Elements of information theory
Elements of information theory
Probabilistic predicate transformers
ACM Transactions on Programming Languages and Systems (TOPLAS)
Verifying secrets and relative secrecy
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A lattice model of secure information flow
Communications of the ACM
BI as an assertion language for mutable data structures
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Syntactic control of interference
POPL '78 Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Cryptography and data security
Cryptography and data security
Separation Logic: A Logic for Shared Mutable Data Structures
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
A probabilistic approach to information hiding
Programming methodology
Eliminating Covert Flows with Minimum Typings
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Probabilistic Noninterference for Multi-Threaded Programs
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
On flow-sensitive security types
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Theoretical Computer Science - Automata, languages and programming: Logic and semantics (ICALP-B 2004)
Assessing security threats of looping constructs
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Quantified Interference for a While Language
Electronic Notes in Theoretical Computer Science (ENTCS)
Quantitative analysis of leakage for multi-threaded programs
Proceedings of the 2007 workshop on Programming languages and analysis for security
Lagrange multipliers and maximum information leakage in different observational models
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
On the Foundations of Quantitative Information Flow
FOSSACS '09 Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Quantifying maximal loss of anonymity in protocols
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Quantifying information leakage in process calculi
Information and Computation
Quantifying Security for Timed Process Algebras
Fundamenta Informaticae - Concurrency Specification and Programming (CS&P)
An Interval-based Abstraction for Quantifying Information Flow
Electronic Notes in Theoretical Computer Science (ENTCS)
FM '09 Proceedings of the 2nd World Congress on Formal Methods
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
Proceedings of the 17th ACM conference on Computer and communications security
Information theory and security: quantitative information flow
SFM'10 Proceedings of the Formal methods for quantitative aspects of programming languages, and 10th international conference on School on formal methods for the design of computer, communication and software systems
The optimum leakage principle for analyzing multi-threaded programs
ICITS'09 Proceedings of the 4th international conference on Information theoretic security
Process Algebra Contexts and Security Properties
Fundamenta Informaticae - Concurrency Specification and Programming (CS&P)
On bounding problems of quantitative information flow
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Trust in crowds: probabilistic behaviour in anonymity protocols
TGC'10 Proceedings of the 5th international conference on Trustworthly global computing
Quantifying information leaks in software
Proceedings of the 26th Annual Computer Security Applications Conference
Non-uniform distributions in quantitative information-flow
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
From boolean to quantitative synthesis
EMSOFT '11 Proceedings of the ninth ACM international conference on Embedded software
Formal Verification of Differential Privacy for Interactive Systems (Extended Abstract)
Electronic Notes in Theoretical Computer Science (ENTCS)
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Probabilistic relational reasoning for differential privacy
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Applied quantitative information flow and statistical databases
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Probable innocence in the presence of independent knowledge
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Quantitative information flow: from theory to practice?
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Squeeziness: An information theoretic measure for avoiding fault masking
Information Processing Letters
Statistical measurement of information leakage
TACAS'10 Proceedings of the 16th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Verified indifferentiable hashing into elliptic curves
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Gained and Excluded Private Actions by Process Observations
Fundamenta Informaticae - Concurrency Specification and Programming (CS&P)
Automatic quantification of cache side-channels
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Quantifying Security for Timed Process Algebras
Fundamenta Informaticae - Concurrency Specification and Programming (CS&P)
Symbolic quantitative information flow
ACM SIGSOFT Software Engineering Notes
Quantitative program dependence graphs
ICFEM'12 Proceedings of the 14th international conference on Formal Engineering Methods: formal methods and software engineering
Fault localization prioritization: Comparing information-theoretic and coverage-based approaches
ACM Transactions on Software Engineering and Methodology (TOSEM) - In memoriam, fault detection and localization, formal methods, modeling and design
Probabilistic Relational Reasoning for Differential Privacy
ACM Transactions on Programming Languages and Systems (TOPLAS)
QUAIL: a quantitative security analyzer for imperative code
CAV'13 Proceedings of the 25th international conference on Computer Aided Verification
CacheAudit: a tool for the static analysis of cache side channels
SEC'13 Proceedings of the 22nd USENIX conference on Security
On bounding problems of quantitative information flow
Journal of Computer Security - ESORICS 2010
Informational Analysis of Security and Integrity
Fundamenta Informaticae - Concurrency Specification and Programming CS&P
Quantification of Positive and Negative Attacker's Information
Fundamenta Informaticae - Concurrency Specification and Programming CS&P
Fundamenta Informaticae - Concurrency, Specification and Programming
Verified indifferentiable hashing into elliptic curves
Journal of Computer Security - Security and Trust Principles
| Hi-index | 0.00 |
We propose an approach to quantify interference in a simple imperative language that includes a looping construct. In this paper we focus on a particular case of this definition of interference: leakage of information from private variables to public ones via a Trojan Horse attack. We quantify leakage in terms of Shannon's information theory and we motivate our definition by proving a result relating this definition of leakage and the classical notion of programming language interference. The major contribution of the paper is a quantitative static analysis based on this definition for such a language. The analysis uses some non-trivial information theory results like Fano's inequality and the ℒ 1 inequality to provide reasonable bounds for conditional statements. While-loops are handled by integrating a qualitative flow-sensitive dependency analysis into the quantitative analysis.