Probabilistic Opacity for Markov Decision Processes

TL;DR

This paper extends the concept of opacity to Markov decision processes, analyzing the decidability of security properties with probabilistic and nondeterministic behaviors under various observation assumptions.

Contribution

It introduces a formal framework for probabilistic opacity in MDPs and establishes decidability results for different observation and secret classes.

Findings

Decidability with complete observation and ω-regular secrets.

Undecidability of quantitative questions with partial observation.

Decidability of almost-sure non-opacity under certain conditions.

Abstract

Opacity is a generic security property, that has been defined on (non probabilistic) transition systems and later on Markov chains with labels. For a secret predicate, given as a subset of runs, and a function describing the view of an external observer, the value of interest for opacity is a measure of the set of runs disclosing the secret. We extend this definition to the richer framework of Markov decision processes, where non deterministic choice is combined with probabilistic transitions, and we study related decidability problems with partial or complete observation hypotheses for the schedulers. We prove that all questions are decidable with complete observation and $\omega$-regular secrets. With partial observation, we prove that all quantitative questions are undecidable but the question whether a system is almost surely non opaque becomes decidable for a restricted class of $\omega$-regular secrets, as well as for all $\omega$-regular secrets under finite-memory schedulers.