The dining cryptographers problem: unconditional sender and recipient untraceability
Journal of Cryptology
An information-theoretic model for adaptive side-channel attacks
Proceedings of the 14th ACM conference on Computer and communications security
A static analysis for quantifying information flow in a simple imperative language
Journal of Computer Security
Quantitative information flow as network flow capacity
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
On the Foundations of Quantitative Information Flow
FOSSACS '09 Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Measuring channel capacity to distinguish undue influence
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Automatic Discovery and Quantification of Information Leaks
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Anonymity protocols as noisy channels
TGC'06 Proceedings of the 2nd international conference on Trustworthy global computing
QEST '10 Proceedings of the 2010 Seventh International Conference on the Quantitative Evaluation of Systems
PRISM 4.0: verification of probabilistic real-time systems
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
A Statistical Test for Information Leaks Using Continuous Mutual Information
CSF '11 Proceedings of the 2011 IEEE 24th Computer Security Foundations Symposium
A Tool: Quantitative Analyser for Programs
QEST '11 Proceedings of the 2011 Eighth International Conference on Quantitative Evaluation of SysTems
Statistical measurement of information leakage
TACAS'10 Proceedings of the 16th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Automatic quantification of cache side-channels
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
APEX: an analyzer for open probabilistic programs
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Symbolic quantitative information flow
ACM SIGSOFT Software Engineering Notes
| Hi-index | 0.00 |
Quantitative security analysis evaluates and compares how effectively a system protects its secret data. We introduce QUAIL, the first tool able to perform an arbitrary-precision quantitative analysis of the security of a system depending on private information. QUAIL builds a Markov Chain model of the system's behavior as observed by an attacker, and computes the correlation between the system's observable output and the behavior depending on the private information, obtaining the expected amount of bits of the secret that the attacker will infer by observing the system. QUAIL is able to evaluate the safety of randomized protocols depending on secret data, allowing to verify a security protocol's effectiveness. We experiment with a few examples and show that QUAIL's security analysis is more accurate and revealing than results of other tools.