Query Interfaces

Rmind

First, set up the packages repository as described in Client Applications → Setting Up Packages Repository.

Client side

Rmind command line client application can be installed with

sudo apt-get install rmind

If Rmind is your first Sharemind MPC client application, follow the rest of the steps in Client Applications to generate a public key pair and configure Rmind.

For Rmind usage manual, continue to Development → Rmind.

Server side

Rmind itself is just a thin client side application that parses the commands. All computations on secret shared data take place on the server side and so Rmind needs a server side component called Sharemind Analytics Engine. This should be installed on all MPC computation nodes:

sudo apt-get install sharemind-analytics-engine

This gives you the compiled bytecode version of the Rmind backend stored at /usr/share/sharemind/analytics-engine/analytics_engine.sb. However, for security reasons it is not deployed or enabled by default in the Application Server. To do that, symlink (or copy) it to your Application Server’s programs path:

sudo ln -s /usr/share/sharemind/analytics-engine/analytics_engine.sb /var/lib/sharemind/programs/

The sharemind-analytics-engine package provides the compiled bytecode version of Rmind backend where all Rmind functionality is enabled. If you need to turn off some Rmind functions or change the threshold, please use the sharemind-analytics-engine-src package instead and compile it yourself with the SecreC compiler scc. See Server side configuration.

Server side configuration

The sharemind-analytics-engine package mentioned above provides the compiled bytecode version of Rmind backend that uses default configuration values. If you need to use custom configuration for Rmind, please use the sharemind-analytics-engine-src package instead, make necessary configuration changes and compile it yourself with the SecreC compiler. Keep in mind that all MPC computation nodes should use the same configuration for Rmind backend (Sharemind Analytics Engine).

Installing the sharemind-analytics-engine-src package provides you with the source code of Sharemind Analytics Engine in /usr/share/sharemind/analytics-engine. You need to make a copy of the commented example configuration file to make your custom modifications:

cd /usr/share/sharemind/analytics-engine
cp ae_configuration.sc.example ae_configuration.sc
# now edit ae_configuration.sc

The threshold variable in this file sets the smallest dataset size allowed as input to procedures that publish aggregate results to the client. Rmind refuses to compute aggregates on vectors of secret shared values with less elements than this threshold. This is an implementation of k-anonymity. By default, the threshold is 3.

In addition, it is possible to enable or disable individual Rmind functions (e.g., aggregation, merge, GLM, etc) in the configuration file. As Rmind is an exploratory data analytics tool, it is impossible to make it absolutely leak proof. Depending on the data set, there may be a way to circumvent the above privacy threshold on the client side by combining several Rmind functions in a clever way. There more functionality there is, the easier it is to find such combinations. So there is an option to disable Rmind functions that are for sure not needed in the current workflow (if this is known in advance).

Once the suitable configuration is done, compile the custom backend with SecreC compiler and copy (or symlink) the result to Sharemind Application Server’s programs path:

scc -I/usr/lib/sharemind/stdlib -I. -o analytics_engine.sb analytics_engine.sc
sudo ln -s /usr/share/sharemind/analytics-engine/analytics_engine.sb /var/lib/sharemind/programs/