Integral models of reductive groups and integral Mumford-Tate groups

Let $G$ be a reductive algebraic group over a $p$-adic field or number field $K$, and let $V$ be a $K$-linear faithful representation of $G$. A lattice $\Lambda$ in the vector space $V$ defines a model $\hat{G}_{\Lambda}$ of $G$ over $\mathscr{O}_K$. One may wonder to what extent $\Lambda$ is determined by the group scheme $\hat{G}_{\Lambda}$. In this paper we prove that up to a natural equivalence relation on the set of lattices there are only finitely many $\Lambda$ corresponding to one model $\hat{G}_{\Lambda}$. Furthermore, we relate this fact to moduli spaces of abelian varieties as follows: let $\mathscr{A}_{g,n}$ be the moduli space of principally polarised abelian varieties of dimension $g$ with level $n$ structure. We prove that there are at most finitely many special subvarieties of $\mathscr{A}_{g,n}$ with a given integral generic Mumford-Tate group

Fault tree reliability analysis via squarefree polynomials

Fault tree (FT) analysis is a prominent risk assessment method in industrial systems. Unreliability is one of the key safety metrics in quantitative FT analysis. Existing algorithms for unreliability analysis are based on binary decision diagrams, for which it is hard to give time complexity guarantees beyond a worst-case exponential bound. In this paper, we present a novel method to calculate FT unreliability based on algebras of squarefree polynomials and prove its validity. We furthermore prove that time complexity is low when the number of multiparent nodes is limited. Experiments show that our method is competitive with the state-of-the-art and outperforms it for FTs with few multiparent nodes

Attack time analysis in dynamic attack trees via integer linear programming

Attack trees are an important tool in security analysis, and an important part of attack tree analysis is computing metrics. This paper focuses on dynamic attack trees and their min time metric, i.e. the minimal time to attack a system. For general attack trees, calculating min time efficiently is an open problem, with the fastest current method being enumerating all minimal attacks, which is NP-hard. This paper presents three tools for calculating min time. First, we introduce a novel method for general dynamic attack trees based on mixed integer linear programming. Second, we show how the computation can be sped up by identifying the modules of an attack tree, i.e. subtrees connected to the rest of the attack tree via only one node. Finally, we define a general semantics for dynamic attack trees that significantly relaxes the restrictions on attack trees compared to earlier work, allowing us to apply our methods to a wide variety of attack trees. Experiments on both a case study of a server cluster and a synthetic testing set of large attack trees verify that both the integer linear programming approach and modular analysis considerably decrease the computation time of attack time analysis

Cost-damage analysis of attack trees

Attack trees (ATs) are a widely deployed modelling technique to categorize potential attacks on a system. An attacker of such a system aims at doing as much damage as possible, but might be limited by a cost budget. The maximum possible damage for a given cost budget is an important security metric of a system. In this paper, we find the maximum damage given a cost budget by modelling this problem with ATs, both in deterministic and probabilistic settings. We show that the general problem is NP-complete, and provide heuristics to solve it. For general ATs these are based on integer linear programming. However when the AT is tree-structured, then one can instead use a faster bottom-up approach. We also extend these methods to other problems related to the cost-damage tradeoff, such as the cost-damage Pareto front

Mechanisms for Robust Local Differential Privacy

We consider privacy mechanisms for releasing data X =(S,U), where S is sensitive and U is non-sensitive. We introduce the robust local differential privacy (RLDP) framework, which provides strong privacy guarantees, while preserving utility. This is achieved by providing robust privacy: our mechanisms do not only provide privacy with respect to a publicly available estimate of the unknown true distribution, but also with respect to similar distributions. Such robustness mitigates the potential privacy leaks that might arise from the difference between the true distribution and the estimated one. At the same time, we mitigate the utility penalties that come with ordinary differential privacy, which involves making worst-case assumptions and dealing with extreme cases. We achieve robustness in privacy by constructing an uncertainty set based on a Rényi divergence. By analyzing the structure of this set and approximating it with a polytope, we can use robust optimization to find mechanisms with high utility. However, this relies on vertex enumeration and becomes computationally inaccessible for large input spaces. Therefore, we also introduce two low-complexity algorithms that build on existing LDP mechanisms. We evaluate the utility and robustness of the mechanisms using numerical experiments and demonstrate that our mechanisms provide robust privacy, while achieving a utility that is close to optimal

Data Sanitisation Protocols for the Privacy Funnel with Differential Privacy Guarantees

In the Open Data approach, governments and other public organisations want to share their datasets with the public, for accountability and to support participation. Data must be opened in such a way that individual privacy is safeguarded. The Privacy Funnel is a mathematical approach that produces a sanitised database that does not leak private data beyond a chosen threshold. The downsides to this approach are that it does not give worst-case privacy guarantees, and that finding optimal sanitisation protocols can be computationally prohibitive. We tackle these problems by using differential privacy metrics, and by considering local protocols which operate on one entry at a time. We show that under both the Local Differential Privacy and Local Information Privacy leakage metrics, one can efficiently obtain optimal protocols. Furthermore, Local Information Privacy is both more closely aligned to the privacy requirements of the Privacy Funnel scenario, and more efficiently computable. We also consider the scenario where each user has multiple attributes, for which we define Side-channel Resistant Local Information Privacy, and we give efficient methods to find protocols satisfying this criterion while still offering good utility. Finally, we introduce Conditional Reporting, an explicit LIP protocol that can be used when the optimal protocol is infeasible to compute, and we test this protocol on real-world and synthetic data. Experiments on real-world and synthetic data confirm the validity of these methods.Comment: This preprint is an extended version of arXiv:2002.01501 (Fourteenth International Conference on the Digital Society, 2020

Efficient and Generic Algorithms for Quantitative Attack Tree Analysis

Numerous analysis methods for quantitative attack tree analysis have been proposed. These algorithms compute relevant security metrics, i.e. performance indicators that quantify how good the security of a system is; typical metrics being the most likely attack, the cheapest, or the most damaging one. However, existing methods are only geared towards specific metrics or do not work on general attack trees. This paper classifies attack trees in two dimensions: proper trees vs. directed acyclic graphs (i.e. with shared subtrees); and static vs. dynamic gates. For three out of these four classes, we propose novel algorithms that work over a generic attribute domain, encompassing a large number of concrete security metrics defined on the attack tree semantics; dynamic attack trees with directed acyclic graph structure are left as an open problem. We also analyse the computational complexity of our methods.Comment: Funding: ERC Consolidator (Grant Number: 864075), and European Union (Grant Number: 101067199-ProSVED), in IEEE Transactions on Dependable and Secure Computing, 2022. arXiv admin note: substantial text overlap with arXiv:2105.0751