Results 1  10
of
29
Belief in information flow
 In Proc. 18th IEEE Computer Security Foundations Workshop
, 2005
"... Information leakage traditionally has been defined to occur when uncertainty about secret data is reduced. This uncertaintybased approach is inadequate for measuring information flow when an attacker is making assumptions about secret inputs and these assumptions might be incorrect; such attacker b ..."
Abstract

Cited by 53 (10 self)
 Add to MetaCart
Information leakage traditionally has been defined to occur when uncertainty about secret data is reduced. This uncertaintybased approach is inadequate for measuring information flow when an attacker is making assumptions about secret inputs and these assumptions might be incorrect; such attacker beliefs are an unavoidable aspect of any satisfactory definition of leakage. To reason about information flow based on beliefs, a model is developed that describes how attacker beliefs change due to the attacker’s observation of the execution of a probabilistic (or deterministic) program. The model leads to a new metric for quantitative information flow that measures accuracy rather than uncertainty of beliefs. 1.
On the Foundations of Quantitative Information Flow
"... Abstract. There is growing interest in quantitative theories of information flow in a variety of contexts, such as secure information flow, anonymity protocols, and sidechannel analysis. Such theories offer an attractive way to relax the standard noninterference properties, letting us tolerate “sma ..."
Abstract

Cited by 47 (6 self)
 Add to MetaCart
Abstract. There is growing interest in quantitative theories of information flow in a variety of contexts, such as secure information flow, anonymity protocols, and sidechannel analysis. Such theories offer an attractive way to relax the standard noninterference properties, letting us tolerate “small ” leaks that are necessary in practice. The emerging consensus is that quantitative information flow should be founded on the concepts of Shannon entropy and mutual information.Butauseful theory of quantitative information flow must provide appropriate security guarantees: if the theory says that an attack leaks x bits of secret information, then x should be useful in calculating bounds on the resulting threat. In this paper, we focus on the threat that an attack will allow the secret to be guessed correctly in one try. With respect to this threat model, we argue that the consensus definitions actually fail to give good security guarantees—the problem is that a random variable can have arbitrarily large Shannon entropy even if it is highly vulnerable to being guessed. We then explore an alternative foundation based on a concept of vulnerability (closely related to Bayes risk) and which measures uncertainty using Rényi’s minentropy, rather than Shannon entropy. 1
Quantifying information flow with beliefs
 Cornell University
, 2006
"... To reason about information flow, a new model is developed that describes how attacker beliefs change due to the attacker’s observation of the execution of a probabilistic (or deterministic) program. The model enables compositional reasoning about information flow from attacks involving sequences of ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
To reason about information flow, a new model is developed that describes how attacker beliefs change due to the attacker’s observation of the execution of a probabilistic (or deterministic) program. The model enables compositional reasoning about information flow from attacks involving sequences of interactions. The model also supports a new metric for quantitative information flow that measures accuracy of an attacker’s beliefs. Applying this new metric reveals inadequacies of traditional information flow metrics, which are based on reduction of uncertainty. However, the new metric is sufficiently general that it can be instantiated to measure either accuracy or uncertainty. The new metric can also be used to reason about misinformation; deterministic programs are shown to be incapable of producing misinformation. Additionally, programs in which nondeterministic choices are made by insiders, who collude with attackers, can be analyzed. 1
Quantification of Integrity
"... Two informationflow integrity measures are introduced: contamination and suppression. The former is dual to informationflow confidentiality, and the latter is analogous to the standard model of channel reliability from information theory. The relationship between quantitative integrity, confidenti ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
Two informationflow integrity measures are introduced: contamination and suppression. The former is dual to informationflow confidentiality, and the latter is analogous to the standard model of channel reliability from information theory. The relationship between quantitative integrity, confidentiality, and database privacy is examined.
Computing the Leakage of InformationHiding Systems
"... Abstract. We address the problem of computing the information leakage of a system in an efficient way. We propose two methods: one based on reducing the problem to reachability, and the other based on techniques from quantitative counterexample generation. The second approach can be used either for ..."
Abstract

