Quantifying Information Leakage in Finite Order Deterministic Programs

Information flow analysis is a powerful technique for reasoning about the sensitive information exposed by a program during its execution. While past work has proposed information theoretic metrics (e.g., Shannon entropy, min-entropy, guessing entropy, etc.) to quantify such information leakage, we argue that some of these measures not only result in counter-intuitive measures of leakage, but also are inherently prone to conflicts when comparing two programs P1 and P2 -- say Shannon entropy predicts higher leakage for program P1, while guessing entropy predicts higher leakage for program P2. This paper presents the first attempt towards addressing such conflicts and derives solutions for conflict-free comparison of finite order deterministic programs.Comment: 14 pages, 1 figure. A shorter version of this paper is submitted to ICC 201

CTL+FO Verification as Constraint Solving

Expressing program correctness often requires relating program data throughout (different branches of) an execution. Such properties can be represented using CTL+FO, a logic that allows mixing temporal and first-order quantification. Verifying that a program satisfies a CTL+FO property is a challenging problem that requires both temporal and data reasoning. Temporal quantifiers require discovery of invariants and ranking functions, while first-order quantifiers demand instantiation techniques. In this paper, we present a constraint-based method for proving CTL+FO properties automatically. Our method makes the interplay between the temporal and first-order quantification explicit in a constraint encoding that combines recursion and existential quantification. By integrating this constraint encoding with an off-the-shelf solver we obtain an automatic verifier for CTL+FO

Studying Maximum Information Leakage Using Karush-Kuhn-Tucker Conditions

When studying the information leakage in programs or protocols, a natural question arises: "what is the worst case scenario?". This problem of identifying the maximal leakage can be seen as a channel capacity problem in the information theoretical sense. In this paper, by combining two powerful theories: Information Theory and Karush-Kuhn-Tucker conditions, we demonstrate a very general solution to the channel capacity problem. Examples are given to show how our solution can be applied to practical contexts of programs and anonymity protocols, and how this solution generalizes previous approaches to this problem