Belief in Information Flow

Clarkson, Michael R.; Myers, Andrew C.; Schneider, Fred B.

doi:10.1109/csfw.2005.10

Cited by 92 publications

(125 citation statements)

References 19 publications

Supporting

Mentioning

121

Contrasting

Order By: Relevance

“…Clarkson et al [21,22] showed that the Shannon entropy approach is inadequate for measuring information flow when the adversary makes assumptions about the high-level secret and such assumptions might be incorrect. Based on the conviction that it is unavoidable that the attacker makes such (potentially inaccurate) assumptions, they proposed a new metric.…”

Section: Belief Approachmentioning

confidence: 99%

“…As far as we know, [21,22] have been the first papers to address the adversary's beliefs in quantifying information flow. This line of work, which inspired our formulation of the belief-vulnerability, is based on the KullbackLeibler distance, a concept related to Shannon entropy which in general, as already mentioned in Section 3, fails to characterize many realistic attacks scenarios.…”

Section: Related Workmentioning

confidence: 99%

“…A refinement of the above approaches came from the ideas of integrating the notions of extra knowledge and belief [20,21,22]. The idea is that the gain obtained by looking at the output should be relative to the possible initial knowledge or belief that an attacker may have about the secret.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Quantifying leakage in the presence of unreliable sources of information

Hamadou

Palamidessi

Sassone

2017

Journal of Computer and System Sciences

View full text Add to dashboard Cite

Belief and min-entropy leakage are two well-known approaches to quantify information flow in security systems. Both concepts stand as alternatives to the traditional approaches founded on Shannon entropy and mutual information, which were shown to provide inadequate security guarantees. In this paper we unify the two concepts in one model so as to cope with the frequent (potentially inaccurate, misleading or outdated) attackers' side information about individuals on social networks, online forums, blogs and other forms of online communication and information sharing. To this end we propose a new metric based on min-entropy that takes into account the adversary's beliefs.

show abstract

Section: Belief Approachmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Quantifying leakage in the presence of unreliable sources of information

Hamadou

Palamidessi

Sassone

2017

Journal of Computer and System Sciences

View full text Add to dashboard Cite

show abstract

“…Papers with a foundational focus include those of Clarkson et al (2005), Köpf and Basin (2007), Malacaria (2007), Chatzikokolakis et al (2008), Smith (2009), McIver et al (2010, Barthe and Köpf (2011) and Alvim et al (2012). Andrés et al (2010) and Heusser and Malacaria (2010).…”

mentioning

confidence: 99%

Preface to the special issue on quantitative information flow

Andrés¹,

Palamidessi²,

Smith³

2014

Math. Struct. Comp. Sci.

View full text Add to dashboard Cite

A long-standing and fundamental issue in computer security is to control the flow of information, whether to prevent confidential information from being leaked, or to prevent trusted information from being tainted. While there have been many efforts aimed at preventing improper flows completely (see for example, the survey by Sabelfeld and Myers (2003)), it has long been recognized that perfection is often impossible in practice. A basic example is a login program -whenever it rejects an incorrect password, it unavoidably reveals that the secret password differs from the one that was entered. More subtly, systems may be vulnerable to side channel attacks, because observable characteristics like running time and power consumption may depend, at least partially, on sensitive information.For these reasons, the possibility of quantifying information flow becomes attractive, as this could allow certain improper flows to be tolerated on the grounds that they are 'small'. While there was early work on quantitative information flow by Denning (1983), Millen (1987, McLean (1990) and Gray (1991), the area received relatively little attention until the past decade, when it was revitalized starting with the efforts of Clark, Hunt, and Malacaria (2001).In the past decade, there has been too much work for a comprehensive survey here, but we can briefly describe the main themes that have been explored.From the perspective of foundations, there have been a variety of studies aimed at defining quantitative measures of information flow for a variety of system models, establishing the operational significance of the measures with respect to security, and establishing their mathematical properties, including relationships among the different measures that have been considered. Papers with a foundational focus include those of

show abstract

“…While the leakage should depend on the difference induced by the belief change due to the observation, the averaging probability should remain the same. (A similar concern has also inspired the works of [5] and [7].) In order to avoid the unnatural consequence of a negative leakage, we propose to base the notion of leakage directly on the (more primitive) notion of mutual information.…”

mentioning

confidence: 99%

Entropy and Attack Models in Information Flow

Alvim

Andrés

Palamidessi

2010

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

In recent years, there has been a growing interest in considering the quantitative aspects of Information Flow, partly because often the a priori knowledge of the secret information can be represented by a probability distribution, and partly because the mechanisms to protect the information may use randomization to obfuscate the relation between the secrets and the observables.Several works in literature use an Information Theoretic approach to model the problem and define the leakage in a quantitative way, see for example [17,4,9,10,13,12,2]. The idea is that the system is seen as a channel. The input represents the secret, the output represents the observable, and the correlation between the input and output (mutual information) represents the information leakage. The worst case leakage corresponds then to the capacity of the channel, which is by definition the maximum mutual information that can be obtained by varying the input distribution.In the works mentioned above, the notion of mutual information is based on Shannon entropy, which (because of its mathematical properties) is the most established measure of uncertainty. From the security point of view, this measure corresponds to a particular model of attack and a particular way of estimating the security threat (vulnerability of the secret). Other notions have been considered, and argued to be more appropriate for security in certain scenarios. These include: Rényi min-entropy [1,16], Bayes risk [3], guessing entropy [11], and marginal guesswork [14]. Köpf and Basin discuss the relation between bruteforce guessing attacks and entropy in [8], in the context of information flow induced by a deterministic program, and define the information leakage as difference between the input entropy and the conditional one, namely the entropy based on the a priori input distribution, and the entropy of the a posteriori distribution (i.e. after observing teh output), respectively. One of their main results is that, in their framework, the notion of leakage under the various notions of attacks considered in their paper is always non-negative.In this talk, we extend the analysis of Köpf and Basin to the probabilistic scenario, and we consider also other notions of entropy, including the family of entropies proposed by Rényi [15]. We argue that in the probabilistic case the notion of information leakage needs to be revised. In fact, when the same secret can give different observables (according to a probability distribution),

show abstract

Belief in Information Flow

Abstract: Abstract

Cited by 92 publications

References 19 publications

Quantifying leakage in the presence of unreliable sources of information

Quantifying leakage in the presence of unreliable sources of information

Preface to the special issue on quantitative information flow

Entropy and Attack Models in Information Flow

Contact Info

Product

Resources

About