154 research outputs found
Anonymizing Social Graphs via Uncertainty Semantics
Rather than anonymizing social graphs by generalizing them to super
nodes/edges or adding/removing nodes and edges to satisfy given privacy
parameters, recent methods exploit the semantics of uncertain graphs to achieve
privacy protection of participating entities and their relationship. These
techniques anonymize a deterministic graph by converting it into an uncertain
form. In this paper, we propose a generalized obfuscation model based on
uncertain adjacency matrices that keep expected node degrees equal to those in
the unanonymized graph. We analyze two recently proposed schemes and show their
fitting into the model. We also point out disadvantages in each method and
present several elegant techniques to fill the gap between them. Finally, to
support fair comparisons, we develop a new tradeoff quantifying framework by
leveraging the concept of incorrectness in location privacy research.
Experiments on large social graphs demonstrate the effectiveness of our
schemes
Intruder deducibility constraints with negation. Decidability and application to secured service compositions
The problem of finding a mediator to compose secured services has been
reduced in our former work to the problem of solving deducibility constraints
similar to those employed for cryptographic protocol analysis. We extend in
this paper the mediator synthesis procedure by a construction for expressing
that some data is not accessible to the mediator. Then we give a decision
procedure for verifying that a mediator satisfying this non-disclosure policy
can be effectively synthesized. This procedure has been implemented in CL-AtSe,
our protocol analysis tool. The procedure extends constraint solving for
cryptographic protocol analysis in a significative way as it is able to handle
negative deducibility constraints without restriction. In particular it applies
to all subterm convergent theories and therefore covers several interesting
theories in formal security analysis including encryption, hashing, signature
and pairing.Comment: (2012
Unranked Tree Rewriting and Effective Closures of Languages
International audienceWe consider rewriting systems for unranked ordered trees, where the number of chil- dren of a node is not determined by its label, and is not a priori bounded. The rewriting systems are defined such that variables in the rewrite rules can be substituted by hedges (sequences of trees) instead of just trees. Consequently, this notion of rewriting subsumes both standard term rewriting and word rewriting.We present some properties of preservation for classes of unranked tree languages, including hedge automata languages and various context-free extensions. Finally, ap- plications to static type checking for XML transformations and to the verification of read/write access control policies for XML updates are mentioned
Unification modulo a 2-sorted Equational theory for Cipher-Decipher Block Chaining
We investigate unification problems related to the Cipher Block Chaining
(CBC) mode of encryption. We first model chaining in terms of a simple,
convergent, rewrite system over a signature with two disjoint sorts: list and
element. By interpreting a particular symbol of this signature suitably, the
rewrite system can model several practical situations of interest. An inference
procedure is presented for deciding the unification problem modulo this rewrite
system. The procedure is modular in the following sense: any given problem is
handled by a system of `list-inferences', and the set of equations thus derived
between the element-terms of the problem is then handed over to any
(`black-box') procedure which is complete for solving these element-equations.
An example of application of this unification procedure is given, as attack
detection on a Needham-Schroeder like protocol, employing the CBC encryption
mode based on the associative-commutative (AC) operator XOR. The 2-sorted
convergent rewrite system is then extended into one that fully captures a block
chaining encryption-decryption mode at an abstract level, using no AC-symbols;
and unification modulo this extended system is also shown to be decidable.Comment: 26 page
Satisfiability of General Intruder Constraints with and without a Set Constructor
Many decision problems on security protocols can be reduced to solving
so-called intruder constraints in Dolev Yao model. Most constraint solving
procedures for protocol security rely on two properties of constraint systems
called monotonicity and variable origination. In this work we relax these
restrictions by giving a decision procedure for solving general intruder
constraints (that do not have these properties) that stays in NP. Our result
extends a first work by L. Mazar\'e in several directions: we allow non-atomic
keys, and an associative, commutative and idempotent symbol (for modeling
sets). We also discuss several new applications of the results.Comment: Submitted to the Special issue of Information and Computation on
Security and Rewriting Techniques (SecReT), 2011. 59 page
Computing Approximations of Linear Transition Systems
Transition systems have been intensively applied to the modelling of complex systems. Their safety properties can be verified using model-checking procedures by iterative computation of fixed points. The approach has to face two main difficulties: the complexity of computations on the data domain and the termination of the iterative algorithm. In many cases an analysis of the transition system can be exploited in order to speed up the calculus. Metatransitions are upper approximations of transition relations: they lead in one step to a superset of the states occuring on an infinite trajectory. Using polynomials we compute metatransitions for linear transition systems. We apply this method to a train controller
On termination of the direct sum of term rewriting systems
Some sufficient conditions are given for the termination of the direct sum of two term rewriting systems: either no right-hand-side of a rule is a variable, or no right-hand-side contains more occurences of a variable than the corresponding left-hand-side
Constraints-based Verification of Parameterized Cryptographic Protocols.
Cryptographic protocols are crucial for securing electronic transactions. The confidence in these protocols can be increased by the formal analysis of their security properties. Although many works have been dedicated to standard protocols like Needham-Schroeder very few address the more challenging class of group protocols. We present a synchronous model for group protocols, that generalizes standard protocol models by permitting unbounded lists inside messages. In this extended model we propose a correct and complete set of inference rules for checking security properties in presence of an active intruder for the class of Well-Tagged protocols. We prove that the application of these rules on a constraint system terminates and that the normal form obtained can be checked for satisfiability. Therefore, we present here a decision procedure for this class
An Optimistic Mandatory Access Control Model for Distributed Collaborative Editors
Distributed Collaborative Editors (DCE) provide computer support for modifying simultaneously shared documents, such as articles, wiki pages and programming source code, by dispersed users. Controlling access in such systems is still a challenging problem, as they need dynamic access changes and low latency access to shared documents. In this paper, we propose a Mandatory Access Control (MAC) based on replicating the shared document and its authorization policy at the local memory of each user. To deal with latency and dynamic access changes, we use an optimistic access control technique where enforcement of authorizations is retroactive. We show that naive coordination between updates of both copies can create security hole on the shared document by permitting illegal modification, or rejecting legal modification. Finally, we present a novel framework for managing authorizations in collaborative editing work which may be deployed easily on P2P networks
How Useful are Dag Automata?
25 pagesRapport de Recherche (LIFO)Tree automata are widely used in various contexts; and their emptiness problem is known to be decidable in polynomial time. Dag automata -- with or without labels -- are natural extensions of tree automata, which can also be used for solving problems. Our purpose in this work is to show that algebraically they behave quite differently: the class of dag automata is not closed under complementation, dag automata are not determinizable, their membership problem turns out to be NP-complete, and universality is undecidable; and proving emptiness is NP-complete even for deterministic labeled dag automata
- …