Results 1 
5 of
5
MinEntropy as a Resource
"... Secrecy is fundamental to computer security, but real systems often cannot avoid leaking some secret information. For this reason, it is useful to model secrecy quantitatively, thinking of it as a “resource ” that may be gradually “consumed ” by a system. In this paper, we explore this intuition thr ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
(Show Context)
Secrecy is fundamental to computer security, but real systems often cannot avoid leaking some secret information. For this reason, it is useful to model secrecy quantitatively, thinking of it as a “resource ” that may be gradually “consumed ” by a system. In this paper, we explore this intuition through several dynamic and static models of secrecy consumption, ultimately focusing on (average) vulnerability and minentropy leakage as especially useful models of secrecy consumption. We also consider several composition operators that allow smaller systems to be combined into a larger system, and explore the extent to which the secrecy consumption of a combined system is constrained by the secrecy consumption of its constituents.
Preventing SideChannel Leaks in Web Traffic: A Formal Approach
"... Internet traffic is exposed to potential eavesdroppers. Standard encryption mechanisms do not provide sufficient protection: Features such as packet sizes and numbers remain visible, opening the door to socalled sidechannel attacks against web traffic. This paper develops a framework for the deriv ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
(Show Context)
Internet traffic is exposed to potential eavesdroppers. Standard encryption mechanisms do not provide sufficient protection: Features such as packet sizes and numbers remain visible, opening the door to socalled sidechannel attacks against web traffic. This paper develops a framework for the derivation of formal guarantees against traffic sidechannels. We present a model which captures important characteristics of web traffic, and we define measures of security based on quantitative information flow. Leaning on the wellstudied properties of these measures, we provide an assembly kit for countermeasures and their security guarantees, and we show that security guarantees are preserved on lower levels of the protocol stack. We further propose a novel technique for the efficient derivation of security guarantees for web applications. The key novelty of this technique is that it provides guarantees that cover all execution paths in a web application, i.e. it achieves completeness. We demonstrate the utility of our techniques in two case studies, where we derive formal guarantees for the security of a mediumsized regionallanguage Wikipedia and an autocomplete input field. 1
To cite this version:
, 2015
"... HAL is a multidisciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L’archive ouverte p ..."
Abstract
 Add to MetaCart
(Show Context)
HAL is a multidisciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L’archive ouverte pluridisciplinaire HAL, est destinée au dépôt et a ̀ la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés. On the information leakage of differentiallyprivate mechanisms
Formal Analysis of Information Flow Using MinEntropy and Belief MinEntropy
"... Abstract. Information flow analysis plays a vital role in obtaining quantitative bounds on information leakage due to external attacks. Traditionally, information flow analysis is done using paperandpencil based proofs or computer simulations based on the Shannon entropy and mutual information. ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Information flow analysis plays a vital role in obtaining quantitative bounds on information leakage due to external attacks. Traditionally, information flow analysis is done using paperandpencil based proofs or computer simulations based on the Shannon entropy and mutual information. However, these metrics sometimes provide misleading information while dealing with some specific threat models, like when the secret is correctly guessed in one try. MinEntropy and Belief Minentropy metrics have been recently proposed to address these problems. But the information flow analysis using these metrics is done by simulation and paperandpencil approaches and thus cannot ascertain accurate results due to their inherent limitations. In order to overcome these shortcomings, we formalize MinEntropy and BeliefMinEntropy in higherorder logic and use them to perform information flow analysis within the sound core of the HOL theorem prover. For illustration purposes, we use our formalization to evaluate the information leakage of a cascade of channels in HOL.
Functions Contractual Date of Delivery to the CEC: 1Apr2013 Actual Date of Delivery to the CEC: 20Mar2013 Organisation name of lead contractor for this deliverable: INR
, 2013
"... This paper introduces gleakage, a rich generalization of the minentropy model of quantitative information flow. In gleakage, the benefit that an adversary derives from a certain guess about a secret is specified using a gain function g. Gain functions allow a wide variety of operational scenarios ..."
Abstract
 Add to MetaCart
(Show Context)
This paper introduces gleakage, a rich generalization of the minentropy model of quantitative information flow. In gleakage, the benefit that an adversary derives from a certain guess about a secret is specified using a gain function g. Gain functions allow a wide variety of operational scenarios to be modeled, including those where the adversary benefits from guessing a value close to the secret, guessing a part of the secret, guessing a property of the secret, or guessing the secret within some number of tries. We prove important properties of gleakage, including bounds between mincapacity, gcapacity, and Shannon capacity. We also show a deep connection between a strong leakage ordering on two channels, C1 and C2, and the possibility of factoring C1 into C2C3, for some C3. Based on this connection, we propose a generalization of the Lattice of Information from deterministic to probabilistic channels. Note: This deliverable is based on material that has been published in the proceedings of the 25th IEEE Computer Security