3,899 research outputs found
Quantifying Information Leakage in Finite Order Deterministic Programs
Information flow analysis is a powerful technique for reasoning about the
sensitive information exposed by a program during its execution. While past
work has proposed information theoretic metrics (e.g., Shannon entropy,
min-entropy, guessing entropy, etc.) to quantify such information leakage, we
argue that some of these measures not only result in counter-intuitive measures
of leakage, but also are inherently prone to conflicts when comparing two
programs P1 and P2 -- say Shannon entropy predicts higher leakage for program
P1, while guessing entropy predicts higher leakage for program P2. This paper
presents the first attempt towards addressing such conflicts and derives
solutions for conflict-free comparison of finite order deterministic programs.Comment: 14 pages, 1 figure. A shorter version of this paper is submitted to
ICC 201
CTL+FO Verification as Constraint Solving
Expressing program correctness often requires relating program data
throughout (different branches of) an execution. Such properties can be
represented using CTL+FO, a logic that allows mixing temporal and first-order
quantification. Verifying that a program satisfies a CTL+FO property is a
challenging problem that requires both temporal and data reasoning. Temporal
quantifiers require discovery of invariants and ranking functions, while
first-order quantifiers demand instantiation techniques. In this paper, we
present a constraint-based method for proving CTL+FO properties automatically.
Our method makes the interplay between the temporal and first-order
quantification explicit in a constraint encoding that combines recursion and
existential quantification. By integrating this constraint encoding with an
off-the-shelf solver we obtain an automatic verifier for CTL+FO
Studying Maximum Information Leakage Using Karush-Kuhn-Tucker Conditions
When studying the information leakage in programs or protocols, a natural
question arises: "what is the worst case scenario?". This problem of
identifying the maximal leakage can be seen as a channel capacity problem in
the information theoretical sense. In this paper, by combining two powerful
theories: Information Theory and Karush-Kuhn-Tucker conditions, we demonstrate
a very general solution to the channel capacity problem. Examples are given to
show how our solution can be applied to practical contexts of programs and
anonymity protocols, and how this solution generalizes previous approaches to
this problem
- …