Visible to the public Biblio

Filters: Keyword is Petri nets  [Clear All Filters]
2023-09-01
Liu, Zhenyu, Lou, Xuanyu, Cui, Yajun, Zhao, Yingdong, Li, Hua.  2022.  Colored Petri Net Reusing for Service Function Chaining Validation. 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC). :1531—1535.
With the development of software defined network and network function virtualization, network operators can flexibly deploy service function chains (SFC) to provide network security services more than before according to the network security requirements of business systems. At present, most research on verifying the correctness of SFC is based on whether the logical sequence between service functions (SF) in SFC is correct before deployment, and there is less research on verifying the correctness after SFC deployment. Therefore, this paper proposes a method of using Colored Petri Net (CPN) to establish a verification model offline and verify whether each SF deployment in SFC is correct after online deployment. After the SFC deployment is completed, the information is obtained online and input into the established model for verification. The experimental results show that the SFC correctness verification method proposed in this paper can effectively verify whether each SF in the deployed SFC is deployed correctly. In this process, the correctness of SF model is verified by using SF model in the model library, and the model reuse technology is preliminarily discussed.
2023-04-14
Yamaguchi, Shingo, Makihara, Daisuke.  2022.  On Resident Strategy for White-Hat Botnet in Botnet Defense System. 2022 IEEE International Conference on Consumer Electronics - Taiwan. :189–190.
This paper proposes a new strategy, named resident strategy, for defending IoT networks from repeated infection of malicious botnets in the Botnet Defense System (BDS). The resident strategy aims to make a small-scale white-hat botnet resident in the network respond immediately to invading malicious botnets. The BDS controls the resident white-hat botnet with two parameters: upper and lower number of its bots. The lower limit prevents the white-hat botnet from disappearing, while the upper limit prevents it from filling up the network. The BDS with the strategy was modeled with agent-oriented Petri nets and was evaluated through the simulation. The result showed that the proposed strategy was able to deal with repeatedly invading malicious botnets with about half the scale of the conventional white-hat botnet.
ISSN: 2575-8284
2023-03-17
Sendner, Christoph, Iffländer, Lukas, Schindler, Sebastian, Jobst, Michael, Dmitrienko, Alexandra, Kounev, Samuel.  2022.  Ransomware Detection in Databases through Dynamic Analysis of Query Sequences. 2022 IEEE Conference on Communications and Network Security (CNS). :326–334.
Ransomware is an emerging threat that imposed a \$ 5 billion loss in 2017, rose to \$ 20 billion in 2021, and is predicted to hit \$ 256 billion in 2031. While initially targeting PC (client) platforms, ransomware recently leaped over to server-side databases-starting in January 2017 with the MongoDB Apocalypse attack and continuing in 2020 with 85,000 MySQL instances ransomed. Previous research developed countermeasures against client-side ransomware. However, the problem of server-side database ransomware has received little attention so far. In our work, we aim to bridge this gap and present DIMAQS (Dynamic Identification of Malicious Query Sequences), a novel anti-ransomware solution for databases. DIMAQS performs runtime monitoring of incoming queries and pattern matching using two classification approaches (Colored Petri Nets (CPNs) and Deep Neural Networks (DNNs)) for attack detection. Our system design exhibits several novel techniques like dynamic color generation to efficiently detect malicious query sequences globally (i.e., without limiting detection to distinct user connections). Our proof-of-concept and ready-to-use implementation targets MySQL servers. The evaluation shows high efficiency without false negatives for both approaches and a false positive rate of nearly 0%. Both classifiers show very moderate performance overheads below 6%. We will publish our data sets and implementation, allowing the community to reproduce our tests and results.
2023-02-02
Torquato, Matheus, Maciel, Paulo, Vieira, Marco.  2022.  Software Rejuvenation Meets Moving Target Defense: Modeling of Time-Based Virtual Machine Migration Approach. 2022 IEEE 33rd International Symposium on Software Reliability Engineering (ISSRE). :205–216.
The use of Virtual Machine (VM) migration as support for software rejuvenation was introduced more than a decade ago. Since then, several works have validated this approach from experimental and theoretical perspectives. Recently, some works shed light on the possibility of using the same technique as Moving Target Defense (MTD). However, to date, no work evaluated the availability and security levels while applying VM migration for both rejuvenation and MTD (multipurpose VM migration). In this paper, we conduct a comprehensive evaluation using Stochastic Petri Net (SPN) models to tackle this challenge. The evaluation covers the steady-state system availability, expected MTD protection, and related metrics of a system under time-based multipurpose VM migration. Results show that the availability and security improvement due to VM migration deployment surpasses 50% in the best scenarios. However, there is a trade-off between availability and security metrics, meaning that improving one implies compromising the other.
Mariotti, Francesco, Tavanti, Matteo, Montecchi, Leonardo, Lollini, Paolo.  2022.  Extending a security ontology framework to model CAPEC attack paths and TAL adversary profiles. 2022 18th European Dependable Computing Conference (EDCC). :25–32.
