After looking at the security literature, you will find secrecy is formalized in different ways, depending on the application. Applications have threat models that influence our choice of secrecy properties. A property may be reasonable in one context and completely unsatisfactory in another if other threats exist. The primary goal of this paper is to foster discussion on what sorts of secrecy properties are appropriate for different applications and to investigate what they have in common. We also want to explore what is meant by secrecy in different contexts. Perhaps there is enough overlap among our threat models that we can begin to identify some key secrecy properties for wider application. Currently, secrecy is treated in rather ad hoc ways. With some agreement among calculi for expressing protocols and systems, we might even be able to use one another's proof techniques for proving secrecy.
展开▼
