Security models and information flow

McLean, John

doi:10.1109/risp.1990.63849

Cited by 197 publications

(124 citation statements)

References 11 publications

Supporting

Mentioning

123

Contrasting

Order By: Relevance

“…However his definition is not aimed to measure leakage but to define it. Other pioneers on the use of information theory in the context of security are Dennings, McLean and Millen [9,8,20,21]. In recent years, a theoretical framework has been established based on Shannon's information theory to allow static, quantitative program analysis that provides an expectation of leakage in programs [15,16,17,23].…”

Section: Related Workmentioning

confidence: 99%

The Optimum Leakage Principle for Analyzing Multi-threaded Programs

Chen

Malacaria

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Bellman's optimality principle is a method for solving problems where one needs to find best decisions one after another. The principle can be extended to assess the information leakage in multi-threaded programs, and is formalized into the optimum leakage principle hereby proposed in this paper. By modeling the state transitions in multithreaded programs, the principle is combined with information theory to assess the leakage in multi-threaded programs, as the result of an optimal policy. This offers a new perspective to measure the information leakage and enables to track the leakage at run-time. Examples are given to demonstrate the analysis process. Finally, efficient implementation of this methodology is also briefly discussed.

show abstract

Section: Related Workmentioning

confidence: 99%

The Optimum Leakage Principle for Analyzing Multi-threaded Programs

Chen

Malacaria

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…5. Moving to a quantitative framework including fine-grained information augments the distinguishing power of the observer [18]. In general, the more information is added to a system model, the higher the number of vulnerabilities revealed through fine-grained notions of noninterference.…”

Section: Noninterference Analysismentioning

confidence: 99%

Weak Behavioral Equivalences for Verifying Secure and Performance-Aware Component-Based Systems

Aldini

Bernardo

2009

Architecting Dependable Systems VI

View full text Add to dashboard Cite

Abstract. Component-based systems are characterized by several orthogonal requirements, ranging from security to quality of service, which may demand for the use of opposite strategies and interfering mechanisms. To achieve a balanced tradeoff among these aspects, we have previously proposed the use of a predictive methodology, which encompasses classical tools such as the noninterference approach to security analysis and standard performance evaluation techniques. The former tool, which is based on equivalence checking, is used to reveal functional dependencies among component behaviors, while the latter tool, which relies on reward-based numerical analysis, is used to study the quantitative impact of these dependencies on the system performance. In order to strengthen the relation between these two different analysis techniques we advocate the use of performance-aware notions of behavioral equivalence as a formal means for detecting functional and performance dependencies and then pinpointing the metrics at the base of a balanced tradeoff. Trading Security with PerformanceOne of the major issues in the design of modern computing systems is trading dependability aspects with the expected quality of service [16,10,15]. A balanced tradeoff is particularly hard to accomplish when the dependability aspect of interest is security and the system under analysis requires the interaction of several, possibly untrusted components performing their activities in wide-area, public networks. As an example, it is commonly recognized that lightweight securing infrastructures like those employed for access control in the setting of the IEEE 802.11 standard for wireless local area networks [26] are able to mitigate the impact of the securing mechanisms on quality of service parameters, such as system throughput and response time, still preserving to a specific extent the properties for which they are introduced.Examples such as this emphasize the importance of integrating the different qualitative and quantitative views of a system in order to understand whether a reasonable balance can be achieved between the satisfaction of security requirements and the expected quality of service. However, foundational approaches to the analysis of secure and performance-aware systems have not successfully

show abstract

“…We mention in particular [1] which explores the relation between probability and nondeterminism, and [3] which extends of the notion of probable innocence. A related line of work is directed at exploring the application of information-theoretic concepts [24,12,20,21,29,5,10,19,15,8,9,17,18,2]. The relation with hypothesis testing is given by the fact that the exponential of the conditional entropy is an upper bound of the Bayes risk (the probability of error using the MAP rule) [23,4], although [26] has pointed out that the bound can be in some case very loose.…”

Section: Related Workmentioning

confidence: 99%

Bounds on the Leakage of the Input’s Distribution in Information-Hiding Protocols

Bhowmick

Palamidessi

2009

Trustworthy Global Computing

View full text Add to dashboard Cite

Abstract. In information-hiding, an adversary that tries to infer the secret information has a higher probability of success if it knows the distribution on the secrets. We show that if the system leaks probabilistically some information about the secrets, (that is, if there is a probabilistic correlation between the secrets and some observables) then the adversary can approximate such distribution by repeating the observations. More precisely, it can approximate the distribution on the observables by computing their frequencies, and then derive the distribution on the secrets by using the correlation in the inverse direction. We illustrate this method, and then we study the bounds on the approximation error associated with it, for various natural notions of error. As a case study, we apply our results to Crowds, a protocol for anonymous communication.

show abstract

Security models and information flow

Cited by 197 publications

References 11 publications

The Optimum Leakage Principle for Analyzing Multi-threaded Programs

The Optimum Leakage Principle for Analyzing Multi-threaded Programs

Weak Behavioral Equivalences for Verifying Secure and Performance-Aware Component-Based Systems

Bounds on the Leakage of the Input’s Distribution in Information-Hiding Protocols

Contact Info

Product

Resources

About