Asymptotic information leakage under one-try attacks
FOSSACS'11/ETAPS'11 Proceedings of the 14th international conference on Foundations of software science and computational structures: part of the joint European conferences on theory and practice of software
Quantitative information flow, with a view
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
QUAIL: a quantitative security analyzer for imperative code
CAV'13 Proceedings of the 25th international conference on Computer Aided Verification
Hi-index | 0.00 |
In this paper we propose two dual notions of quantitative information leakage in probabilistic systems, both related to opacity for non probabilistic systems. The liberal one measures the probability for an attacker observing a random execution of the system, to be able to gain information he can be sure about. We show that a null value for this measure corresponds to a secure system, in the usual sense of opacity. On the other hand, restrictive opacity is defined as the complement of the information-theoretic notion of mutual information. It measures the level of certitude in the information acquired by an attacker observing the system: we prove that a null value for this second measure corresponds to non opacity. We also show how these measures can be computed for regular secrets and observations. We finally apply them to the dining cryptographers problem and to the crowd anonymity protocol.