12 research outputs found
Studying Maximum Information Leakage Using Karush-Kuhn-Tucker Conditions
When studying the information leakage in programs or protocols, a natural
question arises: "what is the worst case scenario?". This problem of
identifying the maximal leakage can be seen as a channel capacity problem in
the information theoretical sense. In this paper, by combining two powerful
theories: Information Theory and Karush-Kuhn-Tucker conditions, we demonstrate
a very general solution to the channel capacity problem. Examples are given to
show how our solution can be applied to practical contexts of programs and
anonymity protocols, and how this solution generalizes previous approaches to
this problem
Quantitative Information Flow as Safety and Liveness Hyperproperties
We employ Clarkson and Schneider's "hyperproperties" to classify various
verification problems of quantitative information flow. The results of this
paper unify and extend the previous results on the hardness of checking and
inferring quantitative information flow. In particular, we identify a subclass
of liveness hyperproperties, which we call "k-observable hyperproperties", that
can be checked relative to a reachability oracle via self composition.Comment: In Proceedings QAPL 2012, arXiv:1207.055
LIBQIF: a quantitative information flow C++ toolkit library
A fundamental concern in computer security is to control information ow, whether to protect con dential information from being leaked, or to protect trusted information from being tainted. A classic approach is to try to enforce non-interference. Unfortunately, achieving non-interference is often not possible, because often there is a correlation between secrets and observables, either by design or due to some physical feature of the computation (side channels). One promising approach to relaxing noninterference, is to develop a quantitative theory of information ow that allows us to reason about how much information is being leaked, thus paving the way to the possibility of tolerating small leaks.
In this work, we aim at developing a quantitative information ow C++ toolkit library, implementing several algorithms from the areas of QIF (more speci cally from four theories: Shannon Entropy, Min-Entropy, Guessing Entropy and G-Leakage) and Di erential Privacy. The library can be used by academics to facilitate research in these areas, as well as by students as a learning tool. A primary use of the library is to compute QIF measures as well as to generate plots, useful for understanding their behavior. Moreover, the library allows users to compute optimal di erentially private mechanisms, compare the utility of known mechanisms, compare the leakage of channels, compute gain functions that separate channels, and various other functionalities related to QIF.Trabajo final de carreraSociedad Argentina de Informática e Investigación Operativa (SADIO
LIBQIF: a quantitative information flow C++ toolkit library
A fundamental concern in computer security is to control information ow, whether to protect con dential information from being leaked, or to protect trusted information from being tainted. A classic approach is to try to enforce non-interference. Unfortunately, achieving non-interference is often not possible, because often there is a correlation between secrets and observables, either by design or due to some physical feature of the computation (side channels). One promising approach to relaxing noninterference, is to develop a quantitative theory of information ow that allows us to reason about how much information is being leaked, thus paving the way to the possibility of tolerating small leaks.
In this work, we aim at developing a quantitative information ow C++ toolkit library, implementing several algorithms from the areas of QIF (more speci cally from four theories: Shannon Entropy, Min-Entropy, Guessing Entropy and G-Leakage) and Di erential Privacy. The library can be used by academics to facilitate research in these areas, as well as by students as a learning tool. A primary use of the library is to compute QIF measures as well as to generate plots, useful for understanding their behavior. Moreover, the library allows users to compute optimal di erentially private mechanisms, compare the utility of known mechanisms, compare the leakage of channels, compute gain functions that separate channels, and various other functionalities related to QIF.Trabajo final de carreraSociedad Argentina de Informática e Investigación Operativa (SADIO
Differential Privacy: on the trade-off between Utility and Information Leakage
Differential privacy is a notion of privacy that has become very popular in
the database community. Roughly, the idea is that a randomized query mechanism
provides sufficient privacy protection if the ratio between the probabilities
that two adjacent datasets give the same answer is bound by e^epsilon. In the
field of information flow there is a similar concern for controlling
information leakage, i.e. limiting the possibility of inferring the secret
information from the observables. In recent years, researchers have proposed to
quantify the leakage in terms of R\'enyi min mutual information, a notion
strictly related to the Bayes risk. In this paper, we show how to model the
query system in terms of an information-theoretic channel, and we compare the
notion of differential privacy with that of mutual information. We show that
differential privacy implies a bound on the mutual information (but not
vice-versa). Furthermore, we show that our bound is tight. Then, we consider
the utility of the randomization mechanism, which represents how close the
randomized answers are, in average, to the real ones. We show that the notion
of differential privacy implies a bound on utility, also tight, and we propose
a method that under certain conditions builds an optimal randomization
mechanism, i.e. a mechanism which provides the best utility while guaranteeing
differential privacy.Comment: 30 pages; HAL repositor
Probable Innocence and Independent Knowledge
International audienceWe analyse the \textsc{Crowds} anonymity protocol under the novel assumption that the attacker has independent knowledge on behavioural patterns of individual users. Under such conditions we study, reformulate and extend Reiter and Rubin's notion of probable innocence, and provide a new formalisation for it based on the concept of protocol vulnerability. Accordingly, we establish new formal relationships between protocol parameters and attackers' knowledge expressing necessary and sufficient conditions to ensure probable innocence
LIBQIF: a quantitative information flow C++ toolkit library
A fundamental concern in computer security is to control information ow, whether to protect con dential information from being leaked, or to protect trusted information from being tainted. A classic approach is to try to enforce non-interference. Unfortunately, achieving non-interference is often not possible, because often there is a correlation between secrets and observables, either by design or due to some physical feature of the computation (side channels). One promising approach to relaxing noninterference, is to develop a quantitative theory of information ow that allows us to reason about how much information is being leaked, thus paving the way to the possibility of tolerating small leaks.
In this work, we aim at developing a quantitative information ow C++ toolkit library, implementing several algorithms from the areas of QIF (more speci cally from four theories: Shannon Entropy, Min-Entropy, Guessing Entropy and G-Leakage) and Di erential Privacy. The library can be used by academics to facilitate research in these areas, as well as by students as a learning tool. A primary use of the library is to compute QIF measures as well as to generate plots, useful for understanding their behavior. Moreover, the library allows users to compute optimal di erentially private mechanisms, compare the utility of known mechanisms, compare the leakage of channels, compute gain functions that separate channels, and various other functionalities related to QIF.Trabajo final de carreraSociedad Argentina de Informática e Investigación Operativa (SADIO