Concurrent Secrets with Quantified Suspicion

A system satisfies opacity if its secret behaviors cannot be detected by any user of the system. Opacity of distributed systems was originally set as a boolean predicate before being quantified as measures in a probabilistic setting. This paper considers a different quantitative approach that measures the efforts that a malicious user has to make to detect a secret. This effort is measured as a distance w.r.t a regular profile specifying a normal behavior. This leads to several notions of quantitative opacity. When attackers are passive that is, when they just observe the system, quantitative opacity is brought back to a language inclusion problem, and is PSPACE-complete. When attackers are active, that is, interact with the system in order to detect secret behaviors within a finite depth observation, quantitative opacity turns to be a two-player finite-state quantitative game of partial observation. A winning strategy for an attacker is a sequence of interactions with the system leading to a secret detection without exceeding some profile deviation measure threshold. In this active setting, the complexity of opacity is EXPTIME-complete.

[1]  Thomas Wilke,et al.  Automata Logics, and Infinite Games , 2002, Lecture Notes in Computer Science.

[2]  Benoît Caillaud,et al.  Concurrent Secrets , 2007, 2006 8th International Workshop on Discrete Event Systems.

[3]  David A. Basin,et al.  An information-theoretic model for adaptive side-channel attacks , 2007, CCS '07.

[4]  Krishnendu Chatterjee,et al.  The Complexity of Partial-Observation Parity Games , 2010, LPAR.

[5]  Mathieu Sassolas,et al.  Quantifying Opacity , 2010, QEST.

[6]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[7]  Joël Ouaknine,et al.  On the language inclusion problem for timed automata: closing a decidability gap , 2004, Proceedings of the 19th Annual IEEE Symposium on Logic in Computer Science, 2004..

[8]  Walter J. Savitch,et al.  Relationships Between Nondeterministic and Deterministic Tape Complexities , 1970, J. Comput. Syst. Sci..

[9]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[10]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[11]  Uri Zwick,et al.  The Complexity of Mean Payoff Games , 1995, COCOON.

[12]  Hervé Marchand,et al.  Synthesis of opaque systems with static and dynamic masks , 2012, Formal Methods Syst. Des..

[13]  Maciej Koutny,et al.  Opacity Generalised to Transition Systems , 2005, Formal Aspects in Security and Trust.

[14]  John H. Reif,et al.  Universal games of incomplete information , 1979, STOC.

[15]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..