Symbolic quantitative information flow

Authors:
Quoc-Sang Phan;Pasquale Malacaria;Oksana Tkachuk;Corina S. Păsăreanu
Affiliations:
Queen Mary University of London;Queen Mary University of London;NASA Ames Research Center;NASA Ames Research Center
Venue:
ACM SIGSOFT Software Engineering Notes
Year:
2012

Citing 9
Cited 1

A polynomial time algorithm for counting integral points in polyhedra when the dimension is fixed

Mathematics of Operations Research
Assessing security threats of looping constructs

Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A static analysis for quantifying information flow in a simple imperative language

Journal of Computer Security
Lagrange multipliers and maximum information leakage in different observational models

Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
On the Foundations of Quantitative Information Flow

FOSSACS '09 Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Automatic Discovery and Quantification of Information Leaks

SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Symbolic PathFinder: symbolic execution of Java bytecode

Proceedings of the IEEE/ACM international conference on Automated software engineering
Calculating bounds on information leakage using two-bit patterns

Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

QUAIL: a quantitative security analyzer for imperative code

CAV'13 Proceedings of the 25th international conference on Computer Aided Verification

Quantified Score

Hi-index	0.00

Visualization

Abstract

Quantitative Information Flow (QIF) is a powerful approach to quantify leaks of confidential information in a software system. Here we present a novel method that precisely quanties information leaks. In order to mitigate the state-space explosion problem, we propose a symbolic representation of data, and a general SMT-based framework to explore systematically the state space. Symbolic Execution fits well with our framework, so we implement a method of QIF analysis employing Symbolic Execution. We develop our method as a prototype tool that can perform QIF analysis for a software system developed in Java. The tool is built on top of Java Pathfinder, an open source model checking platform, and it is the first tool in the field to support information-theoretic QIF analysis.