The complexity of approximating entropy
STOC '02 Proceedings of the thiry-fourth annual ACM symposium on Theory of computing
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A probabilistic language based upon sampling functions
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Quantitative Information Flow, Relations and Polymorphic Types
Journal of Logic and Computation
Formal analysis of PIN block attacks
Theoretical Computer Science - Automated reasoning for security protocol analysis
An information-theoretic model for adaptive side-channel attacks
Proceedings of the 14th ACM conference on Computer and communications security
Anonymity protocols as noisy channels
Information and Computation
A static analysis for quantifying information flow in a simple imperative language
Journal of Computer Security
Quantitative information flow as network flow capacity
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
On the Foundations of Quantitative Information Flow
FOSSACS '09 Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Measuring channel capacity to distinguish undue influence
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
A Provably Secure and Efficient Countermeasure against Timing Attacks
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Automatic Discovery and Quantification of Information Leaks
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
An Interval-based Abstraction for Quantifying Information Flow
Electronic Notes in Theoretical Computer Science (ENTCS)
The unbearable lightness of PIN cracking
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Risk assessment of security threats for looping constructs
Journal of Computer Security - Security Issues in Concurrency (SecCo'07)
Approximation and Randomization for Quantitative Information-Flow Analysis
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Vulnerability Bounds and Leakage Resilience of Blinded Cryptography under Timing Attacks
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Quantifying information leaks in software
Proceedings of the 26th Annual Computer Security Applications Conference
Automatically deriving information-theoretic bounds for adaptive side-channel attacks
Journal of Computer Security
Statistical measurement of information leakage
TACAS'10 Proceedings of the 16th international conference on Tools and Algorithms for the Construction and Analysis of Systems
SAT-Based analysis and quantification of information flow in programs
QEST'13 Proceedings of the 10th international conference on Quantitative Evaluation of Systems
| Hi-index | 0.00 |
Quantitative information-flow analysis (QIF) determines the amount of information that a program leaks about its secret inputs. For this, QIF requires an assumption about the distribution of the secret inputs. Existing techniques either consider the worst-case over a (sub-)set of all input distributions and thereby over-approximate the amount of leaked information; or they are tailored to reasoning about uniformly distributed inputs and are hence not directly applicable to non-uniform use-cases; or they deal with explicitly represented distributions, for which suitable abstraction techniques are only now emerging. In this paper we propose a novel approach for a precise QIF with respect to non-uniform input distributions: We present a reduction technique that transforms the problem of QIF w.r.t. non-uniform distributions into the problem of QIF for the uniform case. This reduction enables us to directly apply existing techniques for uniform QIF to the non-uniform case. We furthermore show that quantitative information flow is robust with respect to variations of the input distribution. This result allows us to perform QIF based on approximate input distributions, which can significantly simplify the analysis. Finally, we perform a case study where we illustrate our techniques by using them to analyze an integrity check on non-uniformly distributed PINs, as they are used for banking.