Adversary Gain vs. Defender Loss in Quantified Information Flow
نویسندگان
چکیده
Metrics for quantifying information leakage assume that an adversary’s gain is the defender’s loss. We demonstrate that this assumption does not always hold via a class of scenarios. We describe how to extend quantification to account for a defender with goals distinct from adversary failure. We implement the extension and experimentally explore the impact on the measured information leakage of the motivating scenario. Keywords-quantitative information flow, probabilistic models, gain function, vulnerability
منابع مشابه
Auditing Rational Adversaries to Provably Manage Risks
Audits to detect policy violations coupled with punishments are essential to manage risks stemming from inap-propriate information use by authorized insiders in organizations that handle large volumes of personal information(e.g., in healthcare, finance, Web services sectors). Our main result is an audit mechanism that effectively managesorganizational risks by balancing the cost of...
متن کاملAuditing Rational Adversaries to Provably Manage Risks (CMU-CyLab-12-011)
Audits to detect policy violations coupled with punishments are essential to manage risks stemming from inap-propriate information use by authorized insiders in organizations that handle large volumes of personal information(e.g., in healthcare, finance, Web services sectors). Our main result is an audit mechanism that effectively managesorganizational risks by balancing the cost of...
متن کاملInformation Leakage Games
We formalize the interplay between defender and adversary in a game-theoretic framework adapted to the specific issues of quantitative information flow. Assuming that both defender and adversary may be active and influence the system during the attack, we define a general framework of information leakage games in which the payoff function of the game is information leakage. We provide methods f...
متن کاملLeakage and Protocol Composition in a Game-Theoretic Perspective
In the inference attacks studied in Quantitative Information Flow (QIF), the adversary typically tries to interfere with the system in the attempt to increase its leakage of secret information. The defender, on the other hand, typically tries to decrease leakage by introducing some controlled noise. This noise introduction can be modeled as a type of protocol composition, i.e., a probabilistic ...
متن کاملSolving Defender-Attacker-Defender Models for Infrastructure Defense
This paper (a) describes a defender-attacker-defender sequential game model (DAD) to plan defenses for an infrastructure system that will enhance that system’s resilience against attacks by an intelligent adversary, (b) describes a realistic formulation of DAD for defending a transportation network, (c) develops a decomposition algorithm for solving this instance of DAD and others, and (d) demo...
متن کامل