Information Hiding in Probabilistic Concurrent Systems

Information hiding is a general concept which refers to the goal of preventing an adversary to infer secret information from the observables. Anonymity and Information Flow are examples of this notion. We study the problem of information hiding in systems characterized by the presence of randomization and concurrency. It is well known that the raising of nondeterminism, due to the possible interleavings and interactions of the parallel components, can cause unintended information leaks. One way to solve this problem is to fix the strategy of the scheduler beforehand. In this work, we propose a milder restriction on the schedulers, and we define the notion of strong (probabilistic) information hiding under various notions of observables. Furthermore, we propose a method, based on the notion of automorphism, to verify that a system satisfies the property of strong information hiding, namely strong anonymity or no-interference, depending on the context.

[1]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[2]  Pierangela Samarati,et al.  Proceedings of the 2005 ACM workshop on Formal methods in security engineering, FMSE 2005, Fairfax, VA, USA, November 11, 2005 , 2005, FMSE.

[3]  Prakash Panangaden,et al.  Anonymity protocols as noisy channels , 2006, Inf. Comput..

[4]  Roberto Segala,et al.  Modeling and verification of randomized distributed real-time systems , 1996 .

[5]  Simon L. Peyton Jones,et al.  Imperative functional programming , 1993, POPL '93.

[6]  Robin Milner,et al.  Communicating and mobile systems - the Pi-calculus , 1999 .

[7]  David A. Basin,et al.  An information-theoretic model for adaptive side-channel attacks , 2007, CCS '07.

[8]  Catuscia Palamidessi,et al.  Making Random Choices Invisible to the Scheduler , 2007, CONCUR.

[9]  Catuscia Palamidessi,et al.  Compositional methods for information-hiding † , 2008, Mathematical Structures in Computer Science.

[10]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[11]  Jan J. M. M. Rutten,et al.  Universal coalgebra: a theory of systems , 2000, Theor. Comput. Sci..

[12]  Catuscia Palamidessi,et al.  Quantitative Notions of Leakage for One-try Attacks , 2009, MFPS.

[13]  David Clark,et al.  Quantified Interference for a While Language , 2005, QAPL.

[14]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[15]  Ichiro Hasuo,et al.  Probabilistic anonymity via coalgebraic simulations , 2007, Theor. Comput. Sci..

[16]  Sergio Giro,et al.  Undecidability Results for Distributed Probabilistic Systems , 2009, SBMF.

[17]  Mario Vento,et al.  A Performance Comparison of Five Algorithms for Graph Isomorphism , 2001 .

[18]  Ran Canetti,et al.  Time-Bounded Task-PIOAs: A Framework for Analyzing Security Protocols , 2006, DISC.

[19]  Thomas A. Henzinger,et al.  Compositional Methods for Probabilistic Systems , 2001, CONCUR.

[20]  Michael R. Clarkson,et al.  Belief in information flow , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[21]  Mário S. Alvim,et al.  Safe Equivalences for Security Properties , 2010, IFIP TCS.

[22]  David Clark,et al.  Quantitative Information Flow, Relations and Polymorphic Types , 2005, J. Log. Comput..

[23]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[24]  Alan Bundy,et al.  Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[25]  Gethin Norman,et al.  Bisimulation for Demonic Schedulers , 2009, FoSSaCS.

[26]  Wolter Pieters,et al.  Provable anonymity , 2005, FMSE '05.

[27]  Christian Cachin,et al.  Entropy measures and unconditional security in cryptography , 1997 .

[28]  Nancy A. Lynch,et al.  Probabilistic Simulations for Probabilistic Processes , 1994, Nord. J. Comput..

[29]  Marta Z. Kwiatkowska,et al.  Symmetry Reduction for Probabilistic Model Checking , 2006, CAV.

[30]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[31]  Sachin Lodha,et al.  Probabilistic Anonymity , 2007, PinKDD.

[32]  Pedro R. D'Argenio,et al.  Quantitative Model Checking Revisited: Neither Decidable Nor Approximable , 2007, FORMATS.

[33]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[34]  Riccardo Bettati,et al.  Anonymity vs. Information Leakage in Anonymity Systems , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[35]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[36]  Prakash Panangaden,et al.  On the Bayes risk in information-hiding protocols , 2008, J. Comput. Secur..

[37]  Joseph Y. Halpern,et al.  Anonymity and information hiding in multiagent systems , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[38]  Davide Sangiorgi,et al.  Communicating and Mobile Systems: the π-calculus, , 2000 .

[39]  Pedro R. D'Argenio,et al.  Partial Order Reduction for Probabilistic Systems: A Revision for Distributed Schedulers , 2009, CONCUR.

[40]  Pasquale Malacaria,et al.  Assessing security threats of looping constructs , 2007, POPL '07.

[41]  Ana Sokolova,et al.  Information Hiding in Probabilistic Concurrent Systems , 2010, QEST.

[42]  Ian Clarke,et al.  Freenet: A Distributed Anonymous Information Storage and Retrieval System , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[43]  Pasquale Malacaria,et al.  Lagrange multipliers and maximum information leakage in different observational models , 2008, PLAS '08.

[44]  Erik P. de Vink,et al.  A Formalization of Anonymity and Onion Routing , 2004, ESORICS.

[45]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[46]  Michael R. Clarkson,et al.  Quantifying information flow with beliefs , 2009, J. Comput. Secur..