Kris Steinhoff October, 2018 Internet2 Technology Exchange ... › media › medialibrary ›...

Internet2 Technology Exchange 2018 October, 2018

Kris Steinhoff

PrivaScope: Enabling Data Analytics

Goals: An Ethical, Privacy Preserving Platform

● Enable researchers to ask aggregate questions across multiple data sets in a ethical, privacy-preserving manner. Allow for a privacy and ethics body review to ensure that only appropriate, aggregate questions are asked.

● Allow researchers to ask aggregate questions across multiple data sets while no researcher has direct access to the data sets.

● Enable U-M ITS to support such queries in a scalable, effective manner.


Wi-Fi Mobility Data

GIS GIS GISDEVICE LOCATION/TIME

SERIES (AT REST/IN TRANSIT)

AP LOCATION

BUILDINGROOM

GIS

GIS (X, Y, Z)

PATH

GIS

GIS

DEVICE LOCATION

DEVICE

SIGNAL STRENGTH

AP DIRECTION

MULTIPLE APs TRIANGULATION

COLLISION

GIS

GIS

COHORT

GIS

GISGIS

IDENTITY

MAC ADDRESS

MAC ADDRESSUNIQUE ID

ROLE HOME BASE

TIME

AP NAME

CAMPUS

SUB- CAMPUS


PrivaScope 1.0 Portal


Overview

Privascope Infrastructure

Privascope Secure Enclave

People Wifi . . .

Data Sources

Data Loader Enclave

Database

Sandbox Database

Researcher

Running code

Processing Node

Running code

Researcher Portal

- Study request- Study approval- Code run scheduling- Results approval

directquery

anonymizedsubset

results reviewed before release

requeststudy

schedule code run

Privascope Infrastructure

Privascope Secure Enclave

People Wifi . . .

Data Sources

Data Loader Enclave

Database

Sandbox Database

Researcher

Running code

Processing Node

Running code

Researcher Portal

- Study request- Study approval- Code run scheduling- Results approval

directquery

anonymizedsubset

results reviewed before release

requeststudy

schedule code run


Technical Architecture



Processing NodeLinux VM

Docker

Rabbit MQ Researcher PortalWeb Application




Docker


Web application written in Django using the django-fsm library to manage workflow. Deployed outside the PrivaScope Enclave, currently in an on-prem OpenShift cluster.




Docker


Job queueing is handled with the Celery python library using Rabbit MQ.




Docker


Jobs are run in Docker containers to achieve process isolation.


Horizontal Scaling



Processing NodeKubernetes Cluster

Processing NodeHPC VM

This architecture allows for horizontal scaling at the processing node level.




Docker


1. Researcher: submits algorithm/code through PrivaScope portal2. PrivaScope Review Board: reviews privacy protection attributes of the code

IF APPROVED3. PrivaScope staging processing: queues algorithm for execution in secure enclave4. PrivaScope query engine: runs algorithm in secure enclave5. PrivaScope Review Board: reviews the output to ensure privacy protection compliance

IF APPROVED6. Output is released to researcher for publishing


Workflow




Job runner

Researcher PortalWeb Application

Job submittedJob

approvedyes

Results released

Results approved

Docker

Build

Run

Collect Results

yes

Rabbit MQ


Workflow


Job runner


Job submittedJob

approvedyes

Results released

Results approved

Docker

Build

Run

Collect Results

yes

Rabbit MQ

Researcher submits job code and dependencies.


Job runner


Job submittedJob

approvedyes

Results released

Results approved

Docker

Build

Run

Collect Results

yes

Rabbit MQ

Code is reviewed by the PrivaScope team.


Workflow


Job runner


Job submittedJob

approvedyes

Results released

Results approved

Docker

Build

Run

Collect Results

yes

Rabbit MQ

If approved, the job is queued for execution.


Workflow


Job runner


Job submittedJob

approvedyes

Results released

Results approved

Docker

Build

Run

Collect Results

yes

Rabbit MQ

The runner retrieves job from the queue and builds the image in Docker.


Workflow

analysis.py

import osfrom mongo import Connectionimport pandas as pd

wifi = Connection(os.getenv('MONGODB_URL')).wifi

df = pd.DataFrame(list(wifi.find()))

# ... analysis …

df.to_csv('results.csv')


Job FormatDockerfile (required)

FROM python3:latest

RUN mkdir /usr/src/appWORKDIR /usr/src/app

COPY . /usr/src/app/CMD venv/bin/python3 analysis.py

analysis.py




# ... analysis …



Job Format

The Dockerfile is used by PrivaScope to create a Docker image.

Dockerfile (required)

FROM python3:latest



analysis.py




# ... analysis …



Job Format

The researcher can include dependencies with their job to support their analysis code.


FROM python3:latest



analysis.py




# ... analysis …



Job Format

PrivaScope will populate several variables into the environment of the running container to allow the analysis code to connect to data in the enclave.


FROM python3:latest



analysis.py




# ... analysis …

df.to_csv('/srv/data/results.csv')


Job Format

The analysis code can output results to a standard location which will be collected by PrivaScope for review.


FROM python3:latest




Job runner


Job submittedJob

approvedyes

Results released

Results approved

Docker

Build

Run

Collect Results

yes

Rabbit MQ

The job is run in a Docker container. The container not given any network access outside the PrivaScope enclave.


Workflow


Job runner


Job submittedJob

approvedyes

Results released

Results approved

Docker

Build

Run

Collect Results

yes

Rabbit MQ

The job results are returned to the web application workflow.


Workflow


Job runner


Job submittedJob

approvedyes

Results released

Results approved

Docker

Build

Run

Collect Results

yes

Rabbit MQ

The results are reviewed by the PrivaScope team to ensure that they only contain aggregate results.


Workflow


Job runner


Job submittedJob

approvedyes

Results released

Results approved

Docker

Build

Run

Collect Results

yes

Rabbit MQ

If approved, the results are made available to the researcher.


Workflow

● Refine PrivaScope 1.0 workflows and administration.

● Integration with Git (GitLab merge requests and/or CI/CD).

● Our goal for PrivaScope 2.0 is to build an API that allows users to query arbitrarily and

have the API enforce privacy preservation.


Future Plans


Questions

Kris Steinhoff October, 2018 Internet2 Technology Exchange ... › media › medialibrary ›...

Documents

Transcript of Kris Steinhoff October, 2018 Internet2 Technology Exchange ... › media › medialibrary ›...