24,258 research outputs found
Quantitative Information Flow as Safety and Liveness Hyperproperties
We employ Clarkson and Schneider's "hyperproperties" to classify various
verification problems of quantitative information flow. The results of this
paper unify and extend the previous results on the hardness of checking and
inferring quantitative information flow. In particular, we identify a subclass
of liveness hyperproperties, which we call "k-observable hyperproperties", that
can be checked relative to a reachability oracle via self composition.Comment: In Proceedings QAPL 2012, arXiv:1207.055
Abstract Model Counting: A Novel Approach for Quantification of Information Leaks
acmid: 2590328 keywords: model checking, quantitative information flow, satisfiability modulo theories, symbolic execution location: Kyoto, Japan numpages: 10acmid: 2590328 keywords: model checking, quantitative information flow, satisfiability modulo theories, symbolic execution location: Kyoto, Japan numpages: 10acmid: 2590328 keywords: model checking, quantitative information flow, satisfiability modulo theories, symbolic execution location: Kyoto, Japan numpages: 10We present a novel method for Quantitative Information Flow analysis. We show how the problem of computing information leakage can be viewed as an extension of the Satisfiability Modulo Theories (SMT) problem. This view enables us to develop a framework for QIF analysis based on the framework DPLL(T) used in SMT solvers. We then show that the methodology of Symbolic Execution (SE) also fits our framework. Based on these ideas, we build two QIF analysis tools: the first one employs CBMC, a bounded model checker for ANSI C, and the second one is built on top of Symbolic PathFinder, a Symbolic Executor for Java. We use these tools to quantify leaks in industrial code such as C programs from the Linux kernel, a Java tax program from the European project HATS, and anonymity protocol
Hidden-Markov Program Algebra with iteration
We use Hidden Markov Models to motivate a quantitative compositional
semantics for noninterference-based security with iteration, including a
refinement- or "implements" relation that compares two programs with respect to
their information leakage; and we propose a program algebra for source-level
reasoning about such programs, in particular as a means of establishing that an
"implementation" program leaks no more than its "specification" program.
This joins two themes: we extend our earlier work, having iteration but only
qualitative, by making it quantitative; and we extend our earlier quantitative
work by including iteration. We advocate stepwise refinement and
source-level program algebra, both as conceptual reasoning tools and as targets
for automated assistance. A selection of algebraic laws is given to support
this view in the case of quantitative noninterference; and it is demonstrated
on a simple iterated password-guessing attack
An Algebra of Synchronous Scheduling Interfaces
In this paper we propose an algebra of synchronous scheduling interfaces
which combines the expressiveness of Boolean algebra for logical and functional
behaviour with the min-max-plus arithmetic for quantifying the non-functional
aspects of synchronous interfaces. The interface theory arises from a
realisability interpretation of intuitionistic modal logic (also known as
Curry-Howard-Isomorphism or propositions-as-types principle). The resulting
algebra of interface types aims to provide a general setting for specifying
type-directed and compositional analyses of worst-case scheduling bounds. It
covers synchronous control flow under concurrent, multi-processing or
multi-threading execution and permits precise statements about exactness and
coverage of the analyses supporting a variety of abstractions. The paper
illustrates the expressiveness of the algebra by way of some examples taken
from network flow problems, shortest-path, task scheduling and worst-case
reaction times in synchronous programming.Comment: In Proceedings FIT 2010, arXiv:1101.426
A static analysis for quantifying information flow in a simple imperative language
We propose an approach to quantify interference in a simple imperative language that includes a looping construct. In this paper we focus on a particular case of this definition of interference: leakage of information from private variables to public ones via a Trojan Horse attack. We quantify leakage in terms of Shannon's information theory and we motivate our definition by proving a result relating this definition of leakage and the classical notion of programming language interference. The major contribution of the paper is a quantitative static analysis based on this definition for such a language. The analysis uses some non-trivial information theory results like Fano's inequality and L1 inequalities to provide reasonable bounds for conditional statements. While-loops are handled by integrating a qualitative flow-sensitive dependency analysis into the quantitative analysis
- …