Journal ArticleDOI
Quantitative Information Flow, Relations and Polymorphic Types
TLDR
With this presentation, it is shown how relational parametricity can be used to derive upper and lower bounds on information flows through families of functions defined in the second-order lambda calculus.Abstract:
This paper uses Shannon's information theory to give a quantitative definition of information flow in systems that transform inputs to outputs. For deterministic systems, the definition is shown to specialize to a simpler form when the information source and the known inputs jointly determine all inputs uniquely. For this special case, the definition is related to the classical security condition of non-interference and an equivalence is established between non-interference and independence of random variables. Quantitative information flow for deterministic systems is then presented in relational form. With this presentation, it is shown how relational parametricity can be used to derive upper and lower bounds on information flows through families of functions defined in the second-order lambda calculus.read more
Citations
More filters
Book ChapterDOI
On the Foundations of Quantitative Information Flow
TL;DR: This paper argues that the consensus definitions of Shannon entropy actually fail to give good security guarantees, and explores an alternative foundation based on a concept of vulnerability and which measures uncertainty using Renyi's min-entropy , rather than Shannon entropy.
Proceedings ArticleDOI
An information-theoretic model for adaptive side-channel attacks
Boris Köpf,David Basin +1 more
TL;DR: A model of adaptive side-channel attacks which is combined with information-theoretic metrics to quantify the information revealed to an attacker is presented, which allows an attacker's remaining uncertainty about a secret as a function of the number of side- channel measurements made.
Proceedings ArticleDOI
Automatic Discovery and Quantification of Information Leaks
TL;DR: This work presents the first automatic method for information-flow analysis that discovers what information is leaked and computes its comprehensive quantitative interpretation, which includes all established information-theoretic measures in quantitative information- flow.
Journal ArticleDOI
Assessing security threats of looping constructs
TL;DR: The first precise information-theoretic semantics of looping constructs is provided, which describes both the amount and rate of leakage; if either is small enough, then a program might be deemed "secure".
Journal ArticleDOI
Quantitative Notions of Leakage for One-try Attacks
TL;DR: This paper considers and compares two different possibilities of defining the leakage, based on the Bayes risk, a concept related to Renyi min-entropy.
References
More filters
Journal ArticleDOI
A mathematical theory of communication
TL;DR: This final installment of the paper considers the case where the signals or the messages or both are continuously variable, in contrast with the discrete nature assumed until now.
Book
Elements of information theory
Thomas M. Cover,Joy A. Thomas +1 more
TL;DR: The author examines the role of entropy, inequality, and randomness in the design of codes and the construction of codes in the rapidly changing environment.
Journal ArticleDOI
A theory of type polymorphism in programming
TL;DR: This work presents a formal type discipline for polymorphic procedures in the context of a simple programming language, and a compile time type-checking algorithm w which enforces the discipline.
Proceedings ArticleDOI
Security Policies and Security Models
Joseph A. Goguen,José Meseguer +1 more
TL;DR: The reader is familiar with the ubiquity of information in the modern world and is sympathetic with the need for restricting rights to read, add, modify, or delete information in specific contexts.
Journal ArticleDOI
Language-based information-flow security
Andrei Sabelfeld,Andrew C. Myers +1 more
TL;DR: A structured view of research on information-flow security is given, particularly focusing on work that uses static program analysis to enforce information- flow policies, and some important open challenges are identified.