arxiv: 2605.02391 · v2 · submitted 2026-05-04 · 💻 cs.CR · cs.LO

Recognition: 2 theorem links

· Lean Theorem

Differentially Private Runtime Monitoring

Bernd Finkbeiner, Frederik Scheerer

Authors on Pith no claims yet

Pith reviewed 2026-05-12 01:48 UTC · model grok-4.3

classification 💻 cs.CR cs.LO

keywords differential privacyruntime monitoringstream processingtemporal dependenciesnoise injectionprivacy-preserving monitoringaggregation mechanismspublic transportation case study

0 comments

The pith

Runtime monitors can enforce differential privacy automatically by analyzing temporal dependencies and injecting calibrated noise at strategic points in the specification.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

Stream-based monitors gather detailed runtime statistics, but in privacy-sensitive settings this risks leaking individual data through repeated outputs caused by temporal operators. The paper shows how to add differential privacy without manual redesign by first mapping which inputs influence which outputs over time, then inserting noise only where it breaks those chains while keeping the monitor's intended results usable. Tree-based mechanisms are applied specifically to aggregation steps to limit the accuracy penalty from the added noise. The method is illustrated on a public-transport usage monitor that tracks passenger flows without exposing personal travel patterns.

Core claim

We propose an approach that automatically enforces differential privacy in stream-based monitoring specifications by analyzing temporal dependencies and injecting carefully calibrated noise into the specification. To preserve the utility of the outputs, we identify strategically chosen positions in the specification for noise injection and leverage tree-based mechanisms to mitigate the accuracy loss caused by noise injected into aggregation operators. We demonstrate the practicality and effectiveness of our approach in a case study on monitoring public transportation usage.

What carries the argument

Analysis of temporal dependencies in the monitoring specification, followed by targeted noise injection at positions chosen to break repeated disclosure chains while using tree-based mechanisms on aggregations to control accuracy loss.

If this is right

Any stream monitor whose specification can be parsed for temporal influences can receive differential privacy without rewriting the original logic.
Strategic placement of noise limits the total privacy cost while tree mechanisms reduce the accuracy penalty on summed or averaged results.
The resulting private monitor can be deployed in settings such as transportation analytics where both privacy regulations and operational utility must be satisfied.
The technique works on existing specification languages because it operates by rewriting rather than by requiring a new monitor engine.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

If the dependency analysis step can be fully automated, the same rewriting pipeline could be added to existing runtime-verification toolchains with little extra user effort.
The approach might generalize to other streaming domains such as smart-grid or health-data streams where the same tension between long-term statistics and individual privacy appears.
A practical next test would be to measure how much the required noise level grows when the monitor specification contains longer chains of temporal operators.

Load-bearing premise

That the temporal dependencies in any given monitoring specification can be identified precisely enough to allow noise to be placed so that privacy holds and the monitor still produces useful results.

What would settle it

Running the method on the public-transportation monitor and finding that either individual passenger records can still be inferred from the outputs or that the noisy statistics no longer support the intended monitoring task would falsify the central claim.

Figures

Figures reproduced from arXiv: 2605.02391 by Bernd Finkbeiner, Frederik Scheerer.

**Figure 1.** Figure 1: An example RTLola specification calculating statistics of user feedback. view at source ↗

**Figure 2.** Figure 2: The dependency graph for the specification in view at source ↗

**Figure 3.** Figure 3: Dependency Graph examples for the RTLola specification in Figure 1. view at source ↗

**Figure 4.** Figure 4: Tree-Based Aggregation Examples. inherent trade-offs between streams. We therefore do not prescribe a single optimal strategy, but instead suggest several heuristics for selecting privacy barriers whose trade-offs can be predicted and reasoned about. The input-only heuristic injects noise at input streams, ensuring that all computations operate on perturbed data. The deep heuristic targets the transition… view at source ↗

**Figure 5.** Figure 5: Output variances for different sliding window aggregations. differential privacy (w-DP) [35], which hides the effect of up to w consecutive input values. If correlations are limited to w consecutive values, w-DP provides meaningful privacy guarantees. Extending our approach to w-DP is straightforward, since our mechanisms already handle correlated outputs: we can apply the same techniques to w-sized group… view at source ↗

