{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T03:59:50Z","timestamp":1760241590460,"version":"build-2065373602"},"reference-count":34,"publisher":"MDPI AG","issue":"5","license":[{"start":{"date-parts":[[2018,5,18]],"date-time":"2018-05-18T00:00:00Z","timestamp":1526601600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Entropy"],"abstract":"<jats:p>In the inference attacks studied in Quantitative Information Flow (QIF), the attacker typically tries to interfere with the system in the attempt to increase its leakage of secret information. The defender, on the other hand, typically tries to decrease leakage by introducing some controlled noise. This noise introduction can be modeled as a type of protocol composition, i.e., a probabilistic choice among different protocols, and its effect on the amount of leakage depends heavily on whether or not this choice is visible to the attacker. In this work, we consider operators for modeling visible and hidden choice in protocol composition, and we study their algebraic properties. We then formalize the interplay between defender and attacker in a game-theoretic framework adapted to the specific issues of QIF, where the payoff is information leakage. We consider various kinds of leakage games, depending on whether players act simultaneously or sequentially, and on whether or not the choices of the defender are visible to the attacker. In the case of sequential games, the choice of the second player is generally a function of the choice of the first player, and his\/her probabilistic choice can be either over the possible functions (mixed strategy) or it can be on the result of the function (behavioral strategy). We show that when the attacker moves first in a sequential game with a hidden choice, then behavioral strategies are more advantageous for the defender than mixed strategies. This contrasts with the standard game theory, where the two types of strategies are equivalent. Finally, we establish a hierarchy of these games in terms of their information leakage and provide methods for finding optimal strategies (at the points of equilibrium) for both attacker and defender in the various cases.<\/jats:p>","DOI":"10.3390\/e20050382","type":"journal-article","created":{"date-parts":[[2018,5,21]],"date-time":"2018-05-21T04:07:30Z","timestamp":1526875650000},"page":"382","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["A Game-Theoretic Approach to Information-Flow Control via Protocol Composition"],"prefix":"10.3390","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4196-7467","authenticated-orcid":false,"given":"M\u00e1rio S.","family":"Alvim","sequence":"first","affiliation":[{"name":"Computer Science Department, Universidade Federal de Minas Gerais (UFMG), Belo Horizonte-MG 31270-110, Brazil"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3081-5775","authenticated-orcid":false,"given":"Konstantinos","family":"Chatzikokolakis","sequence":"additional","affiliation":[{"name":"\u00c9cole Polytechnique, 91128 Palaiseau, France"},{"name":"Centre National de la Recherche Scientifique (CNRS), 91190 Gif-sur-Yvette, France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2151-9560","authenticated-orcid":false,"given":"Yusuke","family":"Kawamoto","sequence":"additional","affiliation":[{"name":"National Institute of Advanced Industrial Science and Technology (AIST), Tsukuba 305-8560, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4597-7002","authenticated-orcid":false,"given":"Catuscia","family":"Palamidessi","sequence":"additional","affiliation":[{"name":"\u00c9cole Polytechnique, 91128 Palaiseau, France"},{"name":"INRIA Saclay, 91120 Palaiseau, France"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2018,5,18]]},"reference":[{"key":"ref_1","unstructured":"Sun, Q., Simon, D.R., Wang, Y.M., Russell, W., Padmanabhan, V.N., and Qiu, L. (2002, January 12\u201315). Statistical identification of encrypted web browsing traffic. Proceedings of the 2002 IEEE Symposium on Security and Privacy, Berkeley, CA, USA."},{"key":"ref_2","first-page":"265","article-title":"Calibrating noise to sensitivity in private data analysis","volume":"Volume 3876","author":"Dwork","year":"2006","journal-title":"Proceedings of the Theory of Cryptography Conference"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1007\/BF00206326","article-title":"The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability","volume":"1","author":"Chaum","year":"1988","journal-title":"J. Cryptol."