Results 1 - 10
of
11
Secrecy in multiagent systems
"... We introduce a general framework for reasoning about secrecy requirements in multiagent systems. Because secrecy requirements are closely connected with the knowledge of individual agents of a system, our framework employs the modal logic of knowledge within the context of the well-studied runs and ..."
Abstract
-
Cited by 71 (6 self)
- Add to MetaCart
(Show Context)
We introduce a general framework for reasoning about secrecy requirements in multiagent systems. Because secrecy requirements are closely connected with the knowledge of individual agents of a system, our framework employs the modal logic of knowledge within the context of the well-studied runs and systems framework. Put simply, “secrets ” are facts about a system that low-level agents are never allowed to know. The framework presented here allows us to formalize this intuition precisely, in a way that is much in the spirit of Sutherland’s notion of nondeducibility. Several well-known attempts to characterize the absence of information flow, including separability, generalized noninterference, and nondeducibility on strategies, turn out to be special cases of our definition of secrecy. However, our approach lets us go well beyond these definitions. It can handle probabilistic secrecy in a clean way, and it suggests generalizations of secrecy that may be useful for dealing with resource-bounded reasoning and with issues such as downgrading of information.
Deductive algorithmic knowledge
- In Proc. 8th International Symposium on Artificial Intelligence and Mathematics. AI&M
, 2004
"... The framework of algorithmic knowledge assumes that agents use algorithms to compute the facts they explicitly know. In many cases of interest, a logical theory, rather than a particular algorithm, can be used to capture the formal reasoning used by the agents to compute what they explicitly know. W ..."
Abstract
-
Cited by 15 (0 self)
- Add to MetaCart
(Show Context)
The framework of algorithmic knowledge assumes that agents use algorithms to compute the facts they explicitly know. In many cases of interest, a logical theory, rather than a particular algorithm, can be used to capture the formal reasoning used by the agents to compute what they explicitly know. We introduce a logic for reasoning about both implicit and explicit knowledge, where the latter is given with respect to a deductive system formalizing a logical theory for agents. The highly structured nature of such logical theories leads to very natural axiomatizations of the resulting logic when interpreted over a fixed deductive system. The decision problem for the logic is NP-complete in general, no harder than propositional logic, and moreover, it remains NP-complete when we fix a tractable deductive system. The logic extends in a straightforward way to multiple agents, where the decision problem becomes PSPACEcomplete. 1
A logic for reasoning about evidence
- In Proc. 19th Conference on Uncertainty in Artificial Intelligence (UAI’03
, 2003
"... We introduce a logic for reasoning about evidence that essentially views evidence as a function from prior beliefs (before making an observation) to posterior beliefs (after making the observation). We provide a sound and complete axiomatization for the logic, and consider the complexity of the deci ..."
Abstract
-
Cited by 14 (1 self)
- Add to MetaCart
(Show Context)
We introduce a logic for reasoning about evidence that essentially views evidence as a function from prior beliefs (before making an observation) to posterior beliefs (after making the observation). We provide a sound and complete axiomatization for the logic, and consider the complexity of the decision problem. Although the reasoning in the logic is mainly propositional, we allow variables representing numbers and quantification over them. This expressive power seems necessary to capture important properties of evidence. 1.
Interactions between Knowledge and Time in a First-Order Logic for Multi-Agent Systems: Completeness Results
"... We investigate a class of first-order temporal-epistemic logics for reasoning about multiagent systems. We encode typical properties of systems including perfect recall, synchronicity, no learning, and having a unique initial state in terms of variants of quantified interpreted systems, a first-orde ..."
Abstract
-
Cited by 4 (3 self)
- Add to MetaCart
(Show Context)
We investigate a class of first-order temporal-epistemic logics for reasoning about multiagent systems. We encode typical properties of systems including perfect recall, synchronicity, no learning, and having a unique initial state in terms of variants of quantified interpreted systems, a first-order extension of interpreted systems. We identify several monodic fragments of first-order temporal-epistemic logic and show their completeness with respect to their corresponding classes of quantified interpreted systems. 1.
Evidence with Uncertain Likelihoods
"... An agent often has a number of hypotheses, and must choose among them based on observations, or outcomes of experiments. Each of these observations can be viewed as providing evidence for or against various hypotheses. All the attempts to formalize this intuition up to now have assumed that associat ..."
