Real and complex analysis, 3rd ed.
Real and complex analysis, 3rd ed.
Abstract interpretation and application to logic programs
Journal of Logic Programming
A lattice model of secure information flow
Communications of the ACM
Cryptography and data security
Cryptography and data security
Abstract Interpretation of Probabilistic Semantics
SAS '00 Proceedings of the 7th International Symposium on Static Analysis
A probabilistic approach to information hiding
Programming methodology
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Quantitative static analysis of distributed systems
Journal of Functional Programming
Quantitative Information Flow, Relations and Polymorphic Types
Journal of Logic and Computation
Assessing security threats of looping constructs
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Defining information flow quantity
Journal of Computer Security - Special issue on CSFW15
Journal of Computer Security - Special issue on WITS'02
An information-theoretic model for adaptive side-channel attacks
Proceedings of the 14th ACM conference on Computer and communications security
A static analysis for quantifying information flow in a simple imperative language
Journal of Computer Security
Quantitative information flow as network flow capacity
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Semantics of probabilistic programs
SFCS '79 Proceedings of the 20th Annual Symposium on Foundations of Computer Science
Quantifying information flow with beliefs
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Quantifying information leakage in process calculi
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Quantifying probabilistic information flow in computational reactive systems
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Non-uniform distributions in quantitative information-flow
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Squeeziness: An information theoretic measure for avoiding fault masking
Information Processing Letters
Quantitative program dependence graphs
ICFEM'12 Proceedings of the 14th international conference on Formal Engineering Methods: formal methods and software engineering
Dynamic enforcement of knowledge-based security policies using probabilistic abstract interpretation
Journal of Computer Security
| Hi-index | 0.00 |
In a batch program, information about confidential inputs may flow to insecure outputs. The size of this leakage, considered as a Shannon measure, may be automatically and exactly calculated via probabilistic semantics as we have shown in our earlier work. This approach works well for small programs with small state spaces. As the scale increases the calculation suffers from a form of state space explosion and the time complexity grows. In this paper we scale up the programs and state spaces that can be handled albeit at the cost of replacing an exact result with an upper bound. To do this we introduce abstraction on the state space via interval-based partitions, adapting an abstract interpretation framework introduced by Monniaux. The user can define the partitions and the more coarse the partitions, the more coarse the resulting upper bound. In this paper we summarise our previous contribution, define the abstract interpretation, show its soundness, and prove that the result of an abstract computation is always an upper bound on the true leakage, i.e. is a safe estimate. Finally we illustrate the approach by means of some examples.