Security evaluation can be performed using a variety of analysis methods, such as attack trees, attack graphs, threat propagation models, stochastic Petri nets, and so on. These methods analyze the effect of attacks on the system, and estimate security attributes from different perspectives. However, they require information from experts in the application domain for properly capturing the key elements of an attack scenario: i) the attack paths a system could be subject to, and ii) the different characteristics of the possible adversaries. For this reason, some recent works focused on the generation of low-level security models from a high-level description of the system, hiding the technical details from the modeler.In this paper we build on an existing ontology framework for security analysis, available in the ADVISE Meta tool, and we extend it in two directions: i) to cover the attack patterns available in the CAPEC database, a comprehensive dictionary of known patterns of attack, and ii) to capture all the adversaries’ profiles as defined in the Threat Agent Library (TAL), a reference library for defining the characteristics of external and internal threat agents ranging from industrial spies to untrained employees. The proposed extension supports a richer combination of adversaries’ profiles and attack paths, and provides guidance on how to further enrich the ontology based on taxonomies of attacks and adversaries.
2022-10-20
Torquato, Matheus, Maciel, Paulo, Vieira, Marco.  2020.  Security and Availability Modeling of VM Migration as Moving Target Defense. 2020 IEEE 25th Pacific Rim International Symposium on Dependable Computing (PRDC). :50—59.
Moving Target Defense (MTD) is a defensive mechanism based on dynamic system reconfiguration to prevent or thwart cyberattacks. In the last years, considerable progress has been made regarding MTD approaches for virtualized environments, and Virtual Machine (VM) migration is the core of most of these approaches. However, VM migration produces system downtime, meaning that each MTD reconfiguration affects system availability. Therefore, a method for a combined evaluation of availability and security is of utmost importance for VM migration-based MTD design. In this paper, we propose a Stochastic Reward Net (SRN) for the probability of attack success and availability evaluation of an MTD based on VM migration scheduling. We study the MTD system under different conditions regarding 1) VM migration scheduling, 2) VM migration failure probability, and 3) attack success rate. Our results highlight the tradeoff between availability and security when applying MTD based on VM migration. The approach and results may provide inputs for designing and evaluating MTD policies based on VM migration.
2022-08-03
Gao, Hongxia, Yu, Zhenhua, Cong, Xuya, Wang, Jing.  2021.  Trustworthiness Evaluation of Smart Grids Using GSPN. 2021 IEEE International Conference on Networking, Sensing and Control (ICNSC). 1:1—7.
Smart grids are one of the most important applications of cyber-physical systems. They intelligently transmit energy to customers by information technology, and have replaced the traditional power grid and are widely used. However, smart grids are vulnerable to cyber-attacks. Once attacked, it will cause great losses and lose the trust of customers. Therefore, it is important to evaluate the trustworthiness of smart grids. In order to evaluate the trustworthiness of smart grids, this paper uses a generalized stochastic Petri net (GSPN) to model smart grids. Considering various security threats that smart grids may face, we propose a general GSPN model for smart grids, which evaluates trustworthiness from three metrics of reliability, availability, and integrity by analyzing steady-state and transient probabilities. Finally, we obtain the value of system trustworthiness and simulation results show that the feasibility and effectiveness of our model for smart grids trustworthiness.
2021-10-12
He, Leifeng, Liu, Guanjun.  2020.  Petri Nets Based Verification of Epistemic Logic and Its Application on Protocols of Privacy and Security. 2020 IEEE World Congress on Services (SERVICES). :25–28.
Epistemic logic can specify many design requirements of privacy and security of multi-agent systems (MAS). The existing model checkers of epistemic logic use some programming languages to describe MAS, induce Kripke models as the behavioral representation of MAS, apply Ordered Binary Decision Diagrams (OBDD) to encode Kripke models to solve their state explosion problem and verify epistemic logic based on the encoded Kripke models. However, these programming languages are usually non-intuitive. More seriously, their OBDD-based model checking processes are often time-consuming due to their dynamic variable ordering for OBDD. Therefore, we define Knowledge-oriented Petri Nets (KPN) to intuitively describe MAS, induce similar reachability graphs as the behavioral representation of KPN, apply OBDD to encode all reachable states, and finally verify epistemic logic. Although we also use OBDD, we adopt a heuristic method for the computation of a static variable order instead of dynamic variable ordering. More importantly, while verifying an epistemic formula, we dynamically generate its needed similar relations, which makes our model checking process much more efficient. In this paper, we introduce our work.
2021-10-04
Karelova, O.L., Golosov, P.E..  2020.  Digraph Modeling of Information Security Systems. 2020 International Multi-Conference on Industrial Engineering and Modern Technologies (FarEastCon). :1–4.
When modeling information security systems (ISS), the vast majority of works offer various models of threats to the object of protection (threat trees, Petri nets, etc.). However, ISS is not only a mean to prevent threats or reduce damage from their implementation, but also other components - the qualifications of employees responsible for IS, the internal climate in the team, the company's position on the market, and many others. The article considers the cognitive model of the state of the information security system of an average organization. The model is a weighted oriented graph, its' vertices are standard elements of the organization's information security system. The most significant factors affecting the condition of information security of the organization are identified based on the model. Influencing these factors is providing the most effect if IS level.
2021-03-17
Sadu, A., Stevic, M., Wirtz, N., Monti, A..  2020.  A Stochastic Assessment of Attacks based on Continuous-Time Markov Chains. 2020 6th IEEE International Energy Conference (ENERGYCon). :11—16.