Cited by 9 (6 self)
 Add to MetaCart
Abstract. We address the problem of computing the information leakage of a system in an efficient way. We propose two methods: one based on reducing the problem to reachability, and the other based on techniques from quantitative counterexample generation. The second approach can be used either for exact or approximate computation, and provides feedback for debugging. These methods can be applied also in the case in which the input distribution is unknown. We then consider the interactive case and we point out that the definition of associated channel proposed in literature is not sound. We show however that the leakage can still be defined consistently, and that our methods extend smoothly. 1
A Provably Secure And Efficient Countermeasure Against Timing Attacks
"... We show that the amount of information about the key that an unknownmessage attacker can extract from a deterministic sidechannel is bounded from above by Olog 2 (n + 1) bits, where n is the number of sidechannel measurements and O is the set of possible observations. We use this bound to deriv ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
We show that the amount of information about the key that an unknownmessage attacker can extract from a deterministic sidechannel is bounded from above by Olog 2 (n + 1) bits, where n is the number of sidechannel measurements and O is the set of possible observations. We use this bound to derive a novel countermeasure against timing attacks, where the strength of the security guarantee can be freely traded for the resulting performance penalty. We give algorithms that efficiently and optimally adjust this tradeoff for given constraints on the sidechannel leakage or on the efficiency of the cryptosystem. Finally, we perform a casestudy that shows that applying our countermeasure leads to implementations with minor performance overhead and formal security guarantees. 1.
Quantifying timing leaks and cost optimisation
 In Proc. ICICS ’08, volume 5308 of LNCS
, 2008
"... Abstract. We develop a new notion of security against timing attacks where the attacker is able to simultaneously observe the execution time of a program and the probability of the values of low variables. We then show how to measure the security of a program with respect to this notion via a comput ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
Abstract. We develop a new notion of security against timing attacks where the attacker is able to simultaneously observe the execution time of a program and the probability of the values of low variables. We then show how to measure the security of a program with respect to this notion via a computable estimate of the timing leakage and use this estimate for cost optimisation. 1
Differential Privacy: on the tradeoff between Utility and Information Leakage ⋆
, 2011
"... Abstract. Differential privacy is a notion of privacy that has become very popular in the database community. Roughly, the idea is that a randomized query mechanism provides sufficient privacy protection if the ratio between the probabilities that two adjacent datasets give the same answer is bound ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
Abstract. Differential privacy is a notion of privacy that has become very popular in the database community. Roughly, the idea is that a randomized query mechanism provides sufficient privacy protection if the ratio between the probabilities that two adjacent datasets give the same answer is bound by e ǫ. In the field of information flow there is a similar concern for controlling information leakage, i.e. limiting the possibility of inferring the secret information from the observables. In recent years, researchers have proposed to quantify the leakage in terms of minentropy leakage, a concept strictly related to the Bayes risk. In this paper, we show how to model the query system in terms of an informationtheoretic channel, and we compare the notion of differential privacy with that of minentropy leakage. We show that differential privacy implies a bound on the minentropy leakage, but not viceversa. Furthermore, we show that our bound is tight. Then, we consider the utility of the randomization mechanism, which represents how close the randomized answers are to the real ones, in average. We show that the notion of differential privacy implies a bound on utility, also tight, and we propose a method that under certain conditions builds an optimal randomization mechanism, i.e. a mechanism which provides the best utility while guaranteeing ǫdifferential privacy. 1
Dynamic Enforcement of Knowledgebased Security Policies
"... Abstract—This paper explores the idea of knowledgebased security policies, which are used to decide whether to answer a query over secret data based on an estimation of the querier’s (possibly increased) knowledge given the result. Limiting knowledge is the goal of existing information release poli ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Abstract—This paper explores the idea of knowledgebased security policies, which are used to decide whether to answer a query over secret data based on an estimation of the querier’s (possibly increased) knowledge given the result. Limiting knowledge is the goal of existing information release policies that employ mechanisms such as noising, anonymization, and redaction. Knowledgebased policies are more general: they increase flexibility by not fixing the means to restrict information flow. We enforce a knowledgebased policy by explicitly tracking a model of a querier’s belief about secret data, represented as a probability distribution. We then deny any query that could increase knowledge above a given threshold. We implement query analysis and belief tracking via abstract interpretation using a novel domain we call probabilistic polyhedra, whose design permits trading off precision with performance while ensuring estimates of a querier’s knowledge are sound. Experiments with our implementation show that several useful queries can be handled efficiently, and performance scales far better than would more standard implementations of probabilistic computation based on sampling. I.
Quantifying information leakage in process calculi
 Proceedings of ICALP’06. Volume 4052 of Lecture Notes in Computer Science
, 2006
"... Building on simple informationtheoretic concepts, we study two quantitative models of information leakage in the picalculus. The first model presupposes an attacker with an essentially unlimited computational power. The resulting notion of absolute leakage, measured in bits, is in agreement with s ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
Building on simple informationtheoretic concepts, we study two quantitative models of information leakage in the picalculus. The first model presupposes an attacker with an essentially unlimited computational power. The resulting notion of absolute leakage, measured in bits, is in agreement with secrecy as defined by Abadi and Gordon: a process has an absolute leakage of zero precisely when it satisfies secrecy. The second model assumes a restricted observation scenario, inspired by the testing equivalence framework, where the attacker can only conduct repeated successorfailure experiments on processes. Moreover, each experiment has a cost in terms of communication effort. The resulting notion of leakage rate, measured in bits per action, is in agreement with the first model: the maximum amount of information that can be extracted by repeated experiments coincides with the absolute leakage A of the process. Moreover, the overall extraction cost is at least A/R, where R is the rate of the process. The compositionality properties of the two models are also investigated.