Reconciling Belief and Vulnerability in Information Flow

Hamadou, Sardaouna; Sassone, Vladimiro; Palamidessi, Catuscia

doi:10.1109/sp.2010.13

Cited by 29 publications

(28 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…More subtly, the amount of time taken by a cryptographic operation may be observable by an adversary, and may inadvertently reveal information about the secret key. As a result, the last decade has seen growing interest in quantitative theories of information flow [1], [2], [3], [4], [5], which allow us to talk about "how much" information is leaked and (perhaps) allow us to tolerate "small" leaks.…”

Section: Introductionmentioning

confidence: 99%

Quantifying Information Flow Using Min-Entropy

Smith

2011

2011 Eighth International Conference on Quantitative Evaluation of SysTems

View full text Add to dashboard Cite

Abstract-Quantitative theories of information flow are of growing interest, due to the fundamental importance of protecting confidential information from improper disclosure, together with the unavoidability of "small" leaks in practical systems. But while it is tempting to measure leakage using classic information-theoretic concepts like Shannon entropy and mutual information, these turn out not to provide very satisfactory security guarantees. As a result, several researchers have developed an alternative theory based on Rényi's minentropy. In this theory, uncertainty is measured in terms of a random variable's vulnerability to being guessed in one try by an adversary; note that this is the complement of the Bayes Risk. In this paper, we survey the main theory of min-entropy leakage in deterministic and probabilistic systems, including comparisons with mutual information leakage, results on mincapacity, results on channels in cascade, and techniques for calculating min-entropy leakage in systems.

show abstract

Section: Introductionmentioning

confidence: 99%

Quantifying Information Flow Using Min-Entropy

Smith

2011

2011 Eighth International Conference on Quantitative Evaluation of SysTems

View full text Add to dashboard Cite

show abstract

“…Among its several advantages, our model allows to identify the levels of accuracy for the adversary's beliefs which are compatible with the security of a given program or protocol. This paper revises and expends an earlier version [29]. First, we have simplified the model of the adversary's belief.…”

Section: Introductionmentioning

confidence: 98%

Quantifying leakage in the presence of unreliable sources of information

Hamadou

Palamidessi

Sassone

2017

Journal of Computer and System Sciences

Self Cite

View full text Add to dashboard Cite

Belief and min-entropy leakage are two well-known approaches to quantify information flow in security systems. Both concepts stand as alternatives to the traditional approaches founded on Shannon entropy and mutual information, which were shown to provide inadequate security guarantees. In this paper we unify the two concepts in one model so as to cope with the frequent (potentially inaccurate, misleading or outdated) attackers' side information about individuals on social networks, online forums, blogs and other forms of online communication and information sharing. To this end we propose a new metric based on min-entropy that takes into account the adversary's beliefs.

show abstract

“…In the past decade, there has been growing interest in quantitative theories of information flow [7,15] that allow us to talk about "how much" information is leaked and (perhaps) allow us to tolerate "small" leaks. One theory of quantitative information flow that has received considerable attention recently [21,6,4,13,3] is based on measuring uncertainty using Rényi's min-entropy [18], rather than using Shannon entropy [20]. The advantage of min-entropy leakage is that it is based directly on a secret's vulnerability to being guessed in one try by an adversary, resulting in stronger operational security guarantees than are obtained with Shannon entropy and mutual information [21].…”

Section: Introductionmentioning

confidence: 99%

Min-Entropy Leakage of Channels in Cascade

Espinoza

Smith

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Theories of quantitative information flow offer an attractive framework for analyzing confidentiality in practical systems, which often cannot avoid "small" leaks of confidential information. Recently there has been growing interest in the theory of min-entropy leakage, which measures uncertainty based on a random variable's vulnerability to being guessed in one try by an adversary. Here we contribute to this theory by studying the min-entropy leakage of systems formed by cascading two channels together, using the output of the first channel as the input to the second channel. After considering the semantics of cascading carefully and exposing some technical subtleties, we prove that the min-entropy leakage of a cascade of two channels cannot exceed the leakage of the first channel; this result is a min-entropy analogue of the classic data-processing inequality. We show however that a comparable bound does not hold for the second channel. We then consider the min-capacity, or maximum leakage over all a priori distributions, showing that the min-capacity of a cascade of two channels cannot exceed the min-capacity of either channel.

show abstract

Reconciling Belief and Vulnerability in Information Flow

Cited by 29 publications

References 32 publications

Quantifying Information Flow Using Min-Entropy

Quantifying Information Flow Using Min-Entropy

Quantifying leakage in the presence of unreliable sources of information

Min-Entropy Leakage of Channels in Cascade

Contact Info

Product

Resources

About