38 research outputs found
Integral models of reductive groups and integral Mumford-Tate groups
Let be a reductive algebraic group over a -adic field or number field
, and let be a -linear faithful representation of . A lattice
in the vector space defines a model of
over . One may wonder to what extent is determined by
the group scheme . In this paper we prove that up to a
natural equivalence relation on the set of lattices there are only finitely
many corresponding to one model . Furthermore, we
relate this fact to moduli spaces of abelian varieties as follows: let
be the moduli space of principally polarised abelian
varieties of dimension with level structure. We prove that there are at
most finitely many special subvarieties of with a given
integral generic Mumford-Tate group
Fault tree reliability analysis via squarefree polynomials
Fault tree (FT) analysis is a prominent risk assessment method in industrial systems. Unreliability is one of the key safety metrics in quantitative FT analysis. Existing algorithms for unreliability analysis are based on binary decision diagrams, for which it is hard to give time complexity guarantees beyond a worst-case exponential bound. In this paper, we present a novel method to calculate FT unreliability based on algebras of squarefree polynomials and prove its validity. We furthermore prove that time complexity is low when the number of multiparent nodes is limited. Experiments show that our method is competitive with the state-of-the-art and outperforms it for FTs with few multiparent nodes
Attack time analysis in dynamic attack trees via integer linear programming
Attack trees are an important tool in security analysis, and an important
part of attack tree analysis is computing metrics. This paper focuses on
dynamic attack trees and their min time metric, i.e. the minimal time to attack
a system. For general attack trees, calculating min time efficiently is an open
problem, with the fastest current method being enumerating all minimal attacks,
which is NP-hard. This paper presents three tools for calculating min time.
First, we introduce a novel method for general dynamic attack trees based on
mixed integer linear programming. Second, we show how the computation can be
sped up by identifying the modules of an attack tree, i.e. subtrees connected
to the rest of the attack tree via only one node. Finally, we define a general
semantics for dynamic attack trees that significantly relaxes the restrictions
on attack trees compared to earlier work, allowing us to apply our methods to a
wide variety of attack trees. Experiments on both a case study of a server
cluster and a synthetic testing set of large attack trees verify that both the
integer linear programming approach and modular analysis considerably decrease
the computation time of attack time analysis
Cost-damage analysis of attack trees
Attack trees (ATs) are a widely deployed modelling technique to categorize potential attacks on a system. An attacker of such a system aims at doing as much damage as possible, but might be limited by a cost budget. The maximum possible damage for a given cost budget is an important security metric of a system. In this paper, we find the maximum damage given a cost budget by modelling this problem with ATs, both in deterministic and probabilistic settings. We show that the general problem is NP-complete, and provide heuristics to solve it. For general ATs these are based on integer linear programming. However when the AT is tree-structured, then one can instead use a faster bottom-up approach. We also extend these methods to other problems related to the cost-damage tradeoff, such as the cost-damage Pareto front
Mechanisms for Robust Local Differential Privacy
We consider privacy mechanisms for releasing data X =(S,U), where S is sensitive and U is non-sensitive. We introduce the robust local differential privacy (RLDP) framework, which provides strong privacy guarantees, while preserving utility. This is achieved by providing robust privacy: our mechanisms do not only provide privacy with respect to a publicly available estimate of the unknown true distribution, but also with respect to similar distributions. Such robustness mitigates the potential privacy leaks that might arise from the difference between the true distribution and the estimated one. At the same time, we mitigate the utility penalties that come with ordinary differential privacy, which involves making worst-case assumptions and dealing with extreme cases. We achieve robustness in privacy by constructing an uncertainty set based on a Rényi divergence. By analyzing the structure of this set and approximating it with a polytope, we can use robust optimization to find mechanisms with high utility. However, this relies on vertex enumeration and becomes computationally inaccessible for large input spaces. Therefore, we also introduce two low-complexity algorithms that build on existing LDP mechanisms. We evaluate the utility and robustness of the mechanisms using numerical experiments and demonstrate that our mechanisms provide robust privacy, while achieving a utility that is close to optimal
Data Sanitisation Protocols for the Privacy Funnel with Differential Privacy Guarantees
In the Open Data approach, governments and other public organisations want to
share their datasets with the public, for accountability and to support
participation. Data must be opened in such a way that individual privacy is
safeguarded. The Privacy Funnel is a mathematical approach that produces a
sanitised database that does not leak private data beyond a chosen threshold.
The downsides to this approach are that it does not give worst-case privacy
guarantees, and that finding optimal sanitisation protocols can be
computationally prohibitive. We tackle these problems by using differential
privacy metrics, and by considering local protocols which operate on one entry
at a time. We show that under both the Local Differential Privacy and Local
Information Privacy leakage metrics, one can efficiently obtain optimal
protocols. Furthermore, Local Information Privacy is both more closely aligned
to the privacy requirements of the Privacy Funnel scenario, and more
efficiently computable. We also consider the scenario where each user has
multiple attributes, for which we define Side-channel Resistant Local
Information Privacy, and we give efficient methods to find protocols satisfying
this criterion while still offering good utility. Finally, we introduce
Conditional Reporting, an explicit LIP protocol that can be used when the
optimal protocol is infeasible to compute, and we test this protocol on
real-world and synthetic data. Experiments on real-world and synthetic data
confirm the validity of these methods.Comment: This preprint is an extended version of arXiv:2002.01501 (Fourteenth
International Conference on the Digital Society, 2020
Efficient and Generic Algorithms for Quantitative Attack Tree Analysis
Numerous analysis methods for quantitative attack tree analysis have been
proposed. These algorithms compute relevant security metrics, i.e. performance
indicators that quantify how good the security of a system is; typical metrics
being the most likely attack, the cheapest, or the most damaging one. However,
existing methods are only geared towards specific metrics or do not work on
general attack trees. This paper classifies attack trees in two dimensions:
proper trees vs. directed acyclic graphs (i.e. with shared subtrees); and
static vs. dynamic gates. For three out of these four classes, we propose novel
algorithms that work over a generic attribute domain, encompassing a large
number of concrete security metrics defined on the attack tree semantics;
dynamic attack trees with directed acyclic graph structure are left as an open
problem. We also analyse the computational complexity of our methods.Comment: Funding: ERC Consolidator (Grant Number: 864075), and European Union
(Grant Number: 101067199-ProSVED), in IEEE Transactions on Dependable and
Secure Computing, 2022. arXiv admin note: substantial text overlap with
arXiv:2105.0751