**Figure 6.** Figure 6: Results from monitoring synthetic public transportation data. view at source ↗

read the original abstract

Modern stream-based monitors collect detailed statistics of the runtime behavior of the system under observation. If the system runs in a privacy-sensitive context, this poses the risk of disclosing sensitive information. Differential privacy is the state-of-the-art approach for protecting sensitive information, however, integrating it into runtime monitoring is challenging: temporal operators can cause individual input values to influence multiple outputs over time, leading to repeated disclosure of private information. We propose an approach that automatically enforces differential privacy in stream-based monitoring specifications by analyzing temporal dependencies and injecting carefully calibrated noise into the specification. To preserve the utility of the outputs, we identify strategically chosen positions in the specification for noise injection and leverage tree-based mechanisms to mitigate the accuracy loss caused by noise injected into aggregation operators. We demonstrate the practicality and effectiveness of our approach in a case study on monitoring public transportation usage.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper proposes an automated method to enforce differential privacy for stream-based runtime monitoring specifications. It analyzes temporal dependencies to determine the influence of individual inputs on outputs over time, injects calibrated noise at strategically chosen positions in the specification, and employs tree-based mechanisms to mitigate utility loss from noise in aggregation operators. The approach is evaluated via a case study on monitoring public transportation usage.

Significance. If the dependency analysis is sound and the noise calibration correct, the work could enable practical privacy-preserving runtime monitoring in sensitive domains without requiring manual privacy engineering. The combination of static temporal analysis with tree-based noise mitigation for aggregations addresses a recurring challenge in applying differential privacy to streaming and temporal data, and the case study provides concrete evidence of applicability.

major comments (2)

[Section 4 (Dependency Analysis)] The soundness of the static analysis that computes temporal dependencies and sensitivities is load-bearing for the differential privacy claim. The manuscript describes the analysis but does not provide a formal proof that the computed sensitivity is a valid upper bound on the true influence function for the full specification language, including nested temporal operators, sliding-window aggregates, and recursive stream definitions. Without such a proof or a clear argument that the analysis over-approximates influence, the subsequent noise calibration cannot be guaranteed to deliver the stated privacy level.
[Section 5 (Noise Injection and Calibration)] The noise calibration step relies on the sensitivity values produced by the dependency analysis. If the analysis under-approximates the set of affected outputs for any operator, the injected noise will be insufficient; the paper should include a concrete example or theorem showing that the analysis correctly bounds influence even for complex temporal constructs.

minor comments (2)

[Abstract and Section 3] The abstract and introduction refer to 'tree-based mechanisms' for aggregation operators; a brief description of the specific tree structure (e.g., binary segment tree) and how it interacts with the temporal dependency analysis would improve clarity.
[Section 6 (Case Study)] The case study reports effectiveness but does not include quantitative utility metrics (e.g., error bounds or comparison to non-private baseline) alongside the privacy parameters; adding these would strengthen the practicality claim.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback and for recognizing the potential of our approach for privacy-preserving runtime monitoring. The two major comments both concern the formal soundness of the dependency analysis in Sections 4 and 5. We agree that a rigorous proof and concrete examples are needed to fully substantiate the privacy claims and will incorporate them in the revised manuscript.

read point-by-point responses

Referee: [Section 4 (Dependency Analysis)] The soundness of the static analysis that computes temporal dependencies and sensitivities is load-bearing for the differential privacy claim. The manuscript describes the analysis but does not provide a formal proof that the computed sensitivity is a valid upper bound on the true influence function for the full specification language, including nested temporal operators, sliding-window aggregates, and recursive stream definitions. Without such a proof or a clear argument that the analysis over-approximates influence, the subsequent noise calibration cannot be guaranteed to deliver the stated privacy level.

