Computing the Leakage of Information-Hiding Systems

Andrés, Miguel; Palamidessi, Catuscia; Rossum, Peter van; Smith, Geoffrey

doi:10.1007/978-3-642-12002-2_32

Cited by 32 publications

(32 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Concerning the efficient computation of the channel matrix and the leakage, the only work we are aware of is [1], in which the authors propose various automatic techniques. One of these is able to generate counterexamples, namely points on the execution where the channel exhibits an excessive amount of leakage.…”

Section: Vulnerability Approachmentioning

confidence: 99%

Reconciling Belief and Vulnerability in Information Flow

Hamadou

Sassone

Palamidessi

2010

2010 IEEE Symposium on Security and Privacy

Self Cite

View full text Add to dashboard Cite

Abstract-Belief and vulnerability have been proposed recently to quantify information flow in security systems. Both concepts stand as alternatives to the traditional approaches founded on Shannon entropy and mutual information, which were shown to provide inadequate security guarantees. In this paper we unify the two concepts in one model so as to cope with (potentially inaccurate) attackers' extra knowledge. To this end we propose a new metric based on vulnerability that takes into account the adversary's beliefs.Keywords-Security; information hiding, information flow; quantitative and probabilistic models; uncertainty; accuracy; I. IProtecting sensitive and confidential data is becoming increasingly important in many fields of human activities, such as electronic communication, auction, payment and voting. Many protocols for protecting confidential information have been proposed in the literature. In recent years the frameworks for reasoning, designing, and verifying these protocols have considered probabilistic aspects and techniques for two reasons. First, the data to be protected often range in domains naturally subject to statistical considerations. Second and more important, the protocols often use randomised primitives to obfuscate the link between the information to be protected and the observable outcomes. This is the case, e.g., of the DCNets [8], Crowds [31], Onion Routing [37], and Freenet [13].From the formal point of view, the degree of protection is the converse of the leakage, i.e. the amount of information about the secrets that can be deduced from the observables. Early approaches to information hiding in literature were the so-called possibilistic approaches, in which the probabilistic aspects were abstracted away and replaced by nondeterminism. Some examples of these approaches are those based on epistemic logic [20], [36], on function views [22], and on process calculi [32], [33]. Recently, however, it has been recognised that the possibilistic view is too coarse, in that it tends to consider as equivalent systems which have very different degrees of protection.The probabilistic approaches are therefore becoming increasingly more popular. At the beginning they were investigated mainly at their strongest form of protection, namely to express the property that the observables reveal no (quantitative) information about the secrets (strong anonymity, no interference) [2], [8], [20]. More recently, weaker notions of protection have been considered, due to the fact that such strong properties are almost never achievable in practice. Still in the probabilistic framework, Rubin and Reiter have proposed the concepts of possible innocence and of probable innocence [31] as weak notions of anonymity protection (see also [4] for a generalisation of the latter). These are, however, still true-or-false properties. The need to express in a quantitative way the degree of protection has then lead naturally to explore suitable notions within the wellestablished fields of Information Theory and of ...

show abstract

Section: Vulnerability Approachmentioning

confidence: 99%

Reconciling Belief and Vulnerability in Information Flow

Hamadou

Sassone

Palamidessi

2010

2010 IEEE Symposium on Security and Privacy

Self Cite

View full text Add to dashboard Cite

show abstract

“…Concerning the computation of the channel matrix and of the leakage for probabilistic systems, one of the first works to attack the problem was [45], in which the authors proposed various model-checking techniques. One of these is able to generate counterexamples, namely points in the execution where the channel exhibits an excessive amount of leakage.…”

Section: Related Workmentioning

confidence: 99%

Quantifying leakage in the presence of unreliable sources of information

Hamadou

Palamidessi

Sassone

2017

Journal of Computer and System Sciences

Self Cite

View full text Add to dashboard Cite

Belief and min-entropy leakage are two well-known approaches to quantify information flow in security systems. Both concepts stand as alternatives to the traditional approaches founded on Shannon entropy and mutual information, which were shown to provide inadequate security guarantees. In this paper we unify the two concepts in one model so as to cope with the frequent (potentially inaccurate, misleading or outdated) attackers' side information about individuals on social networks, online forums, blogs and other forms of online communication and information sharing. To this end we propose a new metric based on min-entropy that takes into account the adversary's beliefs.

show abstract

“…Interactive Information Hiding Systems (IIHS) [2] are a variant of probabilistic automata in which we separate actions into secrets (inputs) and observables (outputs). "Interactive" means that secrets and observables can interleave and influence each other.…”

Section: Definition 2 In a Channel With Feedback The Directed Informentioning

confidence: 99%