Results

2014. During the second year, the activity of PRINCESS has focused on the following main directions: 

(1) We have continued the study of the g-leakage measures, which use gain functions g to model the operational scenario in which an adversary operates, and the criteria for evaluating the effectiveness of its attacks. We have considered both additive and multiplicative notions of leakage, and we have investigated upper bounds and their computability. Furthermore we have been able to give a complete characterization of the information order in the probabilistic case, in terms of channel composition refiniment and of a geometric interpretation of the g-leakage, thus extending the standard theory of the lattice of information. The results of this investigation have appeared in POST 2014 and in CSF 2014. This work has involved researchers from all the three original sites: INRIA, Upenn (UFMG), and FIU, and from the new Australian sites (Nicta and McQuaire). 

(2) We have extended our geo-indistinguishability approach to location privacy to traces. Geo-indistinguishability is based on the idea of obfuscating teh real location by adding laplacian noise. The main challenge in the extension to traces is that when several correlated locations are reported, the privacy protection level degrades quickly, or conversely, the noise to add becomes so large that the utility is decreases dramatically. Our proposal consists in using a prediction function that makes unnecessary the reporting of correlated locations within certain limits. The result of our study have appeared in PETS 2014

(3) We have investigated an extension of the bisimulation metric for concurrent processes, based on the Kantoriovich lifting, that will allow to model check properties on traces based on arbitrary distance between their probablity distribution. We have investigated in particular the application to differential privacy, which is obtained by instantiating the distance to the highest ratio between two points in the conditional distribution. The results of this study have appeared in CONCUR 2014.  

(4) We are investigating an axiomatization for the notion of vulnerability in the g-leakage approach, and the relation with the axiomatic systems defining Shannon and Renyi information theory, which have been the foundations of the most popular proposal for (quantitative) language-based security. The goal is to provide an axiomatically structured view of the field. 

2013. During the first year, the activity of PRINCESS has focused on the following main directions: 

(1) The study of an extention of the notion of differential privacy. The property of differential privacy implicitly relies on the Hamming distance between databases. We have extended it to arbitrary metrics, thus obtaining a principle that can be applied to any domain equipped with a notion of distance. The results of this study have appeared in the symposium PETS 2013

(2) We have applied the generalized notion of differential privacy to the specific case of geographic data, and we have developed a method that allows to use location-based services while maintaining a certain degree of privacy. The results of this work have appeared in the conference CCS 2013

(3) We have continued our investigation of the relation between differential privacy and quantitative information flow, and shown that differential privacy induces a bound on the amount of information leakage. This work has involved researchers from two partners sites: INRIA and Upenn. The paper containing the results of this study has been accepted for publication on the Journal of Computer Security

(4) There is growing recognition that different models of adversaries lead to different leakage measures. We have investigated the g-leakage measures, which use gain functions g to model the operational scenario in which an adversary operates, and the criteria for evaluating the effectiveness of its attacks. We have shown that the strong g-leakage ordering and composition refinement coincide, giving us a partial order that has both structural and leakage-testing significance. This work has involved researchers from all the three partners sites: INRIA, Upenn, and FIU.