Game theory on graphs is a basic tool in computer science. In this paper, we propose a new game-theoretic framework for studying the privacy protection of a user who interactively uses a software service. Our framework is based on the idea that an objective of a user using software services should not be known to an adversary because the objective is often closely related to personal information of the user. We propose two new notions, O-indistinguishable strategy (O-IS) and objective-indistinguishability equilibrium (OIE). For a given game and a subset O of winning objectives (or objectives in short), a strategy of a player is O-indistinguishable if an adversary cannot shrink O by excluding any objective from O as an impossible objective. A strategy profile, which is a tuple of strategies of all players, is an OIE if the profile is locally maximal in the sense that no player can expand her set of objectives indistinguishable from her real objective from the viewpoint of an adversary. We show that for a given multiplayer game with Muller objectives, both of the existence of an O-IS and that of OIE are decidable.

翻译：图上的博弈论是计算机科学中的基本工具。本文提出了一种新的博弈论框架，用于研究交互式使用软件服务的用户隐私保护问题。该框架基于以下思想：用户使用软件服务的目标不应被攻击者所知，因为这些目标通常与用户的个人信息密切相关。我们提出了两个新概念：O-不可区分策略（O-IS）和目标不可区分均衡（OIE）。对于给定的博弈和获胜目标（简称目标）的子集O，若攻击者无法通过将O中的任何目标排除为不可能目标来缩小O，则该玩家的策略是O-不可区分的。策略组合（即所有玩家策略的元组）构成OIE当且仅当该组合是局部最大的，即从攻击者视角看，没有任何玩家能够扩大其与真实目标不可区分的目标集合。我们证明，对于给定具有Muller目标的多玩家博弈，O-IS的存在性和OIE的存在性都是可判定的。