Crowds: anonymity for Web transactions
ACM Transactions on Information and System Security (TISSEC)
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
Verifying security protocols with Brutus
ACM Transactions on Software Engineering and Methodology (TOSEM)
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Model Checking of Probabalistic and Nondeterministic Systems
Proceedings of the 15th Conference on Foundations of Software Technology and Theoretical Computer Science
PRISM: Probabilistic Symbolic Model Checker
TOOLS '02 Proceedings of the 12th International Conference on Computer Performance Evaluation, Modelling Techniques and Tools
LICS '96 Proceedings of the 11th Annual IEEE Symposium on Logic in Computer Science
The epistemic representation of information flow security in probabilistic systems
CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
Probabilistic Noninterference in a Concurrent Language
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Probabilistic Analysis of Anonymity
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Probabilistic temporal logics for finite and bounded models
STOC '84 Proceedings of the sixteenth annual ACM symposium on Theory of computing
Anonymous Connections and Onion Routing
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Automated analysis of cryptographic protocols using Mur/spl phi/
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Model checking for a probabilistic branching time logic with fairness
Distributed Computing
Probabilistic model checking in practice: case studies with PRISM
ACM SIGMETRICS Performance Evaluation Review
Proceedings of the 2005 ACM workshop on Formal methods in security engineering
Data Anonymity in the FOO Voting Scheme
Electronic Notes in Theoretical Computer Science (ENTCS)
Theoretical Computer Science - Automated reasoning for security protocol analysis
Probabilistic analysis of onion routing in a black-box model
Proceedings of the 2007 ACM workshop on Privacy in electronic society
Formalized Information-Theoretic Proofs of Privacy Using the HOL4 Theorem-Prover
PETS '08 Proceedings of the 8th international symposium on Privacy Enhancing Technologies
Bridging and Fingerprinting: Epistemic Attacks on Route Selection
PETS '08 Proceedings of the 8th international symposium on Privacy Enhancing Technologies
On the Bayes risk in information-hiding protocols
Journal of Computer Security - 20th IEEE Computer Security Foundations Symposium (CSF)
A survey of state-of-the-art in anonymity metrics
Proceedings of the 1st ACM workshop on Network data anonymization
An Adversary Model for Simulation-Based Anonymity Proof
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
Bounds on the Leakage of the Input's Distribution in Information-Hiding Protocols
Trustworthy Global Computing
Formal Aspects in Security and Trust
Vida: How to Use Bayesian Inference to De-anonymize Persistent Communications
PETS '09 Proceedings of the 9th International Symposium on Privacy Enhancing Technologies
Quantitative Analysis With the Probabilistic Model Checker PRISM
Electronic Notes in Theoretical Computer Science (ENTCS)
Probabilistic anonymity via coalgebraic simulations
ESOP'07 Proceedings of the 16th European conference on Programming
Probabilistic anonymity via coalgebraic simulations
Theoretical Computer Science
A framework for automatically checking anonymity with µCRL
TGC'06 Proceedings of the 2nd international conference on Trustworthy global computing
Measuring anonymity with relative entropy
FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
Performance evaluation and model checking join forces
Communications of the ACM
Security analysis of the bootstrap protocol for deny-by-default mobile ad-hoc networks
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Opacity of discrete event systems and its applications
Automatica (Journal of IFAC)
Symbolic model checking of probabilistic knowledge
Proceedings of the 13th Conference on Theoretical Aspects of Rationality and Knowledge
Synchronous batching: from cascades to free routes
PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies
PARAM: a model checker for parametric markov models
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Timing analysis in low-latency mix networks: attacks and defenses
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Towards modeling wireless location privacy
PET'05 Proceedings of the 5th international conference on Privacy Enhancing Technologies
Probabilistic analysis of onion routing in a black-box model
ACM Transactions on Information and System Security (TISSEC)
Algorithmic probabilistic game semantics
Formal Methods in System Design
| Hi-index | 0.02 |
We use the probabilistic model checker PRISM to analyze the Crowds system for anonymous Web browsing. This case study demonstrates how probabilistic model checking techniques can be used to formally analyze security properties of a peer-to-peer group communication system based on random message routing among members. The behavior of group members and the adversary is modeled as a discrete-time Markov chain, and the desired security properties are expressed as PCTL formulas. The PRISM model checker is used to perform automated analysis of the system and verify anonymity guarantees it provides. Our main result is a demonstration of how certain forms of probabilistic anonymity degrade when group size increases or random routing paths are rebuilt, assuming that the corrupt group members are able to identify and/or correlate multiple routing paths originating from the same sender. Supported in part by DARPA contract N66001-00-C-8015 “Agile Management of Dynamic Collaboration”.