SAT-Based Analysis and Quantification of Information Flow in Programs

Klebanov, Vladimir; Manthey, Norbert; Muise, Christian

doi:10.1007/978-3-642-40196-1_16

Cited by 41 publications

(45 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For these reasons counting the number of observables is the basis of state-ofthe-art QIF analysis, e.g. [16,10,20,13,17,19], and also the basis for this work. The channel capacity theorem also justifies the following: Definition 1.…”

Section: Quantitative Information Flowmentioning

confidence: 99%

“…For example, to analyze the program above, in [16] and more recently [17], the authors manually transformed it into bit vector predicates. Other papers require users to have verification expertise to use an interactive theorem prover [12], or require user to write a driver following a template [10] or to instrument the program under test [13].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Quantifying information leaks using reliability analysis

Phan

Malacaria

Păsăreanu

et al. 2014

Proceedings of the 2014 International SPIN Symposium on Model Checking of Software

View full text Add to dashboard Cite

We report on our work-in-progress into the use of reliability analysis to quantify information leaks. In recent work we have proposed a software reliability analysis technique that uses symbolic execution and model counting to quantify the probability of reaching designated program states, e.g. assert violations, under uncertainty conditions in the environment. The technique has many applications beyond reliability analysis, ranging from program understanding and debugging to analysis of cyber-physical systems. In this paper we report on a novel application of the technique, namely Quantitative Information Flow analysis (QIF). The goal of QIF is to measure information leakage of a program by using information-theoretic metrics such as Shannon entropy or Rényi entropy. We exploit the model counting engine of the reliability analyzer over symbolic program paths, to compute an upper bound of the maximum leakage over all possible distributions of the confidential data.We have implemented our approach into a prototype tool, called QILURA, and explore its effectiveness on a number of case studies.

show abstract

Section: Quantitative Information Flowmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Quantifying information leaks using reliability analysis

Phan

Malacaria

Păsăreanu

et al. 2014

Proceedings of the 2014 International SPIN Symposium on Model Checking of Software

View full text Add to dashboard Cite

show abstract

“…Klebanov [13,14] has proposed efficient algorithms for exactly computing standard quantitative information flow measures of programs such as conditional (minimal) guessing entropy. The algorithms are either based on SATsolving techniques [14] or on extended Barvinok counting [22].…”

Section: Related Workmentioning

confidence: 99%

“…The algorithms are either based on SATsolving techniques [14] or on extended Barvinok counting [22]. These techniques are applied only to restricted classes of programs.…”

Section: Related Workmentioning

confidence: 99%

Browser Randomisation against Fingerprinting: A Quantitative Information Flow Approach

2014

View full text Add to dashboard Cite

Abstract. Web tracking companies use device fingerprinting to distinguish the users of the websites by checking the numerous properties of their machines and web browsers. One way to protect the users' privacy is to make them switch between different machine and browser configurations. We propose a formalisation of this privacy enforcement mechanism. We use information-theoretic channels to model the knowledge of the tracker and the fingerprinting program, and show how to synthesise a randomisation mechanism that defines the distribution of configurations for each user. This mechanism provides a strong guarantee of privacy (the probability of identifying the user is bounded by a given threshold) while maximising usability (the user switches to other configurations rarely). To find an optimal solution, we express the enforcement problem of randomisation by a linear program. We investigate and compare several approaches to randomisation and find that more efficient privacy enforcement would often provide lower usability. Finally, we relax the requirement of knowing the fingerprinting program in advance, by proposing a randomisation mechanism that guarantees privacy for an arbitrary program.

show abstract

“…Recent work [5,[27][28][29][30] has established the connection between partial information leakage and model counting. This approach views leakage in terms of a relation that characterizes which inputs are indistinguishable on observing a program's output: two inputs are related if it is not possible to distinguish which was used to produce a given output.…”

Section: Introductionmentioning

confidence: 99%

Satisfiability modulo counting

Fredrikson

Jha

2014

Proceedings of the Joint Meeting of the Twenty-Third EACSL Annual Conference on Computer Science Logic (CSL) and the Twenty-Nin

View full text Add to dashboard Cite

Applications increasingly derive functionality from sensitive personal information, forcing developers who wish to preserve some notion of privacy or confidentiality to reason about partial information leakage. New definitions of privacy and confidentiality, such as differential privacy, address this by offering precise statements of acceptable disclosure that are useful in common settings. However, several recent published accounts of flawed implementations have surfaced, highlighting the need for verification techniques.In this paper, we pose the problem of model-counting satisfiability, and show that a diverse set of privacy and confidentiality verification problems can be reduced to instances of it. In this problem, constraints are placed on the outcome of model-counting operations, which occur over formulas containing parameters. The object is to find an assignment to the parameters that satisfies the model-counting constraints, or to demonstrate unsatisfiability.We present a logic for expressing these problems, and an abstract decision procedure for model-counting satisfiability problems fashioned after CDCL-based SMT procedures, encapsulating functionality specific to the underlying logic in which counting occurs in a small set of black-box routines similar to those required of theory solvers in SMT. We describe an implementation of this procedure for linear-integer arithmetic, as well as an effective strategy for generating lemmas. We conclude by applying our decision procedure to the verification of privacy properties over programs taken from a well-known privacy-preserving compiler, demonstrating its ability to find flaws or prove correctness sometimes in a matter of seconds.

show abstract

SAT-Based Analysis and Quantification of Information Flow in Programs

Cited by 41 publications

References 26 publications

Quantifying information leaks using reliability analysis

Quantifying information leaks using reliability analysis

Browser Randomisation against Fingerprinting: A Quantitative Information Flow Approach

Satisfiability modulo counting

Contact Info

Product

Resources

About