Authors: We agree that the soundness of the dependency analysis is essential for the claimed differential privacy guarantees. The current manuscript defines the analysis via recursive rules over the specification syntax and argues informally that it tracks all temporal influences. However, we acknowledge that an explicit theorem establishing that the computed sensitivity is a valid over-approximation for the complete language (including nesting, sliding windows, and recursion) is missing. In the revision we will add a theorem stating that the analysis produces a sound upper bound on the influence function, together with a proof by structural induction on the specification. This will directly support the correctness of the subsequent noise calibration. revision: yes
Referee: [Section 5 (Noise Injection and Calibration)] The noise calibration step relies on the sensitivity values produced by the dependency analysis. If the analysis under-approximates the set of affected outputs for any operator, the injected noise will be insufficient; the paper should include a concrete example or theorem showing that the analysis correctly bounds influence even for complex temporal constructs.

Authors: We appreciate this observation, which reinforces the need for explicit verification of the analysis on complex cases. The revision will include both the theorem referenced above and a concrete worked example of a specification containing nested temporal operators and sliding-window aggregates. The example will show the step-by-step computation of sensitivities and demonstrate that the analysis correctly identifies all affected outputs, thereby ensuring that the calibrated noise is sufficient. These additions will make the soundness argument self-contained. revision: yes

Circularity Check

0 steps flagged

No significant circularity; dependency analysis and noise calibration extend standard DP independently

full rationale

The paper's core proposal—analyzing temporal dependencies in stream specifications to inject calibrated noise—builds on established differential privacy mechanisms without reducing any claimed guarantee to a fitted parameter or self-citation by construction. The abstract describes identifying injection positions and leveraging tree-based mechanisms as technical steps that preserve utility, presented as novel contributions rather than tautological redefinitions of the inputs. No load-bearing step equates the output privacy bound to the analysis result itself or relies on an unverified self-citation chain for soundness. This is the expected honest outcome for a proposal paper whose central claims remain externally falsifiable via the soundness of the static analysis.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Abstract-only review; no explicit free parameters, axioms, or invented entities are stated or derivable from the provided text.

pith-pipeline@v0.9.0 · 5428 in / 956 out tokens · 41093 ms · 2026-05-12T01:48:26.218200+00:00 · methodology

Review history (2 revisions) →

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear
sensitivity calculations for stream-based specifications... per-event sensitivity Δt′t,p,s... static upper bound bφ,x,s (Theorem 3)
IndisputableMonolith/Foundation/DimensionForcing.lean alexander_duality_circle_linking unclear
tree-based mechanisms for continual observation... sliding-window aggregations

Reference graph

Works this paper leans on

48 extracted references · 48 canonical work pages

[1]

In: Proceedings of the International Conference on Embedded Software Companion, New York, NY, USA, October 13-18, 2019

Abbas, H.: Private runtime verification: work-in-progress. In: Proceedings of the International Conference on Embedded Software Companion, New York, NY, USA, October 13-18, 2019. p. 11. ACM (2019).https://doi.org/10.1145/3349568. 3351552

work page doi:10.1145/3349568 2019
[2]

In: International Conference on Computer Aided Verification

Banno, R., Matsuoka, K., Matsumoto, N., Bian, S., Waga, M., Suenaga, K.: Obliv- ious online monitoring for safety ltl specification via fully homomorphic encryp- tion. In: International Conference on Computer Aided Verification. pp. 447–468. Springer (2022)

work page 2022
[3]

In: Piskac, R., Raka- maric, Z

Baumeister, J., Correnson, A., Finkbeiner, B., Scheerer, F.: An intermediate pro- gram representation for optimizing stream-based languages. In: Piskac, R., Raka- maric, Z. (eds.) Computer Aided Verification - 37th International Conference, CAV 2025, Zagreb, Croatia, July 23-25, 2025, Proceedings, Part III. Lecture Notes in Computer Science, vol. 15933, p...

work page doi:10.1007/978-3-031-98682-6_20 2025
[4]

