Limitations of AWS Clean Rooms Differential Privacy - AWS Clean Rooms

Limitations of AWS Clean Rooms Differential Privacy

AWS Clean Rooms Differential Privacy doesn't address the following situations:

  1. AWS Clean Rooms Diļ¬€erential Privacy only supports Amazon S3-backed AWS Glue tables. It does not support queries with Snowflake or Amazon Athena tables.

  2. AWS Clean Rooms Differential Privacy doesn't address timing attacks. For example, these attacks are possible in scenarios where an individual user contributes a large number of rows and adding or removing this user significantly changes the query computation time.

  3. AWS Clean Rooms Differential Privacy doesn't guarantee differential privacy when a SQL query can result in overflow or invalid cast errors at run time due to the use of certain SQL constructs. The following table is a list of some, but not all, SQL constructs that may produce run-time errors and should be verified in analysis templates. We recommend that you approve analysis templates that minimize the chances of such run-time errors and periodically review query logs to determine if the queries align with the collaboration agreement.

    The following SQL constructs are vulnerable to overflow errors:

    • Aggregate functions - AVG, LISTAVG, PERCENTILE_COUNT, PERCENTILE_DISC, SUM/SUM_DISTINCT

    • Data type formatting functions - TO_TIMESTAMP, TO_DATE

    • Date and time functions - ADD_MONTHS, DATEADD, DATEDIFF

    • Math functions - +, -, *, /, POWER

    • String functions - ||, CONCAT, REPEAT, REPLICATE

    • Window functions - AVG, LISTAGG, PERCENTILE_COUNT, PERCENTILE_DISC, RATIO_TO_REPORT, SUM

    The CAST data type formatting function is vulnerable to invalid cast errors.

    You can configure CloudWatch to create a metric filter for a log group and then create a CloudWatch alarm on that metric filter to receive alerts if a potential overflow or cast error was encountered. Specifically, you should monitor for the error codes CastError, OverflowError, ConversionError. The presence of these error codes indicates a potential side-channel attack, but might indicate an erroneous SQL query.

    For more information, see Query logging in AWS Clean Rooms.