Quantifying Timing Leaks and Cost Optimisation

We develop a new notion of security against timing attacks where the attacker is able to simultaneously observe the execution time of a program and the probability of the values of low variables. We then show how to measure the security of a program with respect to this notion via a computable estimate of the timing leakage and use this estimate for cost optimisation.Comment: 16 pages, 2 figures, 4 tables. A shorter version is included in the proceedings of ICICS'08 - 10th International Conference on Information and Communications Security, 20-22 October, 2008 Birmingham, U

Maximizing Entropy over Markov Processes

International audienceThe channel capacity of a deterministic system with confidential data is an upper bound on the amount of bits of data an attacker can learn from the system. We encode all possible attacks to a system using a probabilistic specification, an Interval Markov Chain. Then the channel capacity computation reduces to finding a model of a specification with highest entropy. Entropy maximization for probabilistic process specifications has not been studied before, even though it is well known in Bayesian inference for discrete distributions. We give a characterization of global entropy of a process as a reward function, a polynomial algorithm to verify the existence of an system maximizing entropy among those respecting a specification, a procedure for the maximization of reward functions over Interval Markov Chains and its application to synthesize an implementation maximizing entropy. We show how to use Interval Markov Chains to model abstractions of deterministic systems with confidential data, and use the above results to compute their channel capacity. These results are a foundation for ongoing work on computing channel capacity for abstractions of programs derived from code

Landauer-B\"uttiker approach for hyperfine mediated electronic transport in the integer quantum Hall regime

The interplay of spin-polarized electronic edge states with the dynamics of the host nuclei in quantum Hall systems presents rich and non-trivial transport physics. Here, we develop a Landauer-B\"uttiker approach to understand various experimental features observed in the integer quantum Hall set ups featuring quantum point contacts. The approach developed here entails a phenomenological description of spin resolved inter-edge scattering induced via hyperfine assisted electron-nuclear spin flip-flop processes. A self-consistent simulation framework between the nuclear spin dynamics and edge state electronic transport is presented in order to gain crucial insights into the dynamic nuclear polarization effects on electronic transport and in turn the electron-spin polarization effects on the nuclear spin dynamics. In particular, we show that the hysteresis noted experimentally in the conductance-voltage trace as well as in the resistively detected NMR lineshape results from a lack of quasi-equilibrium between electronic transport and nuclear polarization evolution. In addition, we present circuit models to emulate such hyperfine mediated transport effects to further facilitate a clear understanding of the electronic transport processes occurring around the quantum point contact. Finally, we extend our model to account for the effects of quadrupolar splitting of nuclear levels and also depict the electronic transport signatures that arise from single and multi-photon processes.Comment: 21 pages, 8 figure

Management of R & D cooperation

Because of the high degree of technological complexity and the increasing convergence of new technologies, it is becoming more and more difficult to develop advanced products for those companies who solely rely on their own in-house 'core competencies'. One possible response made to these rising requirements is the consideration of cooperation with other companies. Since prior research on cooperation is extensive in its theoretical scope and diverse in its disciplinary bases, it seems appropriate to give a short overview on the literature. In this article, we pursue two purposes: Firstly, we provide a brief and comprehensive picture of theoretical findings on technology-related cooperation pertinent to practitioners by using a process-oriented framework which helps us to integrate the existing literature from different academic disciplines. Secondly, while management scholars have primarily tended to focus on certain research streams, we draw attention to some issues not sufficiently covered by the literature today. We highlight the importance of the technological content (incremental vs. breakthrough and product vs. process innovations) as well as the orientation of the cooperation (horizontal vs. lateral) which should be considered in more detail in future research. --

Replacing failed private water contracts

Failed private water concessions have been terminated and replaced with public sector operations in many countries. The paper reviews the negotiating processes involved in these terminations

Relating Maxwell's Demon and Quantitative Analysis of Information Leakage for Practical Imperative Programs

