Algebraic Foundations for Information Theoretical, Probabilistic and Guessability measures of Information Flow

Several mathematical ideas have been investigated for Quantitative Information Flow. Information theory, probability, guessability are the main ideas in most proposals. They aim to quantify how much information is leaked, how likely is to guess the secret and how long does it take to guess the secret respectively. In this paper, we show how the Lattice of Information provides a valuable foundation for all these approaches; not only it provides an elegant algebraic framework for the ideas, but also to investigate their relationship. In particular we will use this lattice to prove some results establishing order relation correspondences between the different quantitative approaches. The implications of these results w.r.t. recent work in the community is also investigated. While this work concentrates on the foundational importance of the Lattice of Information its practical relevance has been recently proven, notably with the quantitative analysis of Linux kernel vulnerabilities. Overall we believe these works set the case for establishing the Lattice of Information as one of the main reference structure for Quantitative Information Flow

Quantitative analysis of the leakage of confidential data

Basic information theory is used to analyse the amount of confidential information which may be leaked by programs written in a very simple imperative language. In particular, a detailed analysis is given of the possible leakage due to equality tests and if statements. The analysis is presented as a set of syntax-directed inference rules and can readily be automated

A static analysis for quantifying information flow in a simple imperative language

We propose an approach to quantify interference in a simple imperative language that includes a looping construct. In this paper we focus on a particular case of this definition of interference: leakage of information from private variables to public ones via a Trojan Horse attack. We quantify leakage in terms of Shannon's information theory and we motivate our definition by proving a result relating this definition of leakage and the classical notion of programming language interference. The major contribution of the paper is a quantitative static analysis based on this definition for such a language. The analysis uses some non-trivial information theory results like Fano's inequality and L1 inequalities to provide reasonable bounds for conditional statements. While-loops are handled by integrating a qualitative flow-sensitive dependency analysis into the quantitative analysis

Symbolic Quantitative Information Flow

acmid: 2382791 issue_date: November 2012 keywords: algorithms, security, verification numpages: 5acmid: 2382791 issue_date: November 2012 keywords: algorithms, security, verification numpages: 5acmid: 2382791 issue_date: November 2012 keywords: algorithms, security, verification numpages: 5acmid: 2382791 issue_date: November 2012 keywords: algorithms, security, verification numpages: 5acmid: 2382791 issue_date: November 2012 keywords: algorithms, security, verification numpages:

All-Solution Satisfiability Modulo Theories: applications, algorithms and benchmarks

keywords: Automated Test Generation;Bounded Model Checking;Quantitative Information Flow;Reliability Analysis;Satisfiability Modulo Theories;Symbolic ExecutionPasquale Malacaria's research was supported by grant EP/K032011/1