GraphAudit: Privacy Auditing for Massive Graph Mining

Data privacy audits that ensure policy compliant usage of personal data are increasingly enforced (internally or externally) on service providers that amass and process user data. Existing approaches to privacy auditing fall short of addressing the challenges introduced by modern personalized services that analyze user data using large scale machine learning and data mining (MLDM) algorithms, and provide users custom privacy controls. In this paper, we present GraphAudit, an auditing framework for large-scale graph mining platforms that can check the compliance of a wide range of expressive privacy policies. GraphAudit achieves this by reconstructing the runtime context of data use by MLDM algorithms by logging data accesses and tracing data flows. We implement GraphAudit over GraphLab, a popular distributed graph mining framework and evaluate its performance using commonly used MLDM algorithms and real worlds graph datasets. Our evaluation shows that GraphAudit performance overheads are moderate and exhibits scaling properties similar to GraphLab. Moreover, the overheads can be reduced by amortizing the I/O overhead of logging across distributed machines in the cluster. This results in overheads relative to GraphLab that are as low as 5.76 x, with execution times that can automate privacy auditing compared to the otherwise manual and error prone approaches currently used.