Probabilistic Point-to-Point Information Leakage

Chothia, Tom; Kawamoto, Yusuke; Novakovic, Chris; Parker, David

doi:10.1109/csf.2013.20

Cited by 25 publications

(27 citation statements)

References 29 publications

(35 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, statistical methods [2,3,4,5,6] have been studied for quantitative information flow analysis [7,8,9], which estimates an entropy-based property to quantify the leakage of confidential information in a system. More specifically, the analysis estimates mutual information or other properties between two random variables on the secrets and on the observable outputs in the system to measure the amount of information that is inferable about the secret by observing the output.…”

Section: Introductionmentioning

confidence: 99%

Hybrid Statistical Estimation of Mutual Information for Quantifying Information Flow

Kawamoto

Biondi

Legay

2016

FM 2016: Formal Methods

Self Cite

View full text Add to dashboard Cite

Abstract. Analysis of a probabilistic system often requires to learn the joint probability distribution of its random variables. The computation of the exact distribution is usually an exhaustive precise analysis on all executions of the system. To avoid the high computational cost of such an exhaustive search, statistical analysis has been studied to efficiently obtain approximate estimates by analyzing only a small but representative subset of the system's behavior. In this paper we propose a hybrid statistical estimation method that combines precise and statistical analyses to estimate mutual information and its confidence interval. We show how to combine the analyses on different components of the system with different precision to obtain an estimate for the whole system. The new method performs weighted statistical analysis with different sample sizes over different components and dynamically finds their optimal sample sizes. Moreover it can reduce sample sizes by using prior knowledge about systems and a new abstraction-then-sampling technique based on qualitative analysis. We show the new method outperforms the state of the art in quantifying information leakage.

show abstract

Section: Introductionmentioning

confidence: 99%

Hybrid Statistical Estimation of Mutual Information for Quantifying Information Flow

Kawamoto

Biondi

Legay

2016

FM 2016: Formal Methods

Self Cite

View full text Add to dashboard Cite

show abstract

“…It is based on a "point-to-point" information leakage model in which secret and publicly-observable data may occur at any time during the program's execution, including inside complex code structures such as branches and nested loops. This model, which we developed previously using a semantics based on discrete-time Markov chains [4], is particularly well-suited to analysing complex programs where secret and publiclyobservable data may occur at any point: if secret and publicly-observable values are "tagged" using the secret and observe commands respectively, it measures how much information a passive attacker with knowledge of the program's source code learns about the secret values by examining the observable values.…”

Section: Introductionmentioning

confidence: 99%

LeakWatch: Estimating Information Leakage from Java Programs

Chothia

Kawamoto

Novakovic

2014

Computer Security - ESORICS 2014

Self Cite

View full text Add to dashboard Cite

Abstract. Programs that process secret data may inadvertently reveal information about those secrets in their publicly-observable output. This paper presents LeakWatch, a quantitative information leakage analysis tool for the Java programming language; it is based on a flexible "point-to-point" information leakage model, where secret and publiclyobservable data may occur at any time during a program's execution. LeakWatch repeatedly executes a Java program containing both secret and publicly-observable data and uses robust statistical techniques to provide estimates, with confidence intervals, for min-entropy leakage (using a new theoretical result presented in this paper) and mutual information. We demonstrate how LeakWatch can be used to estimate the size of information leaks in a range of real-world Java programs.

show abstract

“…In [15], this type of information leakage model has been discussed. In the paper, leakage in practical JAVA programs has been quantified.…”

Section: Imperative Program With Point To Point Information Leakagementioning

confidence: 99%

“…Point to point information leakage in the imperative program: This method was first proposed by Tom Chothiya et al in [15]. In this paper, a method has been proposed to find leakage between any two arbitrary points in the imperative probabilistic program.…”

Section: Introductionmentioning

confidence: 99%

Relating Maxwell’s demon and quantitative analysis of information leakage for practical imperative programs

Anjaria

Mishra

2017

Chinese Phys. B

View full text Add to dashboard Cite

Shannon observed the relation between information entropy and Maxwell demon experiment to come up with information entropy formula. After that, Shannon's entropy formula is widely used to measure information leakage in imperative programs. But in the present work, our aim is to go in a reverse direction and try to find possible Maxwell's demon experimental setup for contemporary practical imperative programs in which variations of Shannon's entropy formula has been applied to measure the information leakage. To establish the relation between the second principle of thermodynamics and quantitative analysis of information leakage, present work models contemporary variations of imperative programs in terms of Maxwell's demon experimental setup. In the present work five contemporary variations of imperative program related to information quantification are identified. They are: (1) information leakage in imperative program (2) imperative multithreaded program (3) point to point leakage in the imperative program (4) imperative program with infinite observation and (5) imperative program in the SOA-based environment. For these variations, minimal work required by an attacker to gain the secret is also calculated using historical Maxwell's demon experiment. To model the experimental setup of Maxwell's demon, non-interference security policy is used. In the present work, imperative programs with one-bit secret information have been considered to avoid the complexity. The findings of the present work from the history of physics can be utilized in many areas related to information flow of physical computing, nano-computing, quantum computing, biological computing, energy dissipation in computing and computing power analysis.

show abstract

Probabilistic Point-to-Point Information Leakage

Cited by 25 publications

References 29 publications

Hybrid Statistical Estimation of Mutual Information for Quantifying Information Flow

Hybrid Statistical Estimation of Mutual Information for Quantifying Information Flow

LeakWatch: Estimating Information Leakage from Java Programs

Relating Maxwell’s demon and quantitative analysis of information leakage for practical imperative programs

Contact Info

Product

Resources

About