In: Gurfinkel, A., Ganesh, V

Baumeister, J., Finkbeiner, B., Kohn, F., L¨ ohr, F., Manfredi, G., Schirmer, S., Torens, C.: Monitoring unmanned aircraft: Specification, integration, and lessons- learned. In: Gurfinkel, A., Ganesh, V. (eds.) Computer Aided Verification - 36th International Conference, CAV 2024, Montreal, QC, Canada, July 24-27, 2024, Proceedings, Part II. Lecture Notes...

work page doi:10.1007/978-3-031-65630-9_10 2024
[5]

In: Platzer, A., Rozier, K.Y., Pradella, M., Rossi, M

Baumeister, J., Finkbeiner, B., Kohn, F., Scheerer, F.: A tutorial on stream-based monitoring. In: Platzer, A., Rozier, K.Y., Pradella, M., Rossi, M. (eds.) Formal Methods - 26th International Symposium, FM 2024, Milan, Italy, September 9-13, 2024, Proceedings, Part II. Lecture Notes in Computer Science, vol. 14934, pp. 624–648. Springer (2024).https://do...

work page doi:10.1007/978-3-031-71177-0_33 2024
[6]

In: K¨ onighofer, B., Torfah, H

Baumeister, J., Finkbeiner, B., Scheerer, F.: Active monitoring with rtlola: A specification-guided scheduling approach. In: K¨ onighofer, B., Torfah, H. (eds.) Runtime Verification - 25th International Conference, RV 2025, Graz, Aus- tria, September 15-19, 2025, Proceedings. Lecture Notes in Computer Sci- ence, vol. 16087, pp. 181–201. Springer (2025).ht...

work page 2025
[7]

In: Gurfinkel, A., Heule, M

Baumeister, J., Finkbeiner, B., Scheerer, F., Siber, J., Wagenpfeil, T.: Stream- based monitoring of algorithmic fairness. In: Gurfinkel, A., Heule, M. (eds.) Tools and Algorithms for the Construction and Analysis of Systems - 31st International Conference, TACAS 2025, Held as Part of the International Joint Conferences on Theory and Practice of Software,...

work page doi:10.1007/978-3-031-90643-5_4 2025
[8]

In: Lahiri, S.K., Wang, C

Baumeister, J., Finkbeiner, B., Schirmer, S., Schwenger, M., Torens, C.: Rtlola cleared for take-off: Monitoring autonomous aircraft. In: Lahiri, S.K., Wang, C. (eds.) Computer Aided Verification - 32nd International Conference, CAV 2020, Los Angeles, CA, USA, July 21-24, 2020, Proceedings, Part II. Lecture Notes in Computer Science, vol. 12225, pp. 28–39...

work page 2020
[9]

In: Groote, J.F., Larsen, K.G

Biewer, S., Finkbeiner, B., Hermanns, H., K¨ ohl, M.A., Schnitzer, Y., Schwenger, M.: Rtlola on board: Testing real driving emissions on your phone. In: Groote, J.F., Larsen, K.G. (eds.) Tools and Algorithms for the Construction and Anal- ysis of Systems - 27th International Conference, TACAS 2021, Held as Part of the European Joint Conferences on Theory ...

work page doi:10.1007/978-3-030-72013-1_20 2021
[10]

In: Kleinberg, R.D

Blocki, J., Blum, A., Datta, A., Sheffet, O.: Differentially private data analysis of social networks via restricted sensitivity. In: Kleinberg, R.D. (ed.) Innovations in Theoretical Computer Science, ITCS ’13, Berkeley, CA, USA, January 9-12, 2013. pp. 87–96. ACM (2013).https://doi.org/10.1145/2422436.2422449

work page doi:10.1145/2422436.2422449 2013
[11]

In: Guerrini, G., Paton, N.W

Cao, J., Xiao, Q., Ghinita, G., Li, N., Bertino, E., Tan, K.: Efficient and accurate strategies for differentially-private sliding window queries. In: Guerrini, G., Paton, N.W. (eds.) Joint 2013 EDBT/ICDT Conferences, EDBT ’13 Proceedings, Genoa, Italy, March 18-22, 2013. pp. 191–202. ACM (2013).https://doi.org/10.1145/ 2452376.2452400

work page arXiv 2013
[12]

