Information Leakage Games: Exploring Information as a Utility Function
This work provides a foundational framework for developing optimal defense methods against information leakage for security and privacy researchers, addressing the challenge of reasoning about attacks and defenses.
This paper introduces a game-theoretic framework to model attacker and defender strategies in information leakage scenarios, using information leakage itself as the utility function. This approach deviates from classic game theory due to the non-linear nature of information leakage utility, and the authors establish foundations for two types of games: QIF-games for quantitative information flow and DP-games for differential privacy.
A common goal in the areas of secure information flow and privacy is to build effective defenses against unwanted leakage of information. To this end, one must be able to reason about potential attacks and their interplay with possible defenses. In this paper, we propose a game-theoretic framework to formalize strategies of attacker and defender in the context of information leakage, and provide a basis for developing optimal defense methods. A novelty of our games is that their utility is given by information leakage, which in some cases may behave in a non-linear way. This causes a significant deviation from classic game theory, in which utility functions are linear with respect to players' strategies. Hence, a key contribution of this paper is the establishment of the foundations of information leakage games. We consider two kinds of games, depending on the notion of leakage considered. The first kind, the QIF-games, is tailored for the theory of quantitative information flow (QIF). The second one, the DP-games, corresponds to differential privacy (DP).