With the increasing interdependence of critical infrastructures, the probability of a specific infrastructure to experience a complex cyber-physical attack is increasing. Thus it is important to analyze the risk of an attack and the dynamics of its propagation in order to design and deploy appropriate countermeasures. The attack trees, commonly adopted to this aim, have inherent shortcomings in representing interdependent, concurrent and sequential attacks. To overcome this, the work presented here proposes a stochastic methodology using Petri Nets and Continuous Time Markov Chain (CTMC) to analyze the attacks, considering the individual attack occurrence probabilities and their stochastic propagation times. A procedure to convert a basic attack tree into an equivalent CTMC is presented. The proposed method is applied in a case study to calculate the different attack propagation characteristics. The characteristics are namely, the probability of reaching the root node & sub attack nodes, the mean time to reach the root node and the mean time spent in the sub attack nodes before reaching the root node. Additionally, the method quantifies the effectiveness of specific defenses in reducing the attack risk considering the efficiency of individual defenses.

2021-03-09
Yamaguchi, S..  2020.  Botnet Defense System and Its Basic Strategy Against Malicious Botnet. 2020 IEEE International Conference on Consumer Electronics - Taiwan (ICCE-Taiwan). :1—2.

This paper proposes a basic strategy for Botnet Defense System (BDS). BDS is a cybersecurity system that utilizes white-hat botnets to defend IoT systems against malicious botnets. Once a BDS detects a malicious botnet, it launches white-hat worms in order to drive out the malicious botnet. The proposed strategy aims at the proper use of the worms based on the worms' capability such as lifespan and secondary infectivity. If the worms have high secondary infectivity or a long lifespan, the BDS only has to launch a few worms. Otherwise, it should launch as many worms as possible. The effectiveness of the strategy was confirmed through the simulation evaluation using agent-oriented Petri nets.

2020-11-20
Liu, D., Lou, F., Wang, H..  2019.  Modeling and measurement internal threat process based on advanced stochastic model*. 2019 Chinese Automation Congress (CAC). :1077—1081.
Previous research on internal threats was mostly focused on modeling threat behaviors. These studies have paid little attention to risk measurement. This paper analyzed the internal threat scenarios, introduced the operation related protection model into the firewall-password model, constructed a series of sub models. By analyzing the illegal data out process, the analysis model of target network can be rapidly generated based on four protection sub-models. Then the risk value of an assessment point can be computed dynamically according to the Petri net computing characteristics and the effectiveness of overall network protection can be measured. This method improves the granularity of the model and simplifies the complexity of modeling complex networks and can realize dynamic and real-time risk measurement.
2020-10-16
Hussain, Mukhtar, Foo, Ernest, Suriadi, Suriadi.  2019.  An Improved Industrial Control System Device Logs Processing Method for Process-Based Anomaly Detection. 2019 International Conference on Frontiers of Information Technology (FIT). :150—1505.

