Mário S. Alvim scite author profile

This paper introduces g-leakage, a rich generalization of the min-entropy model of quantitative information flow. In g-leakage, the benefit that an adversary derives from a certain guess about a secret is specified using a gain function g. Gain functions allow a wide variety of operational scenarios to be modeled, including those where the adversary benefits from guessing a value close to the secret, guessing a part of the secret, guessing a property of the secret, or guessing the secret within some number of tries. We prove important properties of g-leakage, including bounds between min-capacity, g-capacity, and Shannon capacity. We also show a deep connection between a strong leakage ordering on two channels, C1 and C2, and the possibility of factoring C1 into C2C3, for some C3. Based on this connection, we propose a generalization of the Lattice of Information from deterministic to probabilistic channels.

show abstract

On the Relation between Differential Privacy and Quantitative Information Flow

Alvim

Andrés

Chatzikokolakis

et al. 2011

View full text Add to dashboard Cite

Additive and Multiplicative Notions of Leakage, and Their Capacities

Alvim

Chatzikokolakis

McIver³

et al. 2014

View full text Add to dashboard Cite

Protecting sensitive information from improper disclosure is a fundamental security goal. It is complicated, and difficult to achieve, often because of unavoidable or even unpredictable operating conditions that can lead to breaches in planned security defences. An attractive approach is to frame the goal as a quantitative problem, and then to design methods that measure system vulnerabilities in terms of the amount of information they leak. A consequence is that the precise operating conditions, and assumptions about prior knowledge, can play a crucial role in assessing the severity of any measured vunerability.We develop this theme by concentrating on vulnerability measures that are robust in the sense of allowing general leakage bounds to be placed on a program, bounds that apply whatever its operating conditions and whatever the prior knowledge might be. In particular we propose a theory of channel capacity, generalising the Shannon capacity of information theory, that can apply both to additive-and to multiplicative forms of a recentlyproposed measure known as g-leakage. Further, we explore the computational aspects of calculating these (new) capacities: one of these scenarios can be solved efficiently by expressing it as a Kantorovich distance, but another turns out to be NP-complete.We also find capacity bounds for arbitrary correlations with data not directly accessed by the channel, as in the scenario of Dalenius's Desideratum.

show abstract

Differential Privacy: On the Trade-Off between Utility and Information Leakage

Alvim

Andrés

Chatzikokolakis

et al. 2012

View full text Add to dashboard Cite

Differential privacy is a notion of privacy that has become very popular in the database community. Roughly, the idea is that a randomized query mechanism provides sufficient privacy protection if the ratio between the probabilities that two adjacent datasets give the same answer is bound by e ǫ . In the field of information flow there is a similar concern for controlling information leakage, i.e. limiting the possibility of inferring the secret information from the observables. In recent years, researchers have proposed to quantify the leakage in terms of min-entropy leakage, a concept strictly related to the Bayes risk. In this paper, we show how to model the query system in terms of an informationtheoretic channel, and we compare the notion of differential privacy with that of min-entropy leakage. We show that differential privacy implies a bound on the min-entropy leakage, but not vice-versa. Furthermore, we show that our bound is tight. Then, we consider the utility of the randomization mechanism, which represents how close the randomized answers are to the real ones, in average. We show that the notion of differential privacy implies a bound on utility, also tight, and we propose a method that under certain conditions builds an optimal randomization mechanism, i.e. a mechanism which provides the best utility while guaranteeing ǫ-differential privacy.

show abstract

Axioms for Information Leakage

Alvim

Chatzikokolakis²,

McIver

et al. 2016

View full text Add to dashboard Cite

Quantitative information flow aims to assess and control the leakage of sensitive information by computer systems.A key insight in this area is that no single leakage measure is appropriate in all operational scenarios; as a result, many leakage measures have been proposed, with many different properties. To clarify this complex situation, this paper studies information leakage axiomatically, showing important dependencies among different axioms. It also establishes a completeness result about the -leakage family, showing that any leakage measure satisfying certain intuitively-reasonable properties can be expressed as aleakage.Index Terms-information flow, -vulnerability, information theory, confidentiality.

show abstract

Invited Paper: Local Differential Privacy on Metric Spaces: Optimizing the Trade-Off with Utility

Alvim¹,

Chatzikokolakis

Palamidessi

et al. 2018

View full text Add to dashboard Cite

Quantifying Information Flow for Dynamic Secrets

Mardziel

Alvim

Hicks

et al. 2014

View full text Add to dashboard Cite

Abstract-A metric is proposed for quantifying leakage of information about secrets and about how secrets change over time. The metric is used with a model of information flow for probabilistic, interactive systems with adaptive adversaries. The model and metric are implemented in a probabilistic programming language and used to analyze several examples. The analysis demonstrates that adaptivity increases information flow.

show abstract

Quantitative Information Flow and Applications to Differential Privacy

Alvim¹,

Andrés²,

Chatzikokolakis³

et al. 2011

View full text Add to dashboard Cite

International audienceSecure information flow is the problem of ensuring that the information made publicly available by a computational system does not leak information that should be kept secret. Since it is practically impossible to avoid leakage entirely, in recent years there has been a growing interest in considering the quantitative aspects of information flow, in order to measure and compare the amount of leakage. Information theory is widely regarded as a natural framework to provide firm foundations to quantitative information flow. In this notes we review the two main information-theoretic approaches that have been investigated: the one based on Shannon entropy, and the one based on Rényi min-entropy. Furthermore, we discuss some applications in the area of privacy. In particular, we consider statistical databases and the recently-proposed notion of differential privacy. Using the information-theoretic view, we discuss the bound that differential privacy induces on leakage, and the trade-off between utility and privac

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Mário S. Alvim

Measuring Information Leakage Using Generalized Gain Functions

On the Relation between Differential Privacy and Quantitative Information Flow

Additive and Multiplicative Notions of Leakage, and Their Capacities

Differential Privacy: On the Trade-Off between Utility and Information Leakage

Axioms for Information Leakage

Invited Paper: Local Differential Privacy on Metric Spaces: Optimizing the Trade-Off with Utility

Quantifying Information Flow for Dynamic Secrets

Quantitative Information Flow and Applications to Differential Privacy

Contact Info

Product

Resources

About