Probabilistic opacity for Markov decision processes

Opacity is a security property that guarantees that no information leaks in a system.We study opacity in systems modeled by Markov decision processes.For classical MDP, the value of the probabilistic disclosure is computable.In POMDP, most of the problems are undecidable.However, with natural restrictions, one can recover decidability of almost sure disclosure. Opacity is a generic security property, that has been defined on (non-probabilistic) transition systems and later on Markov chains with labels. For a secret predicate, given as a subset of runs, and a function describing the view of an external observer, the value of interest for opacity is a measure of the set of runs disclosing the secret. We extend this definition to the richer framework of Markov decision processes, where non-deterministic choice is combined with probabilistic transitions, and we study related decidability problems with partial or complete observation hypotheses for the schedulers. We prove that all questions are decidable with complete observation and ω-regular secrets. With partial observation, we prove that all quantitative questions are undecidable but the question whether a system is almost surely non-opaque becomes decidable for a restricted class of ω-regular secrets, as well as for all ω-regular secrets under finite-memory schedulers.

[1]  Sophie Pinchinat,et al.  Opacity Issues in Games with Imperfect Information , 2011, GandALF.

[2]  Hervé Marchand,et al.  Synthesis of opaque systems with static and dynamic masks , 2012, Formal Methods Syst. Des..

[3]  Azaria Paz,et al.  Introduction to probabilistic automata (Computer science and applied mathematics) , 1971 .

[4]  Jonathan K. Millen,et al.  Covert Channel Capacity , 1987, 1987 IEEE Symposium on Security and Privacy.

[5]  Maciej Koutny,et al.  Opacity generalised to transition systems , 2005, International Journal of Information Security.

[6]  Hugo Gimbert,et al.  Probabilistic Automata on Finite Words: Decidable and Undecidable Problems , 2010, ICALP.

[7]  Wolfgang Thomas,et al.  Languages, Automata, and Logic , 1997, Handbook of Formal Languages.

[8]  Krishnendu Chatterjee,et al.  Qualitative Analysis of Partially-Observable Markov Decision Processes , 2009, MFCS.

[9]  J. Norris Appendix: probability and measure , 1997 .

[10]  Krishnendu Chatterjee,et al.  Quantitative stochastic parity games , 2004, SODA '04.

[11]  Christoforos N. Hadjicostis,et al.  Current-State Opacity Formulations in Probabilistic Finite Automata , 2014, IEEE Transactions on Automatic Control.

[12]  Mihalis Yannakakis,et al.  The complexity of probabilistic verification , 1995, JACM.

[13]  Maciej Koutny,et al.  Towards Quantitative Analysis of Opacity , 2012, TGC.

[14]  Christoforos N. Hadjicostis,et al.  Verification of $K$-Step Opacity and Analysis of Its Complexity , 2009, IEEE Transactions on Automation Science and Engineering.

[15]  Krishnendu Chatterjee,et al.  Faster and dynamic algorithms for maximal end-component decomposition and related graph problems in probabilistic verification , 2011, SODA '11.

[16]  Krishnendu Chatterjee,et al.  What is Decidable about Partially Observable Markov Decision Processes with omega-Regular Objectives , 2013, CSL.

[17]  Satoru Miyano,et al.  Alternating Finite Automata on omega-Words , 1984, CAAP.

[18]  J. Todd Wittbold,et al.  Information flow in nondeterministic systems , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[19]  Laurent Mazaré,et al.  Decidability of Opacity with Non-Atomic Keys , 2004, Formal Aspects in Security and Trust.

[20]  Azaria Paz,et al.  Probabilistic automata , 2003 .

[21]  Azaria Paz,et al.  Introduction to Probabilistic Automata , 1971 .

[22]  Yassine Lakhnech,et al.  Probabilistic Opacity for a Passive Adversary and its Application to Chaum's Voting Scheme , 2005, IACR Cryptol. ePrint Arch..

[23]  Krishnendu Chatterjee,et al.  Probabilistic Automata on Infinite Words: Decidability and Undecidability Results , 2010, ATVA.

[24]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[25]  Krishnendu Chatterjee,et al.  Randomness for free , 2015, Inf. Comput..

[26]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[27]  Christel Baier,et al.  Probabilistic ω-automata , 2012, JACM.

[28]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[29]  Joël Ouaknine,et al.  Time-Bounded Reachability for Monotonic Hybrid Automata: Complexity and Fixed Points , 2013, ATVA.

[30]  Moshe Y. Vardi Automatic verification of probabilistic concurrent finite state programs , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[31]  Krishnendu Chatterjee,et al.  Algorithms for Omega-Regular Games with Imperfect Information , 2006, Log. Methods Comput. Sci..

[32]  Christoforos N. Hadjicostis,et al.  Verification of K-step opacity and analysis of its complexity , 2011, Proceedings of the 48h IEEE Conference on Decision and Control (CDC) held jointly with 2009 28th Chinese Control Conference.

[33]  Philippe Darondeau,et al.  Supervisory Control for Opacity , 2010, IEEE Transactions on Automatic Control.

[34]  Heiko Mantel,et al.  Information-Theoretic Modeling and Analysis of Interrupt-Related Covert Channels , 2008, Formal Aspects in Security and Trust.

[35]  Joël Ouaknine,et al.  Time-bounded Reachability for Hybrid Automata: Complexity and Fixpoints , 2012, ArXiv.

[36]  Michele Boreale,et al.  Quantitative Information Flow, with a View , 2011, ESORICS.