Detecting process-based attacks on industrial control systems (ICS) is challenging. These cyber-attacks are designed to disrupt the industrial process by changing the state of a system, while keeping the system's behaviour close to the expected behaviour. Such anomalous behaviour can be effectively detected by an event-driven approach. Petri Net (PN) model identification has proved to be an effective method for event-driven system analysis and anomaly detection. However, PN identification-based anomaly detection methods require ICS device logs to be converted into event logs (sequence of events). Therefore, in this paper we present a formalised method for pre-processing and transforming ICS device logs into event logs. The proposed approach outperforms the previous methods of device logs processing in terms of anomaly detection. We have demonstrated the results using two published datasets.

2020-10-06
Gupta, Priyanka, Garg, Gagan.  2019.  Handling concurrent requests in a secret sharing based storage system using Petri Nets. 2019 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS). :1—6.

Data can be stored securely in various storage servers. But in the case of a server failure, or data theft from a certain number of servers, the remaining data becomes inadequate for use. Data is stored securely using secret sharing schemes, so that data can be reconstructed even if some of the servers fail. But not much work has been carried out in the direction of updation of this data. This leads to the problem of updation when two or more concurrent requests arrive and thus, it results in inconsistency. Our work proposes a novel method to store data securely with concurrent update requests using Petri Nets, under the assumption that the number of nodes is very large and the requests for updates are very frequent.

2020-09-04
Wu, Yan, Luo, Anthony, Xu, Dianxiang.  2019.  Forensic Analysis of Bitcoin Transactions. 2019 IEEE International Conference on Intelligence and Security Informatics (ISI). :167—169.
Bitcoin [1] as a popular digital currency has been a target of theft and other illegal activities. Key to the forensic investigation is to identify bitcoin addresses involved in bitcoin transfers. This paper presents a framework, FABT, for forensic analysis of bitcoin transactions by identifying suspicious bitcoin addresses. It formalizes the clues of a given case as transaction patterns defined over a comprehensive set of features. FABT converts the bitcoin transaction data into a formal model, called Bitcoin Transaction Net (BTN). The traverse of all bitcoin transactions in the order of their occurrences is captured by the firing sequence of all transitions in the BTN. We have applied FABT to identify suspicious addresses in the Mt.Gox case. A subgroup of the suspicious addresses has been found to share many characteristics about the received/transferred amount, number of transactions, and time intervals.
2020-07-06
Sheela, A., Revathi, S., Iqbal, Atif.  2019.  Cyber Risks Assessment For Intelligent And Non-Intelligent Attacks In Power System. 2019 2nd International Conference on Power and Embedded Drive Control (ICPEDC). :40–45.
Smart power grid is a perfect model of Cyber Physical System (CPS) which is an important component for a comfortable life. The major concern of the electrical network is safety and reliable operation. A cyber attacker in the operation of power system would create a major damage to the entire power system structure and affect the continuity of the power supply by adversely changing its parameters. A risk assessment method is presented for evaluating the cyber security assessment of power systems taking into consideration the need for protection systems. The paper considers the impact of bus and transmission line protection systems located in substations on the cyber physical performance of power systems. The proposed method is to simulate the response of power systems to sudden attacks on various power system preset value and parameters. This paper focuses on the cyber attacks which occur in a co-ordinated way so that many power system components will be in risk. The risk can be modelled as the combined probability of power system impact due to attacks and of successful interruption into the system. Stochastic Petri Nets is employed for assessing the risks. The effectiveness of the proposed cyber security risk assessment method is simulated for a IEEE39 bus system.
2020-04-24
Yang, Yi, Xu, Wei, Wang, Sixin, Wei, Kunlun.  2018.  Modeling and Analysis of CPS Availability Based on the Object-oriented Timed Petri Nets. 2018 37th Chinese Control Conference (CCC). :6172—6177.

