{"title":"Satisfiability modulo counting: a new approach for analyzing privacy properties","authors":"Matt Fredrikson, S. Jha","doi":"10.1145/2603088.2603097","DOIUrl":null,"url":null,"abstract":"Applications increasingly derive functionality from sensitive personal information, forcing developers who wish to preserve some notion of privacy or confidentiality to reason about partial information leakage. New definitions of privacy and confidentiality, such as differential privacy, address this by offering precise statements of acceptable disclosure that are useful in common settings. However, several recent published accounts of flawed implementations have surfaced, highlighting the need for verification techniques. In this paper, we pose the problem of model-counting satisfiability, and show that a diverse set of privacy and confidentiality verification problems can be reduced to instances of it. In this problem, constraints are placed on the outcome of model-counting operations, which occur over formulas containing parameters. The object is to find an assignment to the parameters that satisfies the model-counting constraints, or to demonstrate unsatisfiability. We present a logic for expressing these problems, and an abstract decision procedure for model-counting satisfiability problems fashioned after CDCL-based SMT procedures, encapsulating functionality specific to the underlying logic in which counting occurs in a small set of black-box routines similar to those required of theory solvers in SMT. We describe an implementation of this procedure for linear-integer arithmetic, as well as an effective strategy for generating lemmas. We conclude by applying our decision procedure to the verification of privacy properties over programs taken from a well-known privacy-preserving compiler, demonstrating its ability to find flaws or prove correctness sometimes in a matter of seconds.","PeriodicalId":20649,"journal":{"name":"Proceedings of the Joint Meeting of the Twenty-Third EACSL Annual Conference on Computer Science Logic (CSL) and the Twenty-Ninth Annual ACM/IEEE Symposium on Logic in Computer Science (LICS)","volume":"22 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2014-07-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Joint Meeting of the Twenty-Third EACSL Annual Conference on Computer Science Logic (CSL) and the Twenty-Ninth Annual ACM/IEEE Symposium on Logic in Computer Science (LICS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2603088.2603097","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 26

Abstract

Applications increasingly derive functionality from sensitive personal information, forcing developers who wish to preserve some notion of privacy or confidentiality to reason about partial information leakage. New definitions of privacy and confidentiality, such as differential privacy, address this by offering precise statements of acceptable disclosure that are useful in common settings. However, several recent published accounts of flawed implementations have surfaced, highlighting the need for verification techniques. In this paper, we pose the problem of model-counting satisfiability, and show that a diverse set of privacy and confidentiality verification problems can be reduced to instances of it. In this problem, constraints are placed on the outcome of model-counting operations, which occur over formulas containing parameters. The object is to find an assignment to the parameters that satisfies the model-counting constraints, or to demonstrate unsatisfiability. We present a logic for expressing these problems, and an abstract decision procedure for model-counting satisfiability problems fashioned after CDCL-based SMT procedures, encapsulating functionality specific to the underlying logic in which counting occurs in a small set of black-box routines similar to those required of theory solvers in SMT. We describe an implementation of this procedure for linear-integer arithmetic, as well as an effective strategy for generating lemmas. We conclude by applying our decision procedure to the verification of privacy properties over programs taken from a well-known privacy-preserving compiler, demonstrating its ability to find flaws or prove correctness sometimes in a matter of seconds.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
可满足模计数:一种分析隐私属性的新方法
应用程序越来越多地从敏感的个人信息中获得功能,这迫使希望保留一些隐私或机密性概念的开发人员考虑部分信息泄漏。隐私和机密性的新定义,如差异隐私,通过提供在常见情况下有用的可接受的披露的精确陈述来解决这个问题。然而,最近公布的一些有缺陷的实现已经浮出水面,这突出了对验证技术的需求。在本文中,我们提出了模型计数可满足性问题,并证明了一组不同的隐私和机密性验证问题可以简化为模型计数可满足性的实例。在这个问题中,对模型计数操作的结果进行了约束,这些操作发生在包含参数的公式上。目标是找到满足模型计数约束的参数赋值,或者证明不满足性。我们提出了一个表达这些问题的逻辑,以及一个抽象的决策过程,用于处理基于cdcl的SMT过程之后形成的模型计数可满足性问题,封装了特定于底层逻辑的功能,其中计数发生在一组类似于SMT中理论求解器所需的黑箱例程中。我们描述了线性整数算法的这个过程的实现,以及一个有效的引理生成策略。最后,我们将决策过程应用于从一个著名的隐私保护编译器获取的程序的隐私属性验证,展示了它有时在几秒钟内发现缺陷或证明正确性的能力。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
The Ackermann award 2014 KAT + B! Logic for communicating automata with parameterized topology Eilenberg-MacLane spaces in homotopy type theory Deadlock and lock freedom in the linear π-calculus
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1