Abstract. Information theory provides a range of useful methods to analyse probability distributions and these techniques have been successfully applied to measure information flow and the loss of anonymity in secure systems. However, previous work has tended to assume that the exact probabilities of every action are known, or that the system is non-deterministic. In this paper, we show that measures of information leakage based on mutual information and capacity can be calculated, automatically, from trial runs of a system alone. We find a confidence interval for this estimate based on the number of possible inputs, observations and samples. We have developed a tool to automatically perform this analysis and we demonstrate our method by analysing a Mixminon anonymous remailer node. 1

Abstract. Bellman’s optimality principle is a method for solving problems where one needs to find best decisions one after another. The principle can be extended to assess the information leakage in multi-threaded programs, and is formalized into the optimum leakage principle hereby proposed in this paper. By modeling the state transitions in multithreaded programs, the principle is combined with information theory to assess the leakage in multi-threaded programs, as the result of an optimal policy. This offers a new perspective to measure the information leakage and enables to track the leakage at run-time. Examples are given to demonstrate the analysis process. Finally, efficient implementation of this methodology is also briefly discussed. 1