Bayes Security: A Not So Average Metric
This addresses the need for more efficient security metrics for system designers, offering a novel alternative to threat-agnostic approaches like differential privacy, though it is incremental in refining existing cryptographic concepts.
The paper tackles the problem of balancing security and performance in security systems by introducing Bayes security, a metric that provides worst-case guarantees like differential privacy but offers a better utility-security trade-off in high-security regimes, achieving up to 50% higher utility in some scenarios.
Security system designers favor worst-case security metrics, such as those derived from differential privacy (DP), due to the strong guarantees they provide. On the downside, these guarantees result in a high penalty on the system's performance. In this paper, we study Bayes security, a security metric inspired by the cryptographic advantage. Similarly to DP, Bayes security i) is independent of an adversary's prior knowledge, ii) it captures the worst-case scenario for the two most vulnerable secrets (e.g., data records); and iii) it is easy to compose, facilitating security analyses. Additionally, Bayes security iv) can be consistently estimated in a black-box manner, contrary to DP, which is useful when a formal analysis is not feasible; and v) provides a better utility-security trade-off in high-security regimes because it quantifies the risk for a specific threat model as opposed to threat-agnostic metrics such as DP. We formulate a theory around Bayes security, and we provide a thorough comparison with respect to well-known metrics, identifying the scenarios where Bayes Security is advantageous for designers.