In <i>Demonstration at the 13th ACM Conference on Recommender Systems</i> <i>(RecSys)</i>.
[15]
Yahya Benkaouz, Mohammed Erradi, and Anne-Marie Kermarrec. 2016. Nearest Neighbors Graph Construction: Peer Sampling to the Rescue. In <i>International Conference on Networked Systems</i> <i>(NETYS)</i>. Springer.
[16]
Jesús Bobadilla, Fernando Ortega, Antonio Hernando, and Abraham Gutiérrez. 2013. Recommender systems survey. <i>Knowledge-based systems</i> 46 (2013).
[17]
Antoine Boutet, Davide Frey, Rachid Guerraoui, Arnaud Jégou, and Anne-Marie Kermarrec. 2016. Privacy-preserving distributed collaborative filtering. <i>Computing</i> 98, 8 (2016), 827–846.
[18]
Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software grand exposure: SGX cache attacks are practical. In <i>11th USENIX Workshop on Offensive Technologies</i> <i>(WOOTS)</i>.
[19]
Eric A Brewer. 2015. Kubernetes and the path to cloud native. In <i>Sixth ACM Symposium on Cloud Computing</i> <i>(SOCC)</i>.
[20]
Robin Burke. 2002. Hybrid recommender systems: Survey and experiments. <i>User modeling and user-adapted interaction</i> 12, 4 (2002).
[21]
Joseph A Calandrino, Ann Kilzer, Arvind Narayanan, Edward W Felten, and Vitaly Shmatikov. 2011. "You might also like:" Privacy risks of collaborative filtering. In <i>IEEE Symposium on Security and Privacy</i> <i>(S&P)</i>.
[22]
John Canny and John Canny. 2002. Collaborative filtering with privacy via factor analysis. In <i>25th annual international ACM SIGIR conference on Research and development in information retrieval</i>. ACM.
[23]
Canonical. [n.d.]. MaaS: Very fast server provisioning for your data centre. https://maas.io
[24]
Guoxing Chen, Sanchuan Chen, Yuan Xiao, Yinqian Zhang, Zhiqiang Lin, and Ten H Lai. 2019. SgxPectre: Stealing Intel Secrets from SGX Enclaves Via Speculative Execution. In <i>European Symposium on Security and Privacy (EuroS&P)</i>. IEEE.
[25]
Sanchuan Chen, Xiaokuan Zhang, Michael K Reiter, and Yinqian Zhang. 2017. Detecting privileged side-channel attacks in shielded execution with Déjà Vu. In <i>ACM Asia Conference on Computer and Communications Security</i> <i>(AsiaCrypt)</i>.
[26]
Richard Cissée and Sahin Albayrak. 2007. An agent-based approach for privacy-preserving recommender systems. In <i>6th international joint conference on Autonomous agents and multiagent systems</i> <i>(AAMAS)</i>. ACM.
[27]
Cloud Native Computing Foundation. [n.d.]. Helm: The package manager for Kubernetes. https://helm.sh
[28]
Stefan Contiu, Laurent Réveillère, and Etienne Rivière. 2020. Practical Active Revocation. In <i>21st International Middleware Conference</i>.
[29]
Victor Costan and Srinivas Devadas. 2016. Intel SGX Explained. <i>IACR Cryptology ePrint Archive</i> 2016 (2016), 86.
[30]
Georgios Damaskinos, Rachid Guerraoui, Anne-Marie Kermarrec, Vlad Nitu, Rhicheek Patra, and Francois Taiani. 2020. FLeet: Online Federated Learning via Staleness Awareness and Performance Prediction. In <i>ACM Middleware</i>.
[31]
Cameron Desrochers. 2020. Lock-free queue for C++11. https://github.com/cameron314/concurrentqueue.
[32]
Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. <i>Tor: The second-generation onion router</i>. Technical Report. Naval Research Lab Washington DC.
[33]
Erika Duriakova, Elias Z Tragos, Barry Smyth, Neil Hurley, Francisco J Peña, Panagiotis Symeonidis, James Geraci, and Aonghus Lawlor. 2019. PDMFRec: a decentralised matrix factorisation with tunable user-centric privacy. In <i>13th ACM Conference on Recommender Systems</i> <i>(RecSys)</i>.
[34]
Cynthia Dwork. 2008. Differential privacy: A survey of results. In <i>International conference on theory and applications of models of computation</i> <i>(TAMC)</i>. Springer.
