Results 11  20
of
65
The Effects of
 Artificial Sources of Water on Rangeland Biodiversity. Environment Australia and CSIRO
, 1997
"... “Turing hoped that his abstractedpapertape model was so simple, so transparent and well defined, that it would not depend on any assumptions about physics that could conceivably be falsified, and therefore that it could become the basis of an abstract theory of computation that was independent of ..."
Abstract

Cited by 14 (5 self)
 Add to MetaCart
(Show Context)
“Turing hoped that his abstractedpapertape model was so simple, so transparent and well defined, that it would not depend on any assumptions about physics that could conceivably be falsified, and therefore that it could become the basis of an abstract theory of computation that was independent of the underlying physics. ‘He thought, ’ as Feynman once put it, ‘that he understood paper. ’ But he was mistaken. Real, quantummechanical paper is wildly different from the abstract stuff that the Turing machine uses. The Turing machine is entirely classical...”
P.: Applied quantitative information flow and statistical databases
 In: Proc. of the Int. Workshop on Formal Aspects in Security and Trust. Volume 5983 of LNCS., Springer (2009) 96–110 inria00580122, version 5  30 Sep 2011
"... Abstract We firstly describe an algebraic structure which serves as solid basis to quantitatively reason about information flows. We demonstrate how programs in form of partition of states fit into that theoretical framework. The paper presents a new method and implementation to automatically calcul ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
(Show Context)
Abstract We firstly describe an algebraic structure which serves as solid basis to quantitatively reason about information flows. We demonstrate how programs in form of partition of states fit into that theoretical framework. The paper presents a new method and implementation to automatically calculate such partitions, and compares it to existing approaches. As a novel application, we describe a way to transform database queries into a suitable program form which then can be statically analysed to measure its leakage and to spot database inference threats. 1
Quantifying information leakage in process calculi
 Proceedings of ICALP’06. Volume 4052 of Lecture Notes in Computer Science
, 2006
"... Building on simple informationtheoretic concepts, we study two quantitative models of information leakage in the picalculus. The first model presupposes an attacker with an essentially unlimited computational power. The resulting notion of absolute leakage, measured in bits, is in agreement with s ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
Building on simple informationtheoretic concepts, we study two quantitative models of information leakage in the picalculus. The first model presupposes an attacker with an essentially unlimited computational power. The resulting notion of absolute leakage, measured in bits, is in agreement with secrecy as defined by Abadi and Gordon: a process has an absolute leakage of zero precisely when it satisfies secrecy. The second model assumes a restricted observation scenario, inspired by the testing equivalence framework, where the attacker can only conduct repeated successorfailure experiments on processes. Moreover, each experiment has a cost in terms of communication effort. The resulting notion of leakage rate, measured in bits per action, is in agreement with the first model: the maximum amount of information that can be extracted by repeated experiments coincides with the absolute leakage A of the process. Moreover, the overall extraction cost is at least A/R, where R is the rate of the process. The compositionality properties of the two models are also investigated.
Symbolic quantitative information flow
 SIGSOFT Softw. Eng. Notes
"... Quantitative Information Flow (QIF) is a powerful approach to quantify leaks of confidential information in a software system. Here we present a novel method that precisely quantifies information leaks. In order to mitigate the statespace explosion problem, we propose a symbolic representation of ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
(Show Context)
Quantitative Information Flow (QIF) is a powerful approach to quantify leaks of confidential information in a software system. Here we present a novel method that precisely quantifies information leaks. In order to mitigate the statespace explosion problem, we propose a symbolic representation of data, and a general SMTbased framework to explore systematically the state space. Symbolic Execution fits well with our framework, so we implement a method of QIF analysis employing Symbolic Execution. We develop our method as a prototype tool that can perform QIF analysis for a software system developed in Java. The tool is built on top of Java Pathfinder, an open source model checking platform, and it is the first tool in the field to support informationtheoretic QIF analysis.
Sidebuster: Automated Detection and Quantification of SideChannel Leaks in Web Application Development
 In Proceedings of the 17 th ACM Conference on Computer and Communications Security
, 2010
"... A web application is a “twopart ” program, with its components deployed both in the browser and in the web server. The communication between these two components inevitably leaks out the program’s internal states to those eavesdropping on its web traffic, simply through the side channel features of ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
(Show Context)
A web application is a “twopart ” program, with its components deployed both in the browser and in the web server. The communication between these two components inevitably leaks out the program’s internal states to those eavesdropping on its web traffic, simply through the side channel features of the communication such as packet length and timing, even if the traffic is entirely encrypted. Our recent study shows that such sidechannel leaks are both fundamental and realistic: a set of popular web applications are found to disclose highly sensitive user data such as one’s family incomes, health profiles, investment secrets and more through their side channels. Our study also shows that an significant improvement of the current webapplication development practice is necessary to mitigate this threat. To answer this urgent call, we present in this paper a suite of new techniques for automatic detection and quantification of sidechannel leaks in web applications. Our approach, called Sidebuster, can automatically analyze an application’s source code to detect its side channels and then perform a rerun test to assess the amount of information disclosed through such channels (quantified as the entropy loss). Sidebuster has been designed to work on eventdriven applications and can effectively handle the AJAX GUI widgets used in most web applications. In our research, we implemented a prototype of our technique for analyzing GWT applications and evaluated it using complicated web applications. Our study shows that Sidebuster can effectively identify the sidechannel leaks in these applications and assess their severity, with a small overhead.
