Comte Head: Catuscia Palamidessi Comit de Visite AERES, February - - PowerPoint PPT Presentation

com te
SMART_READER_LITE
LIVE PREVIEW

Comte Head: Catuscia Palamidessi Comit de Visite AERES, February - - PowerPoint PPT Presentation

Oct 29, 2022 242 likes •403 views

Comte Head: Catuscia Palamidessi Comit de Visite AERES, February 3-4, 2009 1 / 15 The Comte team Name Function Institution Since Permanent Researchers Catuscia Palamidessi DR INRIA 2003 Frank Valencia CR CNRS 2004 Post-docs

slide-1
SLIDE 1

Comète

Head: Catuscia Palamidessi Comité de Visite AERES, February 3-4, 2009

1 / 15

slide-2
SLIDE 2

The Comète team

Name Function Institution Since Permanent Researchers Catuscia Palamidessi DR INRIA 2003 Frank Valencia CR CNRS 2004 Post-docs and engineers Simon Kramer Postdoc INRIA 2007 PhD Students Jesus Aranda PhD student

  • E. Polytechnique

2006 Romain Beauxis PhD student

  • E. Polytechnique

2005 Christelle Braun PhD student

  • E. Polytechnique

2007 Mario Sergio Ferreira PhD student DGA/CNRS 2008 Carlos Olarte PhD student INRIA 2006 Sylvain Pradalier PhD student ENS Cachan 2006

2 / 15

slide-3
SLIDE 3

Scientific project

Research Domains Ubiquitous Computing, Concurrency, Security Protocols, Probability Goals Specification and verification of security properties / protocols (exp. probabilistic protocols for protecting private information) Nondeterminism in security (leaking scheduler) Expressiveness of calculi for concurrent and mobile systems Software project πpa: a specification language for concurrent, mobile and probabilistic systems and protocols A model checker for πpa

slide-4
SLIDE 4

Positioning

National Secsi, Moscova (formal analysis of security protocols) International PRISM (probabilistic model checking)

  • R. Segala’s team (probability & nondeterminism)
  • G. Smith’s team (information-hiding / information flow)

Specificity of our approaches Combination of probability and mobility in πpa Specific treatment of nondeterminism (for information-hiding) Bayesian framework

slide-5
SLIDE 5

Projects and collaborations

  • ProNoBiS. INRIA/ARC. With Jean Goubault-Larrecq (ENS

Cachan), Roberto Segala (University of Verona), Marta Kwiatkowska (University of Oxford). 2006-07.

  • Printemps. INRIA/DREI Equipe Associeé with Prakash

Panangaden (McGill University). Started in 2006.

  • Rossignol. ACI Securité. With Denis Lugiez (LIF), Florent

Jacquemard (ENS Cachan) and Yassine Lakhnech (VERIMAG). 2003-06.

  • OISA. DGA. 2007-08.
  • Monaco. PAI-Egide. With Iain Phillips (Imperial College) and

Uve Nestmann (Technical University of Berlin). 2007-08.

5 / 15

slide-6
SLIDE 6

Main results

Separation between recursion and replication in process calculi Decidability results for a subset of linear temporal logic An information-theoretic approach to anonymity protocols Study of bayesian risk in information hiding Implementation of a subset of πpa in PRISM (In collaboration with the PRISM team, University of Oxford) Characterization of πpa constructs maintaining secrecy

6 / 15

slide-7
SLIDE 7

Focus on some of the results

7 / 15

slide-8
SLIDE 8

An Information-Theoretic approach to Anonymity

Anonymity protocols as noisy channels

The input A represents the information to keep secret and the output O represents the observables

.. . .. .

a1 am

  • 1
  • n

.. .

p(on|a1) p(o1|a1)

Degree of protection offered by a protocol

The converse of the Mutual Information associated to the channel I(O; A) = H(A) − H(A | O)

Verification

Given a protocol specified in πpa, we can automatically compute its degree of protection

