A static analysis for quantifying information flow in a simple imperative language

Clark, David; Hunt, Sebastian; Malacaria, Pasquale

doi:10.3233/jcs-2007-15302

Cited by 134 publications

(136 citation statements)

References 37 publications

Supporting

Mentioning

134

Contrasting

Order By: Relevance

“…A highly desirable outcome of this effort would be the automatic checking of enforcement via either model checking or program analysis. So far, the efforts have lead to some notable progress for simple imperative languages [13,21,20,4,10]. By contrast, progress for process algebras has been notably slower.…”

Section: Discussionmentioning

confidence: 99%

“…In declassification, a program may be declared as acceptable if information can flow from high to low but only in prescribed ways [11,24]. In more recent years, attempts have been made to provide methods to quantify the amount of leaked information, mostly building on information-theoretic or probabilistic tools [12,13,8,6]. Then a program may be declared as acceptable if the information it leaks does not exceed a prescribed threshold.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A semiring-based trace semantics for processes with applications to information leakage analysis

Boreale¹,

Clark²,

Gorla³

2014

Math. Struct. Comp. Sci.

Self Cite

View full text Add to dashboard Cite

Abstract. We propose a framework for reasoning about program security building on language-theoretic and coalgebraic concepts. The behaviour of a system is viewed as a mapping from traces of high (unobservable) events to low (observable) events: the less the degree of dependency of low events on high traces, the more secure the system. We take the abstract view that low events are drawn from a generic semiring, where they can be combined using product and sum operations; throughout the paper, we provide instances of this framework, obtained by concrete instantiations of the underlying semiring. We specify systems via a simple process calculus, whose semantics is given as the unique homomorphism from the calculus into the set of behaviours, i.e. formal power series, seen as a final coalgebra. We provide a compositional semantics for the calculus in terms of rational operators on formal power series and show that the final and the compositional semantics coincide.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A semiring-based trace semantics for processes with applications to information leakage analysis

Boreale¹,

Clark²,

Gorla³

2014

Math. Struct. Comp. Sci.

Self Cite

View full text Add to dashboard Cite

show abstract

“…There seems to be a general consensus in the literature for using Shannon entropy to measure uncertainty and mutual information to quantify information leakage [35,36,14,37,33]. We remind the reader that these approaches aim at quantifying information flow as a reduction of the adversary uncertainty about the high input and take no account of the adversary's initial belief.…”

Section: Shannon Entropy Approachmentioning

confidence: 99%

Quantifying leakage in the presence of unreliable sources of information

Hamadou

Palamidessi

Sassone

2017

Journal of Computer and System Sciences

View full text Add to dashboard Cite

Belief and min-entropy leakage are two well-known approaches to quantify information flow in security systems. Both concepts stand as alternatives to the traditional approaches founded on Shannon entropy and mutual information, which were shown to provide inadequate security guarantees. In this paper we unify the two concepts in one model so as to cope with the frequent (potentially inaccurate, misleading or outdated) attackers' side information about individuals on social networks, online forums, blogs and other forms of online communication and information sharing. To this end we propose a new metric based on min-entropy that takes into account the adversary's beliefs.

show abstract

“…The difference between the information, in Shannon's information-theoretical sense [5], that a given attacker possesses about the secret before and after a single attack is called leakage [4]. Different attackers would infer different amount of information.…”

Section: Introductionmentioning

confidence: 99%

“…Quantitative Information Flow techniques can be employed to precisely quantify the number of bits of information an attacker would gain about the confidential data of a system by interacting with the system and observing its behavior [4], leaving to the analyst to decide whether this amount is acceptable for the protocol analyzed.…”

Section: Introductionmentioning

confidence: 99%

Maximizing entropy over Markov processes

Biondi

Legay

Nielsen

et al. 2014

Journal of Logical and Algebraic Methods in Programming

View full text Add to dashboard Cite

The channel capacity of a deterministic system with confidential data is an upper bound on the amount of bits of data an attacker can learn from the system. We encode all possible attacks to a system using a probabilistic specification, an Interval Markov Chain. Then the channel capacity computation reduces to finding a model of a specification with highest entropy.Entropy maximization for probabilistic process specifications has not been studied before, even though it is well known in Bayesian inference for discrete distributions. We give a characterization of global entropy of a process as a reward function, a polynomial algorithm to verify the existence of a system maximizing entropy among those respecting a specification, a procedure for the maximization of reward functions over Interval Markov Chains and its application to synthesize an implementation maximizing entropy.We show how to use Interval Markov Chains to model abstractions of deterministic systems with confidential data, and use the above results to compute their channel capacity. These results are a foundation for ongoing work on computing channel capacity for abstractions of programs derived from code.

show abstract

A static analysis for quantifying information flow in a simple imperative language

Cited by 134 publications

References 37 publications

A semiring-based trace semantics for processes with applications to information leakage analysis

A semiring-based trace semantics for processes with applications to information leakage analysis

Quantifying leakage in the presence of unreliable sources of information

Maximizing entropy over Markov processes

Contact Info

Product

Resources

About