In: 33rd IEEE International Conference on Data Engi- neering, ICDE 2017, San Diego, CA, USA, April 19-22, 2017

Cao, Y., Yoshikawa, M., Xiao, Y., Xiong, L.: Quantifying differential privacy un- der temporal correlations. In: 33rd IEEE International Conference on Data Engi- neering, ICDE 2017, San Diego, CA, USA, April 19-22, 2017. pp. 821–832. IEEE Computer Society (2017).https://doi.org/10.1109/ICDE.2017.132

work page doi:10.1109/icde.2017.132 2017
[13]

In: Camps-Valls, G., Ruiz, F.J.R., Valera, I

Cardoso, A.R., Rogers, R.: Differentially private histograms under continual obser- vation: Streaming selection into the unknown. In: Camps-Valls, G., Ruiz, F.J.R., Valera, I. (eds.) International Conference on Artificial Intelligence and Statistics, AISTATS 2022, 28-30 March 2022, Virtual Event. Proceedings of Machine Learn- 22 Finkbeiner and Scheerer in...

work page 2022
[14]

ACM Trans

Chan, T.H., Shi, E., Song, D.: Private and continual release of statistics. ACM Trans. Inf. Syst. Secur.14(3), 26:1–26:24 (2011).https://doi.org/10.1145/ 2043621.2043626

work page arXiv 2011
[15]

Frontiers Comput

Chen, Q., Ni, Z., Zhu, X., Xia, P.: Differential privacy histogram publishing method based on dynamic sliding window. Frontiers Comput. Sci.17(4), 174809 (2023). https://doi.org/10.1007/S11704-022-1651-2

work page doi:10.1007/s11704-022-1651-2 2023
[16]

In: Thuraisingham, B., Evans, D., Malkin, T., Xu, D

Chen, Y., Machanavajjhala, A., Hay, M., Miklau, G.: Pegasus: Data-adaptive dif- ferentially private stream processing. In: Thuraisingham, B., Evans, D., Malkin, T., Xu, D. (eds.) Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03,

work page 2017
[17]

1375–1388

pp. 1375–1388. ACM (2017).https://doi.org/10.1145/3133956.3134102

work page doi:10.1145/3133956.3134102 2017
[18]

In: 12th International Symposium on Temporal Representation and Rea- soning (TIME 2005), 23-25 June 2005, Burlington, Vermont, USA

D’Angelo, B., Sankaranarayanan, S., S´ anchez, C., Robinson, W., Finkbeiner, B., Sipma, H.B., Mehrotra, S., Manna, Z.: LOLA: runtime monitoring of synchronous systems. In: 12th International Symposium on Temporal Representation and Rea- soning (TIME 2005), 23-25 June 2005, Burlington, Vermont, USA. pp. 166–174. IEEE Computer Society (2005).https://doi.org...

work page doi:10.1109/time.2005.26 2005
[19]

In: 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023

Dong, W., Luo, Q., Yi, K.: Continual observation under user-level differential pri- vacy. In: 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023. pp. 2190–2207. IEEE (2023).https://doi.org/10. 1109/SP46215.2023.10179466

work page arXiv 2023
[20]

51 Shay Solomon, Amitai Uzrad, and Tianyi Zhang

Dvijotham, K.D., McMahan, H.B., Pillutla, K., Steinke, T., Thakurta, A.: Efficient and near-optimal noise generation for streaming differential privacy. In: 65th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2024, Chicago, IL, USA, October 27-30, 2024. pp. 2306–2317. IEEE (2024).https://doi.org/ 10.1109/FOCS61266.2024.00135

work page doi:10.1109/focs61266.2024.00135 2024
[21]

In: Halevi, S., Rabin, T

Dwork, C., McSherry, F., Nissim, K., Smith, A.D.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) Theory of Cryptography, Third Theory of Cryptography Conference, TCC 2006, New York, NY, USA, March 4-7, 2006, Proceedings. Lecture Notes in Computer Science, vol. 3876, pp. 265–284. Springer (2006).https://doi.org/...