},{"key":"ref_4","first-page":"166","article-title":"Quantitative information flow under generic leakage functions and adaptive adversaries","volume":"11","author":"Boreale","year":"2015","journal-title":"Log. Methods Comput. Sci."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Mardziel, P., Alvim, M.S., Hicks, M.W., and Clarkson, M.R. (2014, January 18\u201321). Quantifying Information Flow for Dynamic Secrets. Proceedings of the 2014 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA.","DOI":"10.1109\/SP.2014.41"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"437","DOI":"10.1007\/978-3-319-68711-7_23","article-title":"Information Leakage Games","volume":"Volume 10575","author":"Alvim","year":"2017","journal-title":"Proceedings of the International Conference on Decision and Game Theory for Security"},{"key":"ref_7","unstructured":"Rizzo, J., and Duong, T. (2012, January 19\u201321). The CRIME attack. Proceedings of the 2012 8th EKOparty Security Conference, Buenos Aires, Argentina."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Alvim, M.S., Chatzikokolakis, K., McIver, A., Morgan, C., Palamidessi, C., and Smith, G. (July, January 27). Axioms for Information Leakage. Proceedings of the 2016 IEEE 29th Computer Security Foundations Symposium (CSF), Lisbon, Portugal.","DOI":"10.1109\/CSF.2016.13"},{"key":"ref_9","first-page":"288","article-title":"On the Foundations of Quantitative Information Flow","volume":"Volume 5504","author":"Smith","year":"2009","journal-title":"Proceedings of the International Conference on Foundations of Software Science and Computational Structures"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"531","DOI":"10.3233\/JCS-2008-0333","article-title":"On the Bayes risk in information-hiding protocols","volume":"16","author":"Chatzikokolakis","year":"2008","journal-title":"J. Comput. Secur."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"379","DOI":"10.1002\/j.1538-7305.1948.tb01338.x","article-title":"A Mathematical Theory of Communication","volume":"27","author":"Shannon","year":"1948","journal-title":"Bell Syst. Tech. J."},{"key":"ref_12","unstructured":"Massey, J.L. (July, January 27). Guessing and Entropy. Proceedings of the IEEE International Symposium on Information Theory, Trondheim, Norway."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Alvim, M.S., Chatzikokolakis, K., Palamidessi, C., and Smith, G. (2012, January 25\u201327). Measuring Information Leakage Using Generalized Gain Functions. Proceedings of the 2012 IEEE 25th Computer Security Foundations Symposium (CSF), Cambridge, MA, USA.","DOI":"10.1109\/CSF.2012.26"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Alvim, M.S., Chatzikokolakis, K., Kawamoto, Y., and Palamidessi, C. (2018, January 16\u201319). Leakage and protocol composition in a game-theoretic perspective. Proceedings of the International Conference on Principles of Security and Trust, Thessaloniki, Greece. Lecture Notes in Computer Science.","DOI":"10.1007\/978-3-319-89722-6_6"},{"key":"ref_15","unstructured":"Osborne, M.J., and Rubinstein, A. (1994). A Course in Game Theory, The MIT Press."},{"key":"ref_16","first-page":"75","article-title":"Quantitative Notions of Leakage for One-try Attacks","volume":"Volume 249","author":"Braun","year":"2009","journal-title":"Proceedings of the Proceedings of the 25th Conference on Mathematical Foundations of Programming Semantics"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1007\/978-3-642-54792-8_5","article-title":"Abstract Channels and Their Robust Information-Leakage Ordering","volume":"Volume 8414","author":"McIver","year":"2014","journal-title":"Proceedings of the International Conference on Principles of Security and Trust"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"152","DOI":"10.1109\/TIT.1983.1056602","article-title":"The Gaussian test channel with an intelligent jammer","volume":"29","author":"Basar","year":"1983","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Grossklags, J., Christin, N., and Chuang, J. (2008, January 21\u201325). Secure or Insure?: A Game-theoretic Analysis of Information Security Games. Proceedings of the 17th International Conference on World Wide Web, Beijing, China.","DOI":"10.1145\/1367497.1367526"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"280","DOI":"10.1109\/TMC.2010.146","article-title":"Security Games for Vehicular Networks","volume":"10","author":"Alpcan","year":"2011","journal-title":"IEEE Trans. Mob. Comput."