Sensitivity-Aware Auditing Service for Differentially Private Databases

Differentially private databases (DP-DBs) offer rigorous privacy guarantees while retaining the utility of data analytics queries. However, ensuring that deployed DP-DBs truly meet these guarantees remains a critical challenge in practice. Improper noise injection or flawed implementations can lead to privacy violations, highlighting the urgent need for auditing services that systematically assess the privacy behavior of DP-DBs—both pre- and post-deployment, much like the extensively studied auditing practices in differentially private machine learning (DP-ML) applications. Compared to DP-ML auditing, auditing differentially private databases poses unique challenges distinct from those encountered in DP-ML auditing. Specifically, the handling of variable query sensitivities and the utilization of diverse privacy mechanisms, such as Laplace noise, require the development of specialized and tailored auditing approaches. In this paper, we introduce DPAudit, a comprehensive sensitivity-aware auditing service framework designed to evaluate and verify the privacy guarantees of DP-DBs. DPAudit enhances existing auditing capabilities by: 1) incorporating adaptive neighboring dataset generation that reflects real-world query sensitivities, and 2) providing optimized privacy loss estimators for estimating ε for both Laplace and Gaussian mechanisms. Furthermore, DPAudit offers an automated noise detection service through statistical hypothesis testing, enabling privacy auditing even in black-box settings. Extensive experimental results demonstrate that DPAudit delivers accurate and efficient auditing services, yielding robust estimates of the privacy parameter ε with low computational overhead. Our framework bridges a crucial gap in the deployment pipeline of DP-DBs, empowering developers and users with actionable privacy insights. © 2026 IEEE. All rights reserved.