work page doi:10.1007/11681878_14 2006
[22]

In: Schulman, L.J

Dwork, C., Naor, M., Pitassi, T., Rothblum, G.N.: Differential privacy under con- tinual observation. In: Schulman, L.J. (ed.) Proceedings of the 42nd ACM Sym- posium on Theory of Computing, STOC 2010, Cambridge, Massachusetts, USA, 5-8 June 2010. pp. 715–724. ACM (2010).https://doi.org/10.1145/1806689. 1806787

work page doi:10.1145/1806689 2010
[23]

Dwork, C., Roth, A.: The algorithmic foundations of differential privacy. Found. Trends Theor. Comput. Sci.9(3-4), 211–407 (2014).https://doi.org/10.1561/ 0400000042

work page 2014
[24]

In: Chen, X., Lebanon, G., Wang, H., Zaki, M.J

Fan, L., Xiong, L.: Real-time aggregate monitoring with differential privacy. In: Chen, X., Lebanon, G., Wang, H., Zaki, M.J. (eds.) 21st ACM International Conference on Information and Knowledge Management, CIKM’12, Maui, HI, USA, October 29 - November 02, 2012. pp. 2169–2173. ACM (2012).https: //doi.org/10.1145/2396761.2398595

work page doi:10.1145/2396761.2398595 2012
[25]

In: Falcone, Y., S´ anchez, C

Faymonville, P., Finkbeiner, B., Schirmer, S., Torfah, H.: A stream-based specifica- tion language for network monitoring. In: Falcone, Y., S´ anchez, C. (eds.) Runtime Verification - 16th International Conference, RV 2016, Madrid, Spain, Septem- ber 23-30, 2016, Proceedings. Lecture Notes in Computer Science, vol. 10012, pp. 152–168. Springer (2016).http...

work page doi:10.1007/978-3-319-46982-9_10 2016
[26]

In: Dillig, I., Tasiran, S

Faymonville, P., Finkbeiner, B., Schledjewski, M., Schwenger, M., Stenger, M., Tentrup, L., Torfah, H.: Streamlab: Stream-based monitoring of cyber-physical systems. In: Dillig, I., Tasiran, S. (eds.) Computer Aided Verification - 31st In- ternational Conference, CAV 2019, New York City, NY, USA, July 15-18, 2019, Proceedings, Part I. Lecture Notes in Com...

work page doi:10.1007/978-3-030-25540-4_24 2019
[27]

Exploring the orthogonality and linearity of backdoor attacks,

Feng, S., Mohammady, M., Wang, H., Li, X., Qin, Z., Hong, Y.: DPI: ensuring strict differential privacy for infinite data streaming. In: IEEE Symposium on Security and Privacy, SP 2024, San Francisco, CA, USA, May 19-23, 2024. pp. 1009–1027. IEEE (2024).https://doi.org/10.1109/SP54263.2024.00124

work page doi:10.1109/sp54263.2024.00124 2024
[28]

In: ´Abrah´ am, E., Abbas, H

Finkbeiner, B., Fr¨ anzle, M., Kohn, F., Kr¨ oger, P.: Stream-based monitoring un- der measurement noise. In: ´Abrah´ am, E., Abbas, H. (eds.) Runtime Verification - 24th International Conference, RV 2024, Istanbul, Turkey, October 15-17, 2024, Proceedings. Lecture Notes in Computer Science, vol. 15191, pp. 22–39. Springer (2024).https://doi.org/10.1007/9...

work page doi:10.1007/978-3-031-74234-7_2 2024
[29]

In: Proceedings of the Workshop on Medical Cyber Physical Systems and Internet of Medical Things

Finkbeiner, B., Keller, A., Schmidt, J., Schwenger, M.: Robust monitoring for medical cyber-physical systems. In: Proceedings of the Workshop on Medical Cyber Physical Systems and Internet of Medical Things. pp. 17–22 (2021)

work page 2021
[30]

