منابع مشابه
Precise Quantitative Information Flow Analysis Using Symbolic Model Counting
Quantitative information flow analyses (QIF) are a class of techniques for measuring the amount of confidential information leaked by a program to its public outputs. QIF analyses can be approximative or precise, offering different trade-offs. In this paper, we lift a particular limitation of precise QIF. We show how symbolic model counting replaces explicit leak enumeration with symbolic compu...
متن کاملPrecise quantitative information flow analysis - a symbolic approach
Quantitative information flow analysis (QIF) is a portfolio of software security assessment techniques measuring the amount of confidential information leaked by a program to its public outputs. In this paper, we extend the scope of precise QIF for deterministic imperative programs where information flow can be described with linear integer arithmetic. We propose two novel QIF analyses that pre...
متن کاملQuantitative Information Flow Metrics
Information flow analysis is a powerful technique for reasoning about sensitive information that may be exposed during program execution. One promising approach is to adopt a program as a communication channel model and leverage information theoretic metrics (e.g., mutual information between the sensitive input and the public output) to quantify such information flows. However, recent research ...
متن کاملComputing Information Flow Using Symbolic Model-Checking
Several measures have been proposed in literature for quantifying the information leaked by the public outputs of a program with secret inputs. We consider the problem of computing information leaked by a deterministic or probabilistic program when the measure of information is based on (a) min-entropy and (b) Shannon entropy. The key challenge in computing these measures is that we need the to...
متن کاملAlgebra for Quantitative Information Flow
A core property of program semantics is that local reasoning about program fragments remains sound even