Measuring channel capacity to distinguish undue influence
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Proceedings of the 17th ACM conference on Computer and communications security
Information theory and security: quantitative information flow
SFM'10 Proceedings of the Formal methods for quantitative aspects of programming languages, and 10th international conference on School on formal methods for the design of computer, communication and software systems
The optimum leakage principle for analyzing multi-threaded programs
ICITS'09 Proceedings of the 4th international conference on Information theoretic security
On bounding problems of quantitative information flow
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Quantifying information leaks in software
Proceedings of the 26th Annual Computer Security Applications Conference
Non-uniform distributions in quantitative information-flow
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Do you know where your data are?: secure data capsules for deployable data protection
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Modeling data flow in socio-information networks: a risk estimation approach
Proceedings of the 16th ACM symposium on Access control models and technologies
A survey on automated dynamic malware-analysis techniques and tools
ACM Computing Surveys (CSUR)
Applied quantitative information flow and statistical databases
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Secure information flow by self-composition
Mathematical Structures in Computer Science - Programming Language Interference and Dependence
Quantitative information flow: from theory to practice?
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Calculating bounds on information leakage using two-bit patterns
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Automatic quantification of cache side-channels
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Noninterference via symbolic execution
FMOODS'12/FORTE'12 Proceedings of the 14th joint IFIP WG 6.1 international conference and Proceedings of the 32nd IFIP WG 6.1 international conference on Formal Techniques for Distributed Systems
Symbolic quantitative information flow
ACM SIGSOFT Software Engineering Notes
Quantitative program dependence graphs
ICFEM'12 Proceedings of the 14th international conference on Formal Engineering Methods: formal methods and software engineering
Verifying information flow properties of hybrid systems
Proceedings of the 2nd ACM international conference on High confidence networked systems
Probabilistic Relational Reasoning for Differential Privacy
ACM Transactions on Programming Languages and Systems (TOPLAS)
A tool for estimating information leakage
CAV'13 Proceedings of the 25th international conference on Computer Aided Verification
QUAIL: a quantitative security analyzer for imperative code
CAV'13 Proceedings of the 25th international conference on Computer Aided Verification
SAT-Based analysis and quantification of information flow in programs
QEST'13 Proceedings of the 10th international conference on Quantitative Evaluation of Systems
CacheAudit: a tool for the static analysis of cache side channels
SEC'13 Proceedings of the 22nd USENIX conference on Security
Dynamic enforcement of knowledge-based security policies using probabilistic abstract interpretation
Journal of Computer Security
On bounding problems of quantitative information flow
Journal of Computer Security - ESORICS 2010
| Hi-index | 0.00 |
Information-flow analysis is a powerful technique for reasoning about the sensitive information exposed by a program during its execution. We present the first automatic method for information-flow analysis that discovers what information is leaked and computes its comprehensive quantitative interpretation. The leaked information is characterized by an equivalence relation on secret artifacts, and is represented by a logical assertion over the corresponding program variables. Our measurement procedure computes the number of discovered equivalence classes and their sizes. This provides a basis for computing a set of quantitative properties, which includes all established information-theoretic measures in quantitative information-flow. Our method exploits an inherent connection between formal models of qualitative information-flow and program verification techniques.We provide an implementation of our method that builds upon existing tools for program verification and information-theoretic analysis. Our experimental evaluation indicates the practical applicability of the presented method.