Security system designers favor worst-case security metrics, such as those derived from differential privacy (DP), due to the strong guarantees they provide. On the downside, these guarantees result in a high penalty on the system's performance. In this paper, we study Bayes security, a security metric inspired by the cryptographic advantage. Similarly to DP, Bayes security i) is independent of an adversary's prior knowledge, ii) it captures the worst-case scenario for the two most vulnerable secrets (e.g., data records); and iii) it is easy to compose, facilitating security analyses. Additionally, Bayes security iv) can be consistently estimated in a black-box manner, contrary to DP, which is useful when a formal analysis is not feasible; and v) provides a better utility-security trade-off in high-security regimes because it quantifies the risk for a specific threat model as opposed to threat-agnostic metrics such as DP. We formulate a theory around Bayes security, and we provide a thorough comparison with respect to well-known metrics, identifying the scenarios where Bayes Security is advantageous for designers.
翻译:安全系统设计者偏向于最坏情况的安全度量,例如来自不同隐私(DP)的安全措施,这是因为他们提供了强有力的保证。在不利方面,这些保证导致对系统性能的严厉惩罚。在本文中,我们研究了拜斯的安全度量,这是由加密优势所启发的一种安全度量值。与DP一样,拜斯安全(i)是独立于对手先前的知识的。 (ii)它抓住了两种最易受到伤害的秘密(例如数据记录)的最坏情况情景;以及(iii)它容易作成,便利安全分析。此外,贝斯安全(iv)可以始终以黑盒方式进行估算,与DP相反,后者在正式分析不可行时是有用的;以及(v)在高度安全制度中提供更好的效用安全性贸易,因为后者对特定威胁模式的风险进行了量化,而不是像DP这样的威胁性度量度量度值。我们围绕贝斯安全(例如数据记录)制定了一种理论,我们对众所周知的度量度值进行彻底比较,并查明贝斯安全对设计者有利的情况。