Cyber-Physical Systems (CPS) is mostly deployed in security-critical applications where their failures can cause serious consequences, and therefore it is critical to evaluate its availability. In this paper, an architecture model of CPS is established from the perspective of object-oriented system. The system is a unified whole formed by various independent objects (including sensors, controllers and actuators) through communication connection. Then the paper presents the Object-oriented Timed Petri Net to model the system. The modeling method can be used to describe the whole system and the characteristics of the object. At the same time, the availability analysis of the system is carried out by using the mathematical analysis method and simulation tool of Petri net. Finally, a concrete case is given to verify the feasibility of the modeling method in CPS availability analysis.

2020-04-20
Lefebvre, Dimitri, Hadjicostis, Christoforos N..  2019.  Trajectory-observers of timed stochastic discrete event systems: Applications to privacy analysis. 2019 6th International Conference on Control, Decision and Information Technologies (CoDIT). :1078–1083.
Various aspects of security and privacy in many application domains can be assessed based on proper analysis of successive measurements that are collected on a given system. This work is devoted to such issues in the context of timed stochastic Petri net models. We assume that certain events and part of the marking trajectories are observable to adversaries who aim to determine when the system is performing secret operations, such as time intervals during which the system is executing certain critical sequences of events (as captured, for instance, in language-based opacity formulations). The combined use of the k-step trajectory-observer and the Markov model of the stochastic Petri net leads to probabilistic indicators helpful for evaluating language-based opacity of the given system, related timing aspects, and possible strategies to improve them.
2020-03-16
Radoglou-Grammatikis, Panagiotis, Sarigiannidis, Panagiotis, Giannoulakis, Ioannis, Kafetzakis, Emmanouil, Panaousis, Emmanouil.  2019.  Attacking IEC-60870-5-104 SCADA Systems. 2019 IEEE World Congress on Services (SERVICES). 2642-939X:41–46.
The rapid evolution of the Information and Communications Technology (ICT) services transforms the conventional electrical grid into a new paradigm called Smart Grid (SG). Even though SG brings significant improvements, such as increased reliability and better energy management, it also introduces multiple security challenges. One of the main reasons for this is that SG combines a wide range of heterogeneous technologies, including Internet of Things (IoT) devices as well as Supervisory Control and Data Acquisition (SCADA) systems. The latter are responsible for monitoring and controlling the automatic procedures of energy transmission and distribution. Nevertheless, the presence of these systems introduces multiple vulnerabilities because their protocols do not implement essential security mechanisms such as authentication and access control. In this paper, we focus our attention on the security issues of the IEC 60870-5-104 (IEC-104) protocol, which is widely utilized in the European energy sector. In particular, we provide a SCADA threat model based on a Coloured Petri Net (CPN) and emulate four different types of cyber attacks against IEC-104. Last, we used AlienVault's risk assessment model to evaluate the risk level that each of these cyber attacks introduces to our system to confirm our intuition about their severity.
2020-03-09
Tun, Hein, Lupin, Sergey, Than, Ba Hla, Nay Zaw Linn, Kyaw, Khaing, Min Thu.  2019.  Estimation of Information System Security Using Hybrid Simulation in AnyLogic. 2019 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus). :1829–1834.
Nowadays the role of Information systems in our life has greatly increased, which has become one of the biggest challenges for citizens, organizations and governments. Every single day we are becoming more and more dependent on information and communication technology (ICT). A major goal of information security is to find the best ways to mitigate the risks. The context-role and perimeter protection approaches can reduce and prevent an unauthorized penetration to protected zones and information systems inside the zones. The result of this work can be useful for the security system analysis and optimization of their organizations.
2019-12-09
Bruni, Roberto, Melgratti, Hernán, Montanari, Ugo.  2018.  Concurrency and Probability: Removing Confusion, Compositionally. Proceedings of the 33rd Annual ACM/IEEE Symposium on Logic in Computer Science. :195–204.
Assigning a satisfactory truly concurrent semantics to Petri nets with confusion and distributed decisions is a long standing problem, especially if one wants to resolve decisions by drawing from some probability distribution. Here we propose a general solution based on a recursive, static decomposition of (occurrence) nets in loci of decision, called structural branching cells (s-cells). Each s-cell exposes a set of alternatives, called transactions. Our solution transforms a given Petri net into another net whose transitions are the transactions of the s-cells and whose places are those of the original net, with some auxiliary structure for bookkeeping. The resulting net is confusion-free, and thus conflicting alternatives can be equipped with probabilistic choices, while nonintersecting alternatives are purely concurrent and their probability distributions are independent. The validity of the construction is witnessed by a tight correspondence with the recursively stopped configurations of Abbes and Benveniste. Some advantages of our approach are that: i) s-cells are defined statically and locally in a compositional way; ii) our resulting nets faithfully account for concurrency.
2019-05-01
Mili, S., Nguyen, N., Chelouah, R..  2018.  Attack Modeling and Verification for Connected System Security. 2018 13th Annual Conference on System of Systems Engineering (SoSE). :157–162.

In the development process of critical systems, one of the main challenges is to provide early system validation and verification against vulnerabilities in order to reduce cost caused by late error detection. We propose in this paper an approach that, firstly allows formally describe system security specifications, thanks to our suggested extended attack tree. Secondly, static and dynamic system modeling by using a SysML connectivity profile to model error propagation is introduced. Finally, a model checker has been used in order to validate system specifications.

2019-03-28
He, F., Zhang, Y., Liu, H., Zhou, W..  2018.  SCPN-Based Game Model for Security Situational Awareness in the Intenet of Things. 2018 IEEE Conference on Communications and Network Security (CNS). :1-5.
Internet of Things (IoT) is characterized by various of heterogeneous devices that facing numerous threats, which makes modeling security situation of IoT still a certain challenge. This paper defines a Stochastic Colored Petri Net (SCPN) for IoT-based smart environment and then proposes a Game model for security situational awareness. All possible attack paths are computed by the SCPN, and antagonistic behavior of both attackers and defenders are taken into consideration dynamically according to Game Theory (GT). Experiments on two typical attack scenarios in smart home environment demonstrate the effectiveness of the proposed model. The proposed model can form a macroscopic trend curve of the security situation. Analysis of the results shows the capabilities of the proposed model in finding vulnerable devices and potential attack paths, and even facilitating the choice of defense strategy. To the best of our knowledge, this is the first attempt to use Game Theory in the IoT-based SCPN to establish a security situational awareness model for a complex smart environment.
2019-03-22
Liu, Y., Li, X., Xiao, L..  2018.  Service Oriented Resilience Strategy for Cloud Data Center. 2018 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C). :269-274.

As an information hinge of various trades and professions in the era of big data, cloud data center bears the responsibility to provide uninterrupted service. To cope with the impact of failure and interruption during the operation on the Quality of Service (QoS), it is important to guarantee the resilience of cloud data center. Thus, different resilience actions are conducted in its life circle, that is, resilience strategy. In order to measure the effect of resilience strategy on the system resilience, this paper propose a new approach to model and evaluate the resilience strategy for cloud data center focusing on its core part of service providing-IT architecture. A comprehensive resilience metric based on resilience loss is put forward considering the characteristic of cloud data center. Furthermore, mapping model between system resilience and resilience strategy is built up. Then, based on a hierarchical colored generalized stochastic petri net (HCGSPN) model depicting the procedure of the system processing the service requests, simulation is conducted to evaluate the resilience strategy through the metric calculation. With a case study of a company's cloud data center, the applicability and correctness of the approach is demonstrated.

2019-01-31
Das, D., Meiser, S., Mohammadi, E., Kate, A..  2018.  Anonymity Trilemma: Strong Anonymity, Low Bandwidth Overhead, Low Latency - Choose Two. 2018 IEEE Symposium on Security and Privacy (SP). :108–126.

This work investigates the fundamental constraints of anonymous communication (AC) protocols. We analyze the relationship between bandwidth overhead, latency overhead, and sender anonymity or recipient anonymity against the global passive (network-level) adversary. We confirm the trilemma that an AC protocol can only achieve two out of the following three properties: strong anonymity (i.e., anonymity up to a negligible chance), low bandwidth overhead, and low latency overhead. We further study anonymity against a stronger global passive adversary that can additionally passively compromise some of the AC protocol nodes. For a given number of compromised nodes, we derive necessary constraints between bandwidth and latency overhead whose violation make it impossible for an AC protocol to achieve strong anonymity. We analyze prominent AC protocols from the literature and depict to which extent those satisfy our necessary constraints. Our fundamental necessary constraints offer a guideline not only for improving existing AC systems but also for designing novel AC protocols with non-traditional bandwidth and latency overhead choices.