Probabilistic Opacity in Refinement-Based Modeling

Abstract

Given a probabilistic transition system (PTS) A partially observed by an attacker, and an ω-regular predicate the traces of A, measuring the disclosure of the secret in A means computing the probability that an attacker who observes a run of A can ascertain that its trace belongs to . In the context of refinement, we consider specifications given as Interval-valued Discrete Time Markov Chains (IDTMCs), which are underspecified Markov chains where probabilities on edges are only required to belong to intervals. Scheduling an IDTMC S produces a concrete implementation as a PTS and we define the worst case disclosure of secret in S as the maximal disclosure of over all PTSs thus produced. We compute this value for a subclass of IDTMCs and we prove that refinement can only improve the opacity of implementations.