Section: Application Domains

Security and privacy

Participants : Nicolas Bordenabe, Konstantinos Chatzikokolakis, Catuscia Palamidessi, Marco Stronati.

The aim of our research is the specification and verification of protocols used in mobile distributed systems, in particular security protocols. We are especially interested in protocols for information hiding.

Information hiding is a generic term which we use here to refer to the problem of preventing the disclosure of information which is supposed to be secret or confidential. The most prominent research areas which are concerned with this problem are those of secure information flow and of privacy.

Secure information flow refers to the problem of avoiding the so-called propagation of secret data due to their processing. It was initially considered as related to software, and the research focussed on type systems and other kind of static analysis to prevent dangerous operations, Nowadays the setting is more general, and a large part of the research effort is directed towards the investigation of probabilistic scenarios and treaths.

Privacy denotes the issue of preventing certain information to become publicly known. It may refer to the protection of private data (credit card number, personal info etc.), of the agent's identity (anonymity), of the link between information and user (unlinkability), of its activities (unobservability), and of its mobility (untraceability).

The common denominator of this class of problems is that an adversary can try to infer the private information (secrets) from the information that he can access (observables). The solution is then to obfuscate the link between secrets and observables as much as possible, and often the use randomization, i.e. the introduction of noise, can help to achieve this purpose. The system can then be seen as a noisy channel, in the information-theoretic sense, between the secrets and the observables.

We intend to explore the rich set of concepts and techniques in the fields of information theory and hypothesis testing to establish the foundations of quantitive information flow and of privacy, and to develop heuristics and methods to improve mechanisms for the protection of secret information. Our approach will be based on the specification of protocols in the probabilistic asynchronous π-calculus, and the application of model-checking to compute the matrices associated to the corresponding channels.