Elements of information theory
Elements of information theory
A lattice model of secure information flow
Communications of the ACM
Cryptography and data security
Cryptography and data security
Principles of Program Analysis
Principles of Program Analysis
Probabilistic Noninterference for Multi-Threaded Programs
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
A Mathematical Theory of Communication
A Mathematical Theory of Communication
Anonymity and information hiding in multiagent systems
Journal of Computer Security
Assessing security threats of looping constructs
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Quantitative analysis of leakage for multi-threaded programs
Proceedings of the 2007 workshop on Programming languages and analysis for security
A static analysis for quantifying information flow in a simple imperative language
Journal of Computer Security
Quantified Interference for a While Language
Electronic Notes in Theoretical Computer Science (ENTCS)
Anonymity protocols as noisy channels
TGC'06 Proceedings of the 2nd international conference on Trustworthy global computing
Quantifying information leakage in process calculi
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
On the Foundations of Quantitative Information Flow
FOSSACS '09 Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Quantifying maximal loss of anonymity in protocols
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Measuring channel capacity to distinguish undue influence
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Efficient purely-dynamic information flow analysis
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Quantitative Notions of Leakage for One-try Attacks
Electronic Notes in Theoretical Computer Science (ENTCS)
Probabilistic and nondeterministic aspects of anonymity
Theoretical Computer Science
Modeling and Reasoning about an Attacker with Cryptanalytical Capabilities
Electronic Notes in Theoretical Computer Science (ENTCS)
Efficient purely-dynamic information flow analysis
ACM SIGPLAN Notices
Risk assessment of security threats for looping constructs
Journal of Computer Security - Security Issues in Concurrency (SecCo'07)
Adjoining classified and unclassified information by abstract interpretation
Journal of Computer Security
Information theory and security: quantitative information flow
SFM'10 Proceedings of the Formal methods for quantitative aspects of programming languages, and 10th international conference on School on formal methods for the design of computer, communication and software systems
The optimum leakage principle for analyzing multi-threaded programs
ICITS'09 Proceedings of the 4th international conference on Information theoretic security
On bounding problems of quantitative information flow
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Trust in crowds: probabilistic behaviour in anonymity protocols
TGC'10 Proceedings of the 5th international conference on Trustworthly global computing
Quantifying information leaks in software
Proceedings of the 26th Annual Computer Security Applications Conference
Quantitative information flow and applications to differential privacy
Foundations of security analysis and design VI
Probable innocence in the presence of independent knowledge
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Statistical measurement of information leakage
TACAS'10 Proceedings of the 16th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Differential privacy: on the trade-off between utility and information leakage
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Symbolic quantitative information flow
ACM SIGSOFT Software Engineering Notes
On bounding problems of quantitative information flow
Journal of Computer Security - ESORICS 2010
| Hi-index | 0.00 |
This paper explores two fundamental issues in Language based security. The first is to provide a quantitative definition of information leakage valid in several attacker's models. We consider attackers with different capabilities; the strongest one is able to observe the value of the low variables at each step during the execution of a program; the weakest one can only observe a single low value at some stage of the execution. We will provide a uniform definition of leakage, based on Information Theory, that will allow us to formalize and prove some intuitive relationships between the amount leaked by the same program in different models. The second issue is Channel Capacity, which in security terms amounts to answering the questions: given a program and an observational model, what is the maximum amount that the program can leak? And which input distribution causes the maximum leakage? To answer those questions we will introduce techniques from constrained non-linear optimization, mainly Lagrange multipliers and we will show how they provide a workable solution in all observational models considered. In the simplest setting, i.e. under minimal constraints, we will show that channel capacity is achieved by any input distribution which induces a uniform distribution on the observables.