Airavat is a new, MapReduce-based system which provides strong security and privacy guarantees for large-scale distributed computations on sensitive data. Airavat combines mandatory access control with differential privacy. It enables users without security expertise to perform computations on the data, but confines these computations, preventing information leakage beyond the data providers' policies.