A Tool for Estimating Information Leakage

Chothia, Tom; Kawamoto, Yusuke; Novakovic, Chris

doi:10.1007/978-3-642-39799-8_47

Cited by 39 publications

(33 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As remarked above, the stochastic simulation techniques implemented in HyLeak have also been developed in the tools LeakiEst [CKN13] (with its extension [KCP14]) and LeakWatch [CKNP13,CKN14]. The performance of these tools as compared to HyLeak is represented by the "statistical" analysis approach in Section 8.…”

Section: Related Workmentioning

confidence: 99%

Hybrid statistical estimation of mutual information and its application to information flow

et al. 2019

Self Cite

View full text Add to dashboard Cite

Analysis of a probabilistic system often requires to learn the joint probability distribution of its random variables. The computation of the exact distribution is usually an exhaustive precise analysis on all executions of the system. To avoid the high computational cost of such an exhaustive search, statistical analysis has been studied to efficiently obtain approximate estimates by analyzing only a small but representative subset of the system's behavior. In this paper we propose a hybrid statistical estimation method that combines precise and statistical analyses to estimate mutual information, Shannon entropy, and conditional entropy, together with their confidence intervals. We show how to combine the analyses on different components of a discrete system with different accuracy to obtain an estimate for the whole system. The new method performs weighted statistical analysis with different sample sizes over different components and dynamically finds their optimal sample sizes. Moreover, it can reduce sample sizes by using prior knowledge about systems and a new abstraction-then-sampling technique based on qualitative analysis. To apply the method to the source code of a system, we show how to decompose the code into components and to determine the analysis method for each component by overviewing the implementation of those techniques in the HyLeak tool. We demonstrate with case studies that the new method outperforms the state of the art in quantifying information leakage.

show abstract

Section: Related Workmentioning

confidence: 99%

Hybrid statistical estimation of mutual information and its application to information flow

et al. 2019

Self Cite

View full text Add to dashboard Cite

show abstract

“…Chothia et al have developed this approach in tools leakiEst [3,39] and LeakWatch [5,29]. The hybrid statistical method in this paper can be considered as their extension with the inclusion of component weighting and adaptive priors inspired by the importance sampling in statistical model checking [40,41].…”

Section: Related Workmentioning

confidence: 99%

“…For example, statistical methods [2,3,4,5,6] have been studied for quantitative information flow analysis [7,8,9], which estimates an entropy-based property to quantify the leakage of confidential information in a system. More specifically, the analysis estimates mutual information or other properties between two random variables on the secrets and on the observable outputs in the system to measure the amount of information that is inferable about the secret by observing the output.…”

Section: Introductionmentioning

confidence: 99%

Hybrid Statistical Estimation of Mutual Information for Quantifying Information Flow

Kawamoto

Biondi

Legay

2016

FM 2016: Formal Methods

Self Cite

View full text Add to dashboard Cite

Abstract. Analysis of a probabilistic system often requires to learn the joint probability distribution of its random variables. The computation of the exact distribution is usually an exhaustive precise analysis on all executions of the system. To avoid the high computational cost of such an exhaustive search, statistical analysis has been studied to efficiently obtain approximate estimates by analyzing only a small but representative subset of the system's behavior. In this paper we propose a hybrid statistical estimation method that combines precise and statistical analyses to estimate mutual information and its confidence interval. We show how to combine the analyses on different components of the system with different precision to obtain an estimate for the whole system. The new method performs weighted statistical analysis with different sample sizes over different components and dynamically finds their optimal sample sizes. Moreover it can reduce sample sizes by using prior knowledge about systems and a new abstraction-then-sampling technique based on qualitative analysis. We show the new method outperforms the state of the art in quantifying information leakage.

show abstract

“…Execution and sandboxing of the target program are achieved using the core Java libraries, and leakage estimates are calculated by leakiEst [19,20], our information leakage estimation library for Java, which now implements our min-entropy leakage result from Section 3; this ensures that LeakWatch is not tethered to a particular version or implementation of the JVM specification.…”

Section: Implementing Leakwatchmentioning

confidence: 99%

LeakWatch: Estimating Information Leakage from Java Programs

Chothia

Kawamoto

Novakovic

2014

Computer Security - ESORICS 2014

Self Cite

View full text Add to dashboard Cite

Abstract. Programs that process secret data may inadvertently reveal information about those secrets in their publicly-observable output. This paper presents LeakWatch, a quantitative information leakage analysis tool for the Java programming language; it is based on a flexible "point-to-point" information leakage model, where secret and publiclyobservable data may occur at any time during a program's execution. LeakWatch repeatedly executes a Java program containing both secret and publicly-observable data and uses robust statistical techniques to provide estimates, with confidence intervals, for min-entropy leakage (using a new theoretical result presented in this paper) and mutual information. We demonstrate how LeakWatch can be used to estimate the size of information leaks in a range of real-world Java programs.

show abstract

A Tool for Estimating Information Leakage

Cited by 39 publications

References 9 publications

Hybrid statistical estimation of mutual information and its application to information flow

Hybrid statistical estimation of mutual information and its application to information flow

Hybrid Statistical Estimation of Mutual Information for Quantifying Information Flow

LeakWatch: Estimating Information Leakage from Java Programs

Contact Info

Product

Resources

About