PP is as hard as the polynomial-time hierarchy
SIAM Journal on Computing
The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Information transmission in computational systems
SOSP '77 Proceedings of the sixth ACM symposium on Operating systems principles
A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Secure Information Flow by Self-Composition
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Proceedings of the 2006 workshop on Programming languages and analysis for security
Assessing security threats of looping constructs
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The software model checker Blast: Applications to software engineering
International Journal on Software Tools for Technology Transfer (STTT)
An information-theoretic model for adaptive side-channel attacks
Proceedings of the 14th ACM conference on Computer and communications security
A static analysis for quantifying information flow in a simple imperative language
Journal of Computer Security
Quantitative information flow as network flow capacity
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Lagrange multipliers and maximum information leakage in different observational models
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
On the Foundations of Quantitative Information Flow
FOSSACS '09 Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Measuring channel capacity to distinguish undue influence
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Quantitative Notions of Leakage for One-try Attacks
Electronic Notes in Theoretical Computer Science (ENTCS)
Automatic Discovery and Quantification of Information Leaks
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Quantified Interference for a While Language
Electronic Notes in Theoretical Computer Science (ENTCS)
Quantitative Information Flow - Verification Hardness and Possibilities
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Vulnerability Bounds and Leakage Resilience of Blinded Cryptography under Timing Attacks
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Quantifying information leaks in software
Proceedings of the 26th Annual Computer Security Applications Conference
Applied quantitative information flow and statistical databases
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Lazy abstraction with interpolants
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
A theorem proving approach to analysis of secure information flow
SPC'05 Proceedings of the Second international conference on Security in Pervasive Computing
Secure information flow as a safety problem
SAS'05 Proceedings of the 12th international conference on Static Analysis
From coupling relations to mated invariants for checking information flow
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
| Hi-index | 0.00 |
Researchers have proposed formal definitions of quantitative information flow based on information theoretic notions such as the Shannon entropy, the min entropy, the guessing entropy, belief, and channel capacity. This paper investigates the hardness of precisely checking the quantitative information flow of a program according to such definitions. More precisely, we study the “bounding problem” of quantitative information flow, defined as follows: Given a program M and a positive real number q, decide if the quantitative information flow of M is less than or equal to q. We prove that the bounding problem is not a k-safety property for any k even when q is fixed, for the Shannon-entropy-based definition with the uniform distribution, and therefore is not amenable to the self-composition technique that has been successfully applied to checking non-interference. We also prove complexity theoretic hardness results for the case when the program is restricted to loop-free Boolean programs. Specifically, we show that the problem is PP-hard for all definitions, showing a gap with non-interference which is coNP-complete for the same class of programs. The paper also compares the results with the recently proved results on the comparison problems of quantitative information flow.