Automation of Quantitative Information-Flow Analysis

Köpf, Boris; Rybalchenko, Andrey

doi:10.1007/978-3-642-38874-3_1

Cited by 7 publications

(5 citation statements)

References 59 publications

(75 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some prior work aims to quantify the information released by a (possibly randomized) program (e.g., Köpf and Rybalchenko [2013]; Mu and Clark [2009]) according to entropy-based measures. Work on verifying the correctness of differentially private algorithms [Barthe et al 2013;Zhang and Kifer 2017;Zhang et al 2019b], essentially aims to bound possible leakage; by contrast, we enforce that no information leaks due to a program's execution.…”

Section: Related Workmentioning

confidence: 99%

“…Their programming model is not as rich as ours, as a secret random number is never permitted to be made public; such an ability is the main source of complexity in λ obliv , and is crucial for supporting oblivious algorithms. Some prior work aims to quantify the information released by a (possibly randomized) program (e.g., Köpf and Rybalchenko [2013]; Mu and Clark [2009]) according to entropy-based measures. Work on verifying the correctness of differentially private algorithms [Barthe et al 2013;Zhang and Kifer 2017;Zhang et al 2019], essentially aims to bound possible leakage; by contrast, we enforce that no information leaks due to a program's execution.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A language for probabilistically oblivious computation

Darais

Sweet

Liu

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

An oblivious computation is one that is free of direct and indirect information leaks, e.g., due to observable differences in timing and memory access patterns. This paper presents λ obliv , a core language whose type system enforces obliviousness. Prior work on type-enforced oblivious computation has focused on deterministic programs. λ obliv is new in its consideration of programs that implement probabilistic algorithms, such as those involved in cryptography. λ obliv employs a substructural type system and a novel notion of probability region to ensure that information is not leaked via the observed distribution of visible events. Probability regions support reasoning about probabilistic correlation and independence between values, and our use of probability regions is motivated by a source of unsoundness that we discovered in the type system of ObliVM, a language for implementing state of the art oblivious algorithms. We prove that λ obliv 's type system enforces obliviousness and show that it is expressive enough to typecheck advanced tree-based oblivious RAMs. CCS Concepts: • Security and privacy → Logic and verification.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

A language for probabilistically oblivious computation

Darais

Sweet

Liu

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

“…While challenging to compute, this approach provides meaningful results for non-uniform priors. Work that has focused on other, easier-to-compute metrics, such as Shannon entropy and channel capacity, require deterministic programs and priors that conform to uniform distributions [2,21,23,24,28,33]. Like Mardziel et al [26], we are able to compute the worst-case vulnerability, i.e., due to a particular output, rather than a static estimate, i.e., as an expectation over all possible outputs.…”

Section: Related Workmentioning

confidence: 99%

What’s the Over/Under? Probabilistic Bounds on Information Leakage

Sweet

Trilla

Scherrer

et al. 2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Quantitative information flow (QIF) is concerned with measuring how much of a secret is leaked to an adversary who observes the result of a computation that uses it. Prior work has shown that QIF techniques based on abstract interpretation with probabilistic polyhedra can be used to analyze the worst-case leakage of a query, on-line, to determine whether that query can be safely answered. While this approach can provide precise estimates, it does not scale well. This paper shows how to solve the scalability problem by augmenting the baseline technique with sampling and symbolic execution. We prove that our approach never underestimates a query's leakage (it is sound), and detailed experimental results show that we can match the precision of the baseline technique but with orders of magnitude better performance.

show abstract

“…We perform a quantitative information-flow analysis [38] to measure the information leakage caused by the accelerators when protected with the DIFT shell. In our analysis, we found that information leakage depends on the following factors.…”

Section: B Information Leakage: Metric Analysismentioning

confidence: 99%

PAGURUS: Low-Overhead Dynamic Information Flow Tracking on Loosely Coupled Accelerators

Piccolboni

Guglielmo

Carloni

2018

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

View full text Add to dashboard Cite

Software-based attacks exploit bugs or vulnerabilities to get unauthorized access or leak confidential information. Dynamic information flow tracking (DIFT) is a security technique to track spurious information flows and provide strong security guarantees against such attacks. To secure heterogeneous systems, the spurious information flows must be tracked through all their components, including processors, accelerators (i.e., applicationspecific hardware components) and memories. We present PAGU-RUS, a flexible methodology to design a low-overhead shell circuit that adds DIFT support to accelerators. The shell uses a coarsegrain DIFT approach, thus not requiring to make modifications to the accelerator's implementation. We analyze the performance and area overhead of the DIFT shell on FPGAs and we propose a metric, called information leakage, to measure its security guarantees. We perform a design-space exploration to show that we can synthesize accelerators with different characteristics in terms of performance, cost and security guarantees. We also present a case study where we use the DIFT shell to secure an accelerator running on a embedded platform with a DIFT-enhanced RISC-V core.

show abstract

Automation of Quantitative Information-Flow Analysis

Cited by 7 publications

References 59 publications

A language for probabilistically oblivious computation

A language for probabilistically oblivious computation

What’s the Over/Under? Probabilistic Bounds on Information Leakage

PAGURUS: Low-Overhead Dynamic Information Flow Tracking on Loosely Coupled Accelerators

Contact Info

Product

Resources

About