Lectures will be loosely organized around three core modules: differential privacy, adversarial machine learning, and applied cryptography. We will also cover two advanced modules: algorithmic fairness, and PL and verification techniques.
This is a graduate seminar, so not all lectures are set in stone and there is considerable flexibility in the material. If you are interested in something not covered in the syllabus, please let me know!
For differential privacy, we will use the textbook Algorithmic Foundations of Data Privacy (AFDP) by Cynthia Dwork and Aaron Roth, available here.
Grading and Evaluation
Grades will be assigned as follows:
- Paper presentations: 20%
- Presentation reports: 20%
- Final project: 60% (Milestones 1 and 2, and final writeup)
These three components are detailed below.
In groups of two you will lead one lecture, presenting 1-2 related papers and guiding the discussion. We will have presentations most Wednesdays and Fridays. Each presentation should be about 60 minutes, leaving the remainder of the time for a wrap-up discussion. The presenters should meet with me instructor one week before their presentation to discuss an outline of what you will be presenting.
Before every presentation, all students are expected to read the papers closely and understand their significance, including (a) the main problems, (b) the primary contributions, and (c) how the technical solution. Of course, you are also expected to attend discussions and actively participate in the discussion. We will be reading about topics from the recent research literature. Most research papers focus on a very narrow topic and are written for a very specific technical audience. It also doesn't help that researchers are generally not the clearest writers, though there are certainly exceptions. These notes by Srinivasan Keshav may help you get more out of reading papers.
Please sign up for a presentation slot by Monday, September 9; see the calendar for the topic and suggested papers for each slot. While we will try to accommodate everyone's interests, we may need to adjust the selections for better balance and coverage.
In groups of two you will write up a detailed summary of another group's presentation. The summary should capture the main points in the presentation and summarize the in-class discussion, possibly filling in gaps or elaborating on unclear points. You may have to refer to the source papers to clear up some details, but the report should be primarily focused on what was presented: this will be both more and less than what was in the original papers. Notes should be typed up neatly in LaTeX using these templates and sent to me within one week of the presentation using ShareLaTeX. I will then work with you to polish the notes and then upload them to Canvas---please submit something that you would be proud for your classmates to see!
Please sign up for a report slot by Monday, September 9; see the calendar for the topic and suggested papers for each slot.
The main course component is the course project. You will work individually or in pairs on a topic of your choice, producing a conference-style write-up and presenting the project at the end of the semester. The best projects may eventually lead to a research paper or survey. Details can be found here.
By the end of this course, you should be able to...
- Summarize the basic concepts in differential privacy, applied cryptography, and adversarial machine learning.
- Use techniques from differential privacy to design privacy-preserving data analyses.
- Grasp the high-level concepts from research literature on the main course topics.
- Present and lead a discussion on recent research results.
- Carry out an in-depth exploration of one topic in the form of a self-directed research project.
This is a 3-credit graduate seminar. For the first 10 weeks of the fall semester, we will meet for three 75-minute class periods each week. You should expect to work on course learning activities for about 3 hours out of classroom for each hour of class.
The final project may be done in groups of three (or in rare situations, two) students. Collaborative projects with people outside the class may be allowed, but check with me first. Everything else you turn in---from homework assignments to discussion questions---should be your own work. Concretely: you may discuss together, but you must write up solutions entirely on your own, without any records of the discussion (physical, digital, or otherwise).
Access and Accommodation
The University of Wisconsin-Madison supports the right of all enrolled students to a full and equal educational opportunity. The Americans with Disabilities Act (ADA), Wisconsin State Statute (36.12), and UW-Madison policy (Faculty Document 1071) require that students with disabilities be reasonably accommodated in instruction and campus life. Reasonable accommodations for students with disabilities is a shared faculty and student responsibility. Students are expected to inform me of their need for instructional accommodations by the end of the third week of the semester, or as soon as possible after a disability has been incurred or recognized. I will work either directly with you or in coordination with the McBurney Center to identify and provide reasonable instructional accommodations. Disability information, including instructional accommodations as part of a student’s educational record, is confidential and protected under FERPA.