},{"key":"ref_21","unstructured":"Katz, J. (2008, January 9\u201311). Bridging Game Theory and Cryptography: Recent Results and Future Directions. Proceedings of the Theory of Cryptography Conference, Zurich, Switzerland."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Acquisti, A., Dingledine, R., and Syverson, P.F. (2003, January 27\u201330). On the Economics of Anonymity. Proceedings of the International Conference on Financial Cryptography, Guadeloupe, France.","DOI":"10.1007\/978-3-540-45126-6_7"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Freudiger, J., Manshaei, M.H., Hubaux, J.P., and Parkes, D.C. (2009, January 9\u201313). On Non-cooperative Location Privacy: A Game-theoretic Analysis. Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, IL, USA.","DOI":"10.1145\/1653662.1653702"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Zhu, Q., Fung, C.J., Boutaba, R., and Basar, T. (2009, January 13\u201315). A game-theoretical approach to incentive design in collaborative intrusion detection networks. Proceedings of the GameNets \u201909 International Conference on Game Theory for Networks, Istanbul, Turkey.","DOI":"10.1109\/GAMENETS.2009.5137424"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1145\/2480741.2480742","article-title":"Game Theory Meets Network Security and Privacy","volume":"45","author":"Manshaei","year":"2013","journal-title":"ACM Comput. Surv."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"297","DOI":"10.1613\/jair.3269","article-title":"Stackelberg vs. Nash in Security Games: An Extended Investigation of Interchangeability, Equivalence, and Uniqueness","volume":"41","author":"Korzhyk","year":"2011","journal-title":"J. Artif. Intell. Res."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Khouzani, M.H.R., and Malacaria, P. (July, January 27). Relative Perfect Secrecy: Universally Optimal Strategies and Channel Design. Proceedings of the 2016 IEEE 29th Computer Security Foundations Symposium (CSF), Lisbon, Portugal.","DOI":"10.1109\/CSF.2016.12"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"363","DOI":"10.1137\/110858021","article-title":"Adversarial Leakage in Games","volume":"27","author":"Alon","year":"2013","journal-title":"SIAM J. Discret. Math."},{"key":"ref_29","unstructured":"Xu, H., Jiang, A.X., Sinha, A., Rabinovich, Z., Dughmi, S., and Tambe, M. (2015, January 25\u201331). Security Games with Information Leakage: Modeling and Computation. Proceedings of the 24th International Conference on Artificial Intelligence, Buenos Aires, Argentina."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Khouzani, M.H.R., Mardziel, P., Cid, C., and Srivatsa, M. (2015, January 13\u201317). Picking vs. Guessing Secrets: A Game-Theoretic Analysis. Proceedings of the IEEE 28th Computer Security Foundations Symposium, Verona, Italy.","DOI":"10.1109\/CSF.2015.24"},{"key":"ref_31","unstructured":"Yang, M., Sassone, V., and Hamadou, S. (April, January 24). A Game-Theoretic Analysis of Cooperation in Anonymity Networks. Proceedings of the International Conference on Principles of Security and Trust, Tallinn, Estonia."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1145\/3009908","article-title":"Privacy Games Along Location Traces: A Game-Theoretic Framework for Optimizing Location Privacy","volume":"19","author":"Shokri","year":"2017","journal-title":"ACM Trans. Priv. Secur."},{"key":"ref_33","first-page":"1","article-title":"On the Compositionality of Quantitative Information Flow","volume":"13","author":"Kawamoto","year":"2017","journal-title":"Log. Methods Comput. Sci."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Kawamoto, Y., Biondi, F., and Legay, A. (2016, January 9\u201311). Hybrid Statistical Estimation of Mutual Information for Quantifying Information Flow. Proceedings of the International Symposium on Formal Methods, Limassol, Cyprus.","DOI":"10.1007\/978-3-319-48989-6_25"}],"container-title":["Entropy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1099-4300\/20\/5\/382\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T15:04:59Z","timestamp":1760195099000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1099-4300\/20\/5\/382"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,5,18]]},"references-count":34,"journal-issue":{"issue":"5","published-online":{"date-parts":[[2018,5]]}},"alternative-id":["e20050382"],"URL":"https:\/\/doi.org\/10.3390\/e20050382","relation":{},"ISSN":["1099-4300"],"issn-type":[{"type":"electronic","value":"1099-4300"}],"subject":[],"published":{"date-parts":[[2018,5,18]]}}}