Abstract
-
Cited by 3 (2 self)
- Add to MetaCart
An agent often has a number of hypotheses, and must choose among them based on observations, or outcomes of experiments. Each of these observations can be viewed as providing evidence for or against various hypotheses. All the attempts to formalize this intuition up to now have assumed that associated with each hypothesis h there is a likelihood function µh, which is a probability measure that intuitively describes how likely each observation is, conditional on h being the correct hypothesis. We consider an extension of this framework where there is uncertainty as to which of a number of likelihood functions is appropriate, and discuss how one formal approach to defining evidence, which views evidence as a function from priors to posteriors, can be generalized to accommodate this uncertainty. 1
SECRECY AND ANONYMITY IN INTERACTIVE SYSTEMS
, 2006
"... When building systems that guarantee confidentiality, system designers must first define confidentiality appropriately. Although researchers have proposed definitions of properties such as secrecy, anonymity, and privacy for a wide variety of system models, general definitions that are intuitive, wi ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
When building systems that guarantee confidentiality, system designers must first define confidentiality appropriately. Although researchers have proposed definitions of properties such as secrecy, anonymity, and privacy for a wide variety of system models, general definitions that are intuitive, widely applicable, and sufficiently formal have proven surprisingly elusive. The goal of this dissertation is to provide such a framework for systems that interact with multiple agents, emphasizing definitions of secrecy (to rule out unwanted information flows) and anonymity (to prevent observers from learning the identity of an agent who per-forms some action). The definitions of secrecy extend earlier definitions of secrecy and nondeducibility given by Shannon and Sutherland. Roughly speaking, one agent maintains secrecy with respect to another if the second agent cannot rule out any possibilities for the behavior or state of the first agent. These definitions are characterized syntactically, using a modal logic of knowledge. Definitions of anonymity are given, with respect to agents, actions, and observers, and are also stated in terms of a modal logic of knowledge. The general framework is shown
Modelling an Attacker With Cryptanalytical Capabilities
"... A abordagem simbólica à análise de protocolos de segurança, introduzida por Dolev e Yao há cerca de 25 anos, tem sido muito bem aceite entre a comunidade científica. Estes modelos usam tipicamente a assumpção de “criptografia perfeita”, abstraindo os detalhes das primitivas criptográficas utilizadas ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
A abordagem simbólica à análise de protocolos de segurança, introduzida por Dolev e Yao há cerca de 25 anos, tem sido muito bem aceite entre a comunidade científica. Estes modelos usam tipicamente a assumpção de “criptografia perfeita”, abstraindo os detalhes das primitivas criptográficas utilizadas no protocolo. Esta simplicidade permitiu o desenvolvimento de várias ferramentas automáticas de análise da segurança de protocolos baseadas nesta abordagem. Contudo, é difícil justificar que estas abstracções são correctas, pois na prática as primitivas criptográficas têm propriedades que podem ser exploradas pelo atacante. A abordagem computacional da análise de protocolos de segurança resolve este problema, tratando as primitivas criptográficas como algoritmos e utilizando conceitos como os de complexidade e probabilidade. Tais modelos são, contudo, bastante complexos, e é geralmente difícil provar teoremas neste contexto. O objectivo deste trabalho é desenvolver uma ferramenta simbólica para a análise de protocolos de segurança que permita ao atacante explorar propriedades conhecidas das primitivas criptográficas. Vamos mostrar como representar propriedades criptográficas e informação parcial sobre mensagens secretas. Vamos ainda estudar como obter uma estimativa da
Your Workshop Name Modeling and Reasoning about an Attacker with Cryptanalytical Capabilities
"... We propose a probabilistic framework for the analysis of security protocols. The proposed framework allows one to model and reason about attackers that extend the usual Dolev-Yao adversary with explicit probabilistic statements representing their (partial) knowledge of the properties of cryptographi ..."
Abstract
- Add to MetaCart
We propose a probabilistic framework for the analysis of security protocols. The proposed framework allows one to model and reason about attackers that extend the usual Dolev-Yao adversary with explicit probabilistic statements representing their (partial) knowledge of the properties of cryptographic primitives. The expressive power of these probabilistic statements is illustrated, namely by representing a standard security notion like indistinguishability under chosen plaintext attacks. We present an entropy-based approach to estimate the probability of a successful attack on a cryptographic protocol given the prescribed knowledge of the attacker. Although we prove that this quantity is typically NP-hard to compute, we still manage to show its usefulness in analyzing a few meaningful examples. Finally, we obtain a result which may be used to prove that a certain amount of probabilistic knowledge (about the properties of the cryptography being used) is not enough for allowing an attacker to correctly uncovering a secret with non-negligible probability. Keywords: Security protocol, attacker, probabilistic statement, cryptographic property, Shannon entropy.
Abstract
"... We investigate the complexity of various combinatorial theorems about linear and partial orders, from the points of view of computability theory and reverse mathematics. We focus in particular on the principles ADS (Ascending or Descending Sequence), which states that every infinite linear order has ..."
Abstract
- Add to MetaCart
We investigate the complexity of various combinatorial theorems about linear and partial orders, from the points of view of computability theory and reverse mathematics. We focus in particular on the principles ADS (Ascending or Descending Sequence), which states that every infinite linear order has either an infinite descending sequence or an infinite ascending sequence, and CAC (Chain-AntiChain), which states that every infinite partial order has either an infinite chain or an infinite antichain. It is well-known that Ramsey’s Theorem for pairs (RT2 2) splits into a stable version (SRT22) and a cohesive principle (COH). We show that the same is true of ADS and CAC, and that in their cases these versions are strictly weaker (which is not known to be the case for RT 2 2 and SRT2 2). We also analyze the relationships between these principles and other systems and principles previously studied by reverse mathematics, such as WKL0, DNR, and BΣ2, showing for instance that WKL0 is incomparable with all of the systems we study; and prove computability-theoretic and conservation results for them. Among these results are a strengthening of the fact, proved by Cholak, Jockusch, and Slaman,
unknown title
"... Abstract An agent often has a number of hypotheses, and must choose among them basedon observations, or outcomes of experiments. Each of these observations can be viewed as providing evidence for or against various hypotheses. All the attempts to formalizethis intuition up to now have assumed that a ..."
Abstract
- Add to MetaCart
Abstract An agent often has a number of hypotheses, and must choose among them basedon observations, or outcomes of experiments. Each of these observations can be viewed as providing evidence for or against various hypotheses. All the attempts to formalizethis intuition up to now have assumed that associated with each hypothesis h there isa likelihood function uh, which is a probability measure that intuitively describes howlikely each observation is, conditional on h being the correct hypothesis. We consideran extension of this framework where there is uncertainty as to which of a number of likelihood functions is appropriate, and discuss how one formal approach to definingevidence, which views evidence as a function from priors to posteriors, can be generalized to accommodate this uncertainty.
