A Cut Principle for Information Flow
Joshua D. Guttman, Paul D. Rowe
TL;DR
This paper introduces a formal framework for analyzing information flow in distributed systems, establishing a cut principle that limits information disclosure based on system structure and partial disclosure models.
Contribution
It formalizes the concept of partial disclosure using blur operators and proves a cut property that constrains information flow in distributed systems.
Findings
Proves that no disclosure occurs beyond a cut if none occurs at the cut
Introduces blur operators to model partial disclosure
Establishes a compositional principle for limited disclosure
Abstract
We view a distributed system as a graph of active locations with unidirectional channels between them, through which they pass messages. In this context, the graph structure of a system constrains the propagation of information through it. Suppose a set of channels is a cut set between an information source and a potential sink. We prove that, if there is no disclosure from the source to the cut set, then there can be no disclosure to the sink. We introduce a new formalization of partial disclosure, called *blur operators*, and show that the same cut property is preserved for disclosure to within a blur operator. This cut-blur property also implies a compositional principle, which ensures limited disclosure for a class of systems that differ only beyond the cut.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.