A common goal in the areas of secure information flow and privacy is to build effective defenses against unwanted leakage of information. To this end, one must be able to reason about potential attacks and their interplay with possible defenses. In this paper, we propose a game-theoretic framework to formalize strategies of attacker and defender in the context of information leakage, and provide a basis for developing optimal defense methods. A novelty of our games is that their utility is given by information leakage, which in some cases may behave in a non-linear way. This causes a significant deviation from classic game theory, in which utility functions are linear with respect to players' strategies. Hence, a key contribution of this paper is the establishment of the foundations of information leakage games. We consider two kinds of games, depending on the notion of leakage considered. The first kind, the QIF-games, is tailored for the theory of quantitative information flow (QIF). The second one, the DP-games, corresponds to differential privacy (DP).
翻译:安全信息流动和隐私领域的共同目标是建立有效的防御机制,防止不想要的信息泄漏。为此,人们必须能够解释潜在的攻击及其与可能防御的相互作用。在本文中,我们提出了一个游戏理论框架,以正式确定信息泄漏情况下攻击者和捍卫者的战略,并为制定最佳防御方法提供基础。我们游戏的一个新颖之处是,信息泄漏提供了它们的效用,在某些情况下,信息泄漏可能以非线性方式进行。这导致与传统游戏理论的重大偏差,在经典游戏理论中,实用功能对玩家的战略是线性的。因此,本文的一个关键贡献是建立信息泄漏游戏的基础。我们考虑两种游戏,取决于所考虑的渗漏概念。第一类,即QIF游戏,是量信息流动理论(QIF)的定制。第二种,即DP游戏,即DP-Games,与差异隐私权相对应(DP)。