8 / 15

slide-9
SLIDE 9

Bayesian risk in Information Flow

The Bayesian risk is the probability of error of an adversary that tries to infer the secret by using the MAP criterion (Maximum Aposteriori Probability) Relation between the Bayesian risk and the Conditional Entropy

0.0 0.1 0.2 0.3 0.4 0.5 0.6 0.25 0.5 0.75 1.0 0.0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1.0

Object of study since decades Foundational and practical motivations Bounds on the Bayesian risk using the Conditional entropy Bounds by Rény (1966), Hellman-Raviv (1970), Santhi-Vardy (2006) The Bayesian risk is a piecewise linear function. We have

  • btained a tighter bound by characterizing its “corner points”
slide-10
SLIDE 10

πpa constructs which maintain secrecy

The πpa calculus T ::=

  • i pi Ti

probabilistic choice |

  • i si.Ti

secret choice (si ∈ Sec) |

  • i ri.Ti

nondeterministic choice (ri ∈ Obs ∪ {τ}) | T | T parallel composition | (νa) T restriction | ! T replication

An operator op maintains secrecy if Protection(op(T)) ≥ Protection(T) The probabilistic and nondeterministic choices, and a restricted form of parallel composition maintain secrecy Generalization of the result of Chaum (1988).

10 / 15

slide-11
SLIDE 11

Perspectives I

Protection of private and/or critical information is becoming an issue more and more important in today’s world Probability is fundamental, both as an abstraction and because of the use of randomized primitives in information-hiding protocols. Other quantitative aspects, like time, are important too. The classical notion of nondeterminism is not suitable for security. Need for new foundations. The interplay between probability and nondeterminism requires special care. Cooperation with Jan Gobault-Larrecq, Prakash Panangaden, and Roberto Segala

11 / 15

slide-12
SLIDE 12

Perspectives II

The existing tools (model checkers) are not suitable to verify protocols for information protection Cooperation with the PRISM team (Marta Kwiatkowska, University of Oxford) The literature on the π-calculus, in particular that behind the existing model checkers, is mainly first-order. This makes very difficult to extend the existing results and tools to the probabilistic

  • case. Need for a high-order framework

Cooperation with the Parsifal team (Dale Miller, LIX)

12 / 15

slide-13
SLIDE 13

Publications (by permanent members and PhDs)

2005 2006 2007 2008 Permanent members 3 2 2 2 Number of PhDs 2 5(2) 6(2) 6(2) Journal publications 4 (2) 2 (1) 6 (3) 5 (4) International conferences 4 (2) 4 (2) 7 (4) 7 (3) International workshops 9 (3) 8 (3) 5 (4) 2 (1) Total publications 17 (7) 14 (6) 18(11) 14(8) The numbers in green represent the number of PhD students co-supervised by an external advisor The numbers in red represent the number of publication with external coauthors

13 / 15

slide-14
SLIDE 14

Visibility

Program Committees

FOSSACS’09, QEST’08, FICS’08, MFPS XXIV, LICS’08, VMCAI’08, CiE’08, ESOP’08, CONCUR’07, QEST’07, FCT’07, ESOP’07, FInCo’07, SAC’07, LPAR’06, CONCUR’06, MFPS XXII, FOSSACS’06, EXPRESS’06, CLEI’05, LPAR’05, ICLP’05, CONCUR’05, ESOP’05, SOFSEM’05, FInCo’05, ICLP’05

Editorial boards

MSCS, TPLP, ENTCS, JFLP

Conference organization

MFPS XXV, SOFSEM 2009 Track on Foundations, SecCo’07, LIX Colloquium 2006, ICALP’05 Track B.

Invited talks

ICE’08, PAuL’07, PERAD’07, PLID’07, MFPS XXI, CLEI’05

slide-15
SLIDE 15

Notable facts FORTE’06 Best Paper Award Robin Milner visits Comète for one year in 2007 on a chair Blaise Pascal SPECIF /Gilles Kahn Award for one of the two second best PhD Thesis in France in 2008

15 / 15