A Perspective on InformationFlow Control
, 2011
"... Informationflow control tracks how information propagates through the program during execution to make sure that the program handles the information securely. Secure information flow is comprised of two related aspects: information confidentiality and information integrity — intuitively pertaining ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
Informationflow control tracks how information propagates through the program during execution to make sure that the program handles the information securely. Secure information flow is comprised of two related aspects: information confidentiality and information integrity — intuitively pertaining to the reading and writing of the information. The prevailing basic semantic notion of secure information flow is noninterference, demanding independence of public (or, in the case of integrity, trusted) output from secret (or, in the case of integrity, untrusted) input. This document gives an account of the stateoftheart in confidentiality and integrity policies and their enforcement with a systematic formalization of four dominant formulations of noninterference: terminationinsensitive, terminationsensitive, progressinsensitive, and progresssensitive, cast in the setting of two minimal while languages.
Quantifying Maximal Loss of Anonymity in Protocols
 IN: PROCEEDINGS OF ASIACCS 2009
, 2009
"... There is a natural intuitive match between anonymity and information theory. In particular, the maximal anonymity loss in anonymity protocols can be matched to the information theoretical notion of channel capacity. However, there is also a significant mismatch between the theories and reality: curr ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
There is a natural intuitive match between anonymity and information theory. In particular, the maximal anonymity loss in anonymity protocols can be matched to the information theoretical notion of channel capacity. However, there is also a significant mismatch between the theories and reality: current theories can only characterize channel capacity based upon certain assumptions of symmetry, which are rarely satisfied in the real world. This paper aims to resolve this mismatch by appealing to powerful mathematical techniques. A generic methodology using Lagrange multiplier method is proposed to characterize channel capacity in anonymity protocols. This Lagrangian approach is proved to be able to generalize previous work on the channel capacity of protocols. Further, we present analyses on three well known protocols,
A.: QUAIL: A Quantitative Security Analyzer for Imperative Code
 In: Proc. of the 25th International Conference on Computer Aided Verification (CAV
, 2013
"... Abstract. Quantitative security analysis evaluates and compares how effectively a system protects its secret data. We introduce QUAIL, the first tool able to perform an arbitraryprecision quantitative analysis of the security of a system depending on private information. QUAIL builds a Markov Chain ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Quantitative security analysis evaluates and compares how effectively a system protects its secret data. We introduce QUAIL, the first tool able to perform an arbitraryprecision quantitative analysis of the security of a system depending on private information. QUAIL builds a Markov Chain model of the system’s behavior as observed by an attacker, and computes the correlation between the system’s observable output and the behavior depending on the private information, obtaining the expected amount of bits of the secret that the attacker will infer by observing the system. QUAIL is able to evaluate the safety of randomized protocols depending on secret data, allowing to verify a security protocol’s effectiveness. We experiment with a few examples and show that QUAIL’s security analysis is more accurate and revealing than results of other tools. 1
Verified Indifferentiable Hashing into Elliptic Curves
"... Abstract. Many cryptographic systems based on elliptic curves are proven secure in the Random Oracle Model, assuming there exist probabilistic functions that map elements in some domain (e.g. bitstrings) onto uniformly and independently distributed points in a curve. When implementing such systems, ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Many cryptographic systems based on elliptic curves are proven secure in the Random Oracle Model, assuming there exist probabilistic functions that map elements in some domain (e.g. bitstrings) onto uniformly and independently distributed points in a curve. When implementing such systems, and in order for the proof to carry over to the implementation, those mappings must be instantiated with concrete constructions whose behavior does not deviate significantly from random oracles. In contrast to other approaches to publickey cryptography, where candidates to instantiate random oracles have been known for some time, the first generic construction for hashing into ordinary elliptic curves indifferentiable from a random oracle was put forward only recently by Brier et al. We present a machinechecked proof of this construction. The proof is based on an extension of the CertiCrypt framework with logics and mechanized tools for reasoning about approximate forms of observational equivalence, and integrates mathematical libraries of group theory and elliptic curves. 1
The complexity of quantitative information flow problems
 In CSF
, 2011
"... Abstract—In this paper, we investigate the computational complexity of quantitative information flow (QIF) problems. Informationtheoretic quantitative relaxations of noninterference (based on Shannon entropy) have been introduced to enable more finegrained reasoning about programs in situations wh ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
(Show Context)
Abstract—In this paper, we investigate the computational complexity of quantitative information flow (QIF) problems. Informationtheoretic quantitative relaxations of noninterference (based on Shannon entropy) have been introduced to enable more finegrained reasoning about programs in situations where limited information flow is acceptable. The QIF bounding problem asks whether the information flow in a given program is bounded by a constant d. Our first result is that the QIF bounding problem is PSPACEcomplete. The QIF memoryless synthesis problem asks whether it is possible to resolve nondeterministic choices in a given partial program in such a way that in the resulting deterministic program, the quantitative information flow is bounded by a given constant d. Our second result is that the QIF memoryless synthesis problem is also PSPACEcomplete. The QIF memoryless synthesis problem generalizes to QIF general synthesis problem which does not impose the memoryless requirement (that is, by allowing the synthesized program to have more variables then the original partial program). Our third result is that the QIF general synthesis problem is EXPTIMEhard. Keywordsquantitative information flow, verification, synthesis, computational complexity I.