Quantifying information leaks in software
Proceedings of the 26th Annual Computer Security Applications Conference
Non-uniform distributions in quantitative information-flow
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Quantitative information flow: from theory to practice?
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Calculating bounds on information leakage using two-bit patterns
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Differential privacy with information flow control
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Automatic quantification of cache side-channels
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
SAT-Based analysis and quantification of information flow in programs
QEST'13 Proceedings of the 10th international conference on Quantitative Evaluation of Systems
CacheAudit: a tool for the static analysis of cache side channels
SEC'13 Proceedings of the 22nd USENIX conference on Security
Dynamic enforcement of knowledge-based security policies using probabilistic abstract interpretation
Journal of Computer Security
Hi-index | 0.00 |
Quantitative information-flow analysis (QIF) is an emerging technique for establishing information-theoretic confidentiality properties. Automation of QIF is an important step towards ensuring its practical applicability, since manual reasoning about program security has been shown to be a tedious and expensive task. Existing automated techniques for QIF fall short of providing full coverage of all program executions, especially in the presence of unbounded loops and data structures, which are notoriously difficult to analyze automatically. In this paper we propose a blend of approximation and randomization techniques to bear on the challenge of sufficiently precise, yet efficient computation of quantitative information flow properties. Our approach relies on a sampling method to enumerate large or unbounded secret spaces, and applies both static and dynamic program analysis techniques to deliver necessary over- and under-approximations of information-theoretic characteristics.