[35]
Alex Fernández. 2019. alexfernandez/loadtest. https://github.com/alexfernandez/loadtest original-date: 2013-06-21T23:50:01Z.
[36]
Daniel M Fleder and Kartik Hosanagar. 2007. Recommender systems and their impact on sales diversity. In <i>8th ACM conference on Electronic commerce</i>. ACM.
[37]
Fluentd project. [n.d.]. Fluentd: an open source data collector for unified logging layer. https://www.fluentd.org
[38]
Arik Friedman, Bart P Knijnenburg, Kris Vanhecke, Luc Martens, and Shlomo Berkovsky. 2015. Privacy aspects of recommender systems. In <i>Recommender Systems Handbook</i>. Springer.
[39]
Chen Gao, Chao Huang, Dongsheng Lin, Depeng Jin, and Yong Li. 2020. DPLCF: Differentially Private Local Collaborative Filtering. In <i>43rd International Conference on Research and Development in Information Retrieval</i> <i>(ACM SIGIR)</i>.
[40]
Florent Garcin, Boi Faltings, Olivier Donatsch, Ayar Alazzawi, Christophe Bruttin, and Amr Huber. 2014. Offline and online evaluation of news recommender systems at swissinfo.ch. In <i>8th ACM Conference on Recommender systems</i>.
[41]
Mouzhi Ge, Carla Delgado-Battenfeld, and Dietmar Jannach. 2010. Beyond accuracy: evaluating recommender systems by coverage and serendipity. In <i>4th ACM conference on Recommender systems</i> <i>(RecSys)</i>.
[42]
Google VP Marrisa Mayer. 2006. Presentation at Third Annual Web 2.0 Summit.
[43]
Johannes Götzfried, Moritz Eckert, Sebastian Schinzel, and Tilo Müller. 2017. Cache attacks on Intel SGX. In <i>10th European Workshop on Systems Security</i> <i>(EuroSec)</i>. ACM.
[44]
GroupLens research at the University of Minnesota. [n.d.]. Description of the MovieLens ml-20m dataset. http://files.grouplens.org/datasets/movielens/ml-20m-README.html
[45]
Daniel Gruss, Julian Lettner, Felix Schuster, Olya Ohrimenko, Istvan Haller, and Manuel Costa. 2017. Strong and efficient cache side-channel protection using hardware transactional memory. In <i>26th USENIX Security Symposium</i>.
[46]
Rachid Guerraoui, Anne-Marie Kermarrec, Rhicheek Patra, Mahammad Valiyev, and Jingjing Wang. 2017. I know nothing about you but here is what you might like. In <i>47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks</i> <i>(DSN)</i>.
[47]
F Maxwell Harper and Joseph A Konstan. 2015. The MovieLens datasets: History and context. <i>ACM transactions on interactive intelligent systems (TIIS)</i> 5, 4 (2015).
[48]
Mike Hintze and Khaled El Emam. 2018. Comparing the benefits of pseudonymisation and anonymisation under the GDPR. <i>Journal of Data Protection & Privacy</i> 2, 2 (2018).
[49]
Seongmin Kim, Juhyeng Han, Jaehyeong Ha, Taesoo Kim, and Dongsu Han. 2018. SGX-Tor: A Secure and Practical Tor Anonymity Network With SGX Enclaves. <i>IEEE/ACM Transactions on Networking</i> 26, 5 (2018).
[50]
Taehoon Kim, Joongun Park, Jaewook Woo, Seungheun Jeon, and Jaehyuk Huh. 2019. ShieldStore: Shielded In-memory Key-value Storage with SGX. In <i>14th ACM SIGOPS EuroSys Conference</i>.
[51]
Vaibhav Kulkarni, Bertil Chapuis, and Benoît Garbinato. 2017. Privacy-preserving location-based services by using Intel SGX. In <i>1st International Workshop on Human-centered Sensing, Networking, and Systems</i>. ACM.
[52]
Kristen LeFevre, David J DeWitt, and Raghu Ramakrishnan. 2005. Incognito: Efficient full-domain k-anonymity. In <i>ACM SIGMOD international conference on Management of data</i>.
[53]
Daniel Lemire and Anna Maclachlan. 2005. Slope one predictors for online rating-based collaborative filtering. In <i>International Conference on Data Mining</i>. SIAM.
[54]
Joshua Lind, Christian Priebe, Divya Muthukumaran, Dan O'Keeffe, Pierre-Louis Aublin, Florian Kelbert, Tobias Reiher, David Goltzsche, David Eyers, Rüdiger Kapitza, et al. 2017. Glamdring: Automatic Application Partitioning for Intel SGX. In <i>USENIX Annual Technical Conference</i> <i>(ATC)</i>.
[55]
Pasquale Lops, Marco De Gemmis, and Giovanni Semeraro. 2011. Content-based recommender systems: State of the art and trends. In <i>Recommender systems handbook</i>. Springer, 73–105.
[56]
Frank McSherry and Ilya Mironov. 2009. Differentially private recommender systems: Building privacy into the Netflix prize contenders. In <i>15th ACM SIGKDD international conference on Knowledge discovery and data mining</i> <i>(KDD)</i>. ACM.
[57]
Marc Mendonca, Srini Seetharaman, and Katia Obraczka. 2012. A flexible in-network IP anonymization service. In <i>International conference on communications</i> <i>(ICC)</i>. IEEE.
[58]
Ahmad Moghimi, Gorka Irazoqui, and Thomas Eisenbarth. 2017. Cachezoom: How SGX amplifies the power of cache attacks. In <i>International Conference on Cryptographic Hardware and Embedded Systems</i> <i>(CHES)</i>. Springer.
[59]
Itishree Mohallick, Katrien De Moor, Özlem Özgöbek, and Jon Atle Gulla. 2018. Towards New Privacy Regulations in Europe: Users’ Privacy Perception in Recommender Systems. In <i>International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage</i> <i>(SpaCCS)</i>. Springer.
[60]
Sonia Ben Mokhtar, Antoine Boutet, Pascal Felber, Marcelo Pasin, Rafael Pires, and Valerio Schiavoni. 2017. X-search: revisiting private web search using intel SGX. In <i>18th ACM/IFIP/USENIX Middleware Conference</i>.
[61]
Khalil Muhammad, Qinqin Wang, Diarmuid O'Reilly-Morgan, Elias Tragos, Barry Smyth, Neil Hurley, James Geraci, and Aonghus Lawlor. 2020. FedFast: Going Beyond Average for Faster Training of Federated Recommender Systems. In <i>26th International Conference on Knowledge Discovery & Data Mining</i> <i>(ACM SIGKDD)</i>.
[62]
Arvind Narayanan and Vitaly Shmatikov. 2008. Robust de-anonymization of large datasets (how to break anonymity of the Netflix prize dataset). In <i>IEEE Symposium on Security and Privacy</i>.
[63]
Alexander Nilsson, Pegah Nikbakht Bideh, and Joakim Brorsson. 2020. A Survey of Published Attacks on Intel SGX. [arxiv]2006.13598 [cs.CR]
[64]
Oleksii Oleksenko, Bohdan Trach, Robert Krahn, Mark Silberstein, and Christof Fetzer. 2018. Varys: Protecting SGX enclaves from practical side-channel attacks. In <i>USENIX Annual Technical Conference</i> <i>(ATC)</i>.
[65]
Emanuel Onica, Pascal Felber, Hugues Mercier, and Etienne Rivière. 2015. Efficient key updates through subscription re-encryption for privacy-preserving publish/subscribe. In <i>16th Annual Middleware Conference</i>.
[66]
Pascal Paillier. 1999. Public-key cryptosystems based on composite degree residuosity classes. In <i>International conference on the theory and applications of cryptographic techniques</i> <i>(Eurocrypt)</i>. Springer.
[67]
Project Jupyter. [n.d.]. Open-source software, open-standards, and services for interactive computing across dozens of programming languages. https://jupyter.org
[68]
Michael Schwarz, Moritz Lipp, Daniel Moghimi, Jo Van Bulck, Julian Stecklina, Thomas Prescher, and Daniel Gruss. 2019. ZombieLoad: Cross-privilege-boundary data sampling. <i>arXiv preprint arXiv:1905.05726</i> (2019).
[69]
Ron Sharp. 2012. Latency in cloud-based interactive streaming content. <i>Bell Labs Technical Journal</i> 17, 2 (2012).
[70]
Yilin Shen and Hongxia Jin. 2014. Privacy-preserving personalized recommendation: An instance-based approach via differential privacy. In <i>International Conference on Data Mining</i> <i>(ICDE)</i>. IEEE.
[71]
Hyejin Shin, Sungwook Kim, Junbum Shin, and Xiaokui Xiao. 2018. Privacy enhanced matrix factorization for recommendation with local differential privacy. <i>IEEE Transactions on Knowledge and Data Engineering</i> 30, 9 (2018).
[72]
Reza Shokri, Pedram Pedarsani, George Theodorakopoulos, and Jean-Pierre Hubaux. 2009. Preserving privacy in collaborative filtering through distributed aggregation of offline profiles. In <i>3rd ACM conference on Recommender systems</i> <i>(RecSys)</i>. ACM.
[73]
Latanya Sweeney. 2002. k-anonymity: A model for protecting privacy. <i>International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems</i> 10, 05 (2002), 557–570.
[74]
André Calero Valdez and Martina Ziefle. 2019. The users’ perspective on the privacy-utility trade-offs in health recommender systems. <i>International Journal of Human-Computer Studies</i> 121 (2019).
[75]
Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the keys to the intel SGX kingdom with transient out-of-order execution. In <i>27th USENIX Security Symposium</i>.
[76]
Sébastien Vaucher, Rafael Pires, Pascal Felber, Marcelo Pasin, Valerio Schiavoni, and Christof Fetzer. 2018. SGX-aware container orchestration for heterogeneous clusters. In <i>38th International Conference on Distributed Computing Systems</i> <i>(ICDCS)</i>. IEEE.
[77]
Jun Wang, Qiang Tang, Afonso Arriaga, and Peter YA Ryan. 2019. Novel Collaborative Filtering Recommender Friendly to Privacy Protection. In <i>International Joint Conference on Artificial Intelligence</i> <i>(IJCAI)</i>.
[78]
Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, and Carl A Gunter. 2017. Leaky cauldron on the dark land: Understanding memory side-channel hazards in SGX. In <i>ACM SIGSAC Conference on Computer and Communications Security</i> <i>(CCS)</i>. ACM.
[79]
Zhenyu Wu, Zhang Xu, and Haining Wang. 2014. Whispers in the hyper-space: high-bandwidth and reliable covert channel attacks inside the cloud. <i>IEEE/ACM Transactions on Networking</i> 23, 2 (2014), 603–615.
Index Terms
- PProx: efficient privacy for recommendation-as-a-service
Recommendations
Enhancing privacy and preserving accuracy of a distributed collaborative filtering
RecSys '07: Proceedings of the 2007 ACM conference on Recommender systemsCollaborative Filtering (CF) is a powerful technique for generating personalized predictions. CF systems are typically based on a central storage of user profiles used for generating the recommendations. However, such centralized storage introduces a ...
Exploring privacy concerns in news recommender systems
WI '17: Proceedings of the International Conference on Web IntelligenceWith the increasing ubiquity of access to online news sources, the news recommender systems are becoming widely popular in recent days. However, providing interesting news for each user is a challenging task in highly-dynamic news domain. Many news ...
Enhancing social matrix factorization with privacy
SAC '13: Proceedings of the 28th Annual ACM Symposium on Applied ComputingWithin the course of this manuscript we present a privacy-preserving collaborative filtering recommender system which aims at alleviating the concern with privacy of user profiles within the context of sparse social trust data. While problem of sparsity ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
December 2021
398 pages
ISBN:9781450385343
DOI:10.1145/3464298
- General Chairs:
- Kaiwen Zhang,
- Abdelouahed Gherbi,
- Program Chairs:
- Nalini Venkatasubramanian,
- Luís Veiga
Copyright © 2021 ACM.
Publication rights licensed to ACM. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of a national government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.
Sponsors
In-Cooperation
- USENIX Assoc: USENIX Assoc
- IFIP
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 02 October 2021
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
Conference
Middleware '21
Sponsor:
Acceptance Rates
Overall Acceptance Rate 203 of 948 submissions, 21%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 152Total Downloads
- Downloads (Last 12 months)37
- Downloads (Last 6 weeks)8
Reflects downloads up to 14 Dec 2024
Other Metrics
Citations
Cited By
View all- Pramod D(2022)Privacy-preserving techniques in recommender systems: state-of-the-art review and future research agendaData Technologies and Applications10.1108/DTA-02-2022-008357:1(32-55)Online publication date: 4-May-2022
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in