PhDUnprecedented quantities of personal and business data are collected, stored,
shared, and processed by countless institutions all over the world. Prominent
examples include sharing personal data on social networking sites, storing
credit card details in every store, tracking customer preferences of supermarket
chains, and storing key personal data on biometric passports.
Confidentiality issues naturally arise from this global data growth. There
are continously reports about how private data is leaked from confidential
sources where the implications of the leaks range from embarrassment to serious
personal privacy and business damages.
This dissertation addresses the problem of automatically quantifying the
amount of leaked information in programs. It presents multiple program analysis
techniques of different degrees of automation and scalability.
The contributions of this thesis are two fold: a theoretical result and two
different methods for inferring and checking quantitative information flows are
presented.
The theoretical result relates the amount of possible leakage under any
probability distribution back to the order relation in Landauer and Redmond’s
lattice of partitions [35]. The practical results are split in two analyses: a first
analysis precisely infers the information leakage using SAT solving and model
counting; a second analysis defines quantitative policies which are reduced to
checking a k-safety problem. A novel feature allows reasoning independent of
the secret space.
The presented tools are applied to real, existing leakage vulnerabilities in
operating system code. This has to be understood and weighted within the
context of the information flow literature which suffers under an apparent lack
of practical examples and applications. This thesis studies such “real leaks”
which could influence future strategies for finding information leaks
