2016 IEEE European Symposium on Security and Privacy (EuroS&P) 2016
DOI: 10.1109/eurosp.2016.15
|View full text |Cite
|
Sign up to set email alerts
|

Precisely Measuring Quantitative Information Flow: 10K Lines of Code and Beyond

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
17
0

Year Published

2016
2016
2022
2022

Publication Types

Select...
7
1

Relationship

1
7

Authors

Journals

citations
Cited by 15 publications
(17 citation statements)
references
References 26 publications
0
17
0
Order By: Relevance
“…Despite given those evidences about the hardness of calculating QIF, for this decade, precise QIF analysis gathers much attention of the researchers. In [15], Klebanov [25] reported a method that can scale to programs of 10,000 lines of code but still based on SAT solver and symbolic execution. However, there is still a gap between such improvements and practical use, and researchers also work on approximating QIF.…”
Section: Examplementioning
confidence: 99%
“…Despite given those evidences about the hardness of calculating QIF, for this decade, precise QIF analysis gathers much attention of the researchers. In [15], Klebanov [25] reported a method that can scale to programs of 10,000 lines of code but still based on SAT solver and symbolic execution. However, there is still a gap between such improvements and practical use, and researchers also work on approximating QIF.…”
Section: Examplementioning
confidence: 99%
“…They explore both exhaustive enumeration and the existing DSHARP and sharpSAT tools, but only counting distinct values of the output variables. Val et al [36] integrate a symbolic execution tool more closely with a SAT solver by using techniques from SAT solving to prune the symbolic execution search space, and then perform exact model counting restricted to an output variable.…”
Section: A Exact Model Countingmentioning
confidence: 99%
“…Recently, QIF computation based on program analysis and model counting has effectively analyzed codebases of tens of thousands of lines of C code [29]. This technique proceeds as follows.…”
Section: Introductionmentioning
confidence: 99%
“…The technique has been shown to be able to help detect and confirm bugs in software [24,22,25], and to signal to a developer that there may be bugs in a particular part of the software. Indeed, QIF-based techniques, while not foolproof, can use the a large information flow to a particular part of the program as a hint to a developer in order to narrow down where to look for bugs [29]. However, the model counting step of the procedure is computationally very expensive, since it is #P -complete [30].…”
Section: Introductionmentioning
confidence: 99%