International audienceShannon observed the relation between information entropy and Maxwell demon experiment to come up with information entropy formula. After that, Shannon's entropy formula is widely used to measure information leakage in imperative programs. But in the present work, our aim is to go in a reverse direction and try to find possible Maxwell's demon experimental setup for contemporary practical imperative programs in which variations of Shannon's entropy formula has been applied to measure the information leakage. To establish the relation between the second principle of thermodynamics and quantitative analysis of information leakage, present work models contemporary variations of imperative programs in terms of Maxwell's demon experimental setup. In the present work five contemporary variations of imperative program related to information quantification are identified. They are: (1) information leakage in imperative program (2) imperative multithreaded program (3) point to point leakage in the imperative program (4) imperative program with infinite observation and (5) imperative program in the SOA-based environment. For these variations, minimal work required by an attacker to gain the secret is also calculated using historical Maxwell's demon experiment. To model the experimental setup of Maxwell's demon, non-interference security policy is used. In the present work, imperative programs with one-bit secret information have been considered to avoid the complexity. The findings of the present work from the history of physics can be utilized in many areas related to information flow of physical computing, nano-computing, quantum computing, biological computing, energy dissipation in computing and computing power analysis

Quantifying information leakage in process calculi

AbstractBuilding on simple information-theoretic concepts, we study two quantitative models of information leakage in the pi-calculus. The first model presupposes an attacker with an essentially unlimited computational power. The resulting notion of absolute leakage, measured in bits, is in agreement with secrecy as defined by Abadi and Gordon: a process has an absolute leakage of zero precisely when it satisfies secrecy. The second model assumes a restricted observation scenario, inspired by the testing equivalence framework, where the attacker can only conduct repeated success-or-failure experiments on processes. Moreover, each experiment has a cost in terms of communication effort. The resulting notion of leakage rate, measured in bits per action, is in agreement with the first model: the maximum amount of information that can be extracted by repeated experiments coincides with the absolute leakage A of the process. Moreover, the overall extraction cost is at least A/R, where R is the rate of the process. The compositionality properties of the two models are also investigated

Superconducting nanowire photon number resolving detector at telecom wavelength

The optical-to-electrical conversion, which is the basis of optical detectors, can be linear or nonlinear. When high sensitivities are needed single-photon detectors (SPDs) are used, which operate in a strongly nonlinear mode, their response being independent of the photon number. Nevertheless, photon-number resolving (PNR) detectors are needed, particularly in quantum optics, where n-photon states are routinely produced. In quantum communication, the PNR functionality is key to many protocols for establishing, swapping and measuring entanglement, and can be used to detect photon-number-splitting attacks. A linear detector with single-photon sensitivity can also be used for measuring a temporal waveform at extremely low light levels, e.g. in long-distance optical communications, fluorescence spectroscopy, optical time-domain reflectometry. We demonstrate here a PNR detector based on parallel superconducting nanowires and capable of counting up to 4 photons at telecommunication wavelengths, with ultralow dark count rate and high counting frequency

Markovian Processes for Quantitative Information Leakage

Quantification of information leakage is a successful approach for evaluating the security of a system. It models the system to be analyzed as a channel with the secret as the input and an output as observable by the attacker as the output, and applies information theory to quantify the amount of information transmitted through such channel, thus effectively quantifying how many bits of the secret can be inferred by the attacker by analyzing the system’s output.Channels are usually encoded as matrices of conditional probabilities, known as channel matrices. Such matrices grow exponentially in the size of the secret and observables, are cumbersome to compute and store, encode both the behavior of the system and assumptions about the attacker, and assume an input-output behavior of the system. For these reasons we propose to model the system-attacker scenario with Markovian models.We show that such models are more compact and treatable than channel matrices. Also, they clearly separate the behavior of the system from the assumptions about the attacker, and can represent even non-terminating behavior in a finite model. We provide techniques and algorithms to model and analyze both deterministic and randomized processes with Markovian models and to compute their informationleakage for a very general model of attacker. We present the QUAIL tool that automates such analysis and is able to compute the information leakage of an imperative WHILE language. Finally, we show how to use QUAIL to analyze some interesting cases of secret-dependent protocols