In: International Conference on Runtime Verification

Gorostiaga, F., S´ anchez, C.: Striver: Stream runtime verification for real-time event-streams. In: International Conference on Runtime Verification. pp. 282–298. Springer (2018)

work page 2018
[31]

In: Bansal, N., Nagarajan, V

Henzinger, M., Upadhyay, J., Upadhyay, S.: Almost tight error bounds on dif- ferentially private continual counting. In: Bansal, N., Nagarajan, V. (eds.) Pro- ceedings of the 2023 ACM-SIAM Symposium on Discrete Algorithms, SODA 2023, Florence, Italy, January 22-25, 2023. pp. 5003–5039. SIAM (2023).https: //doi.org/10.1137/1.9781611977554.CH183

work page doi:10.1137/1.9781611977554.ch183 2023
[32]

In: Woodruff, D.P

Henzinger, M., Upadhyay, J., Upadhyay, S.: A unifying framework for differentially private sums under continual observation. In: Woodruff, D.P. (ed.) Proceedings of the 2024 ACM-SIAM Symposium on Discrete Algorithms, SODA 2024, Alexandria, VA, USA, January 7-10, 2024. pp. 995–1018. SIAM (2024).https://doi.org/10. 1137/1.9781611977912.38

work page 2024
[33]

In: Huang, C., Chen, J., Shieh, S., Lie, D., Cortier, V

Henzinger, T.A., Karimi, M., Thejaswini, K.S.: Privacy-preserving runtime verifi- cation. In: Huang, C., Chen, J., Shieh, S., Lie, D., Cortier, V. (eds.) Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Secu- rity, CCS 2025, Taipei, Taiwan, October 13-17, 2025. pp. 2774–2787. ACM (2025). https://doi.org/10.1145/3719027.3765137

work page doi:10.1145/3719027.3765137 2025
[34]

Johnson, N.M., Near, J.P., Song, D.: Towards practical differential privacy for SQL queries. Proc. VLDB Endow.11(5), 526–539 (2018).https://doi.org/10.1145/ 3187009.3177733,http://www.vldb.org/pvldb/vol11/p526-johnson.pdf

work page arXiv 2018
[35]

In: International Conference on Runtime Verification

Kallwies, H., Leucker, M., Schmitz, M., Schulz, A., Thoma, D., Weiss, A.: Tessla– an ecosystem for runtime verification. In: International Conference on Runtime Verification. pp. 314–324. Springer (2022)

work page 2022
[36]

Kellaris, G., Papadopoulos, S., Xiao, X., Papadias, D.: Differentially pri- vate event sequences over infinite streams. Proc. VLDB Endow.7(12), 1155– 1166 (2014).https://doi.org/10.14778/2732977.2732989,http://www.vldb. org/pvldb/vol7/p1155-kellaris.pdf

work page doi:10.14778/2732977.2732989 2014
[37]

In: IEEE In- ternational Performance, Computing, and Communications Conference, IPCCC 2024, Orlando, FL, USA, November 22-24, 2024

Li, S., Wen, Y., Wang, Z., Wang, W., Zhang, L., Meng, D.: Streamdp: Contin- ual observation of real-world data streams with differential privacy. In: IEEE In- ternational Performance, Computing, and Communications Conference, IPCCC 2024, Orlando, FL, USA, November 22-24, 2024. pp. 1–10. IEEE (2024).https: //doi.org/10.1109/IPCCC59868.2024.10850443 24 Fink...

work page doi:10.1109/ipccc59868.2024.10850443 2024
[38]

McSherry, F.: Privacy integrated queries: an extensible platform for privacy- preserving data analysis. Commun. ACM53(9), 89–97 (2010).https://doi.org/ 10.1145/1810891.1810916

work page doi:10.1145/1810891.1810916 2010
[39]

In: Candan, K.S., Chen, Y., Snodgrass, R.T., Gravano, L., Fuxman, A

Mohan, P., Thakurta, A., Shi, E., Song, D., Culler, D.E.: GUPT: privacy preserving data analysis made easy. In: Candan, K.S., Chen, Y., Snodgrass, R.T., Gravano, L., Fuxman, A. (eds.) Proceedings of the ACM SIGMOD International Conference on Management of Data, SIGMOD 2012, Scottsdale, AZ, USA, May 20-24, 2012. pp. 349–360. ACM (2012).https://doi.org/10.1...

work page doi:10.1145/2213836.2213876 2012
[40]

In: Thekkath, C., Vahdat, A

Narayan, A., Haeberlen, A.: Djoin: Differentially private join queries over dis- tributed databases. In: Thekkath, C., Vahdat, A. (eds.) 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012, Hollywood, CA, USA, October 8-10, 2012. pp. 149–162. USENIX Association (2012),https://www. usenix.org/conference/osdi12/technical-sessions...

work page 2012
[41]

In: Johnson, D.S., Feige, U

Nissim, K., Raskhodnikova, S., Smith, A.D.: Smooth sensitivity and sampling in private data analysis. In: Johnson, D.S., Feige, U. (eds.) Proceedings of the 39th Annual ACM Symposium on Theory of Computing, San Diego, California, USA, June 11-13, 2007. pp. 75–84. ACM (2007).https://doi.org/10.1145/1250790. 1250803

work page doi:10.1145/1250790 2007
[42]

In: 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24-27, 2019

Perrier, V., Asghar, H.J., Kaafar, D.: Private continual release of real-valued data streams. In: 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24-27, 2019. The Internet Society (2019),https://www.ndss-symposium.org/ndss-paper/ private-continual-release-of-real-valued-data-streams/

work page 2019
[43]

Proserpio, D., Goldberg, S., McSherry, F.: Calibrating data to sen- sitivity in private data analysis. Proc. VLDB Endow.7(8), 637–648 (2014).https://doi.org/10.14778/2732296.2732300,http://www.vldb.org/ pvldb/vol7/p637-proserpio.pdf

work page doi:10.14778/2732296.2732300 2014
[44]

Qardaji, W.H., Yang, W., Li, N.: Understanding hierarchical methods for differentially private histograms. Proc. VLDB Endow.6(14), 1954–1965 (2013).https://doi.org/10.14778/2556549.2556576,http://www.vldb.org/ pvldb/vol6/p1954-qardaji.pdf

work page doi:10.14778/2556549.2556576 1954
[45]

Schwenger, M.: Statically-analyzed stream monitoring for cyber-physical Sys- tems. Ph.D. thesis, Saarland University, Saarbr¨ ucken, Germany (2022),https: //publikationen.sulb.uni-saarland.de/handle/20.500.11880/33890

work page 2022
[46]

In: Salihoglu, S., Zhou, W., Chirkova, R., Yang, J., Suciu, D

Song, S., Wang, Y., Chaudhuri, K.: Pufferfish privacy mechanisms for correlated data. In: Salihoglu, S., Zhou, W., Chirkova, R., Yang, J., Suciu, D. (eds.) Proceed- ings of the 2017 ACM International Conference on Management of Data, SIGMOD Conference 2017, Chicago, IL, USA, May 14-19, 2017. pp. 1291–1306. ACM (2017). https://doi.org/10.1145/3035918.3064025

work page doi:10.1145/3035918.3064025 2017
[47]

In: Chaudhuri, K., Salakhutdinov, R

Upadhyay, J.: Sublinear space private algorithms under the sliding window model. In: Chaudhuri, K., Salakhutdinov, R. (eds.) Proceedings of the 36th International Conference on Machine Learning, ICML 2019, 9-15 June 2019, Long Beach, Cal- ifornia, USA. Proceedings of Machine Learning Research, vol. 97, pp. 6363–6372. PMLR (2019),http://proceedings.mlr.pre...

work page 2019
[48]

unbounded

Wang, T., Chen, J.Q., Zhang, Z., Su, D., Cheng, Y., Li, Z., Li, N., Jha, S.: Continuous release of data streams under both centralized and local differen- tial privacy. In: Kim, Y., Kim, J., Vigna, G., Shi, E. (eds.) CCS ’21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15 - 19, 2021. pp. 1...

work page doi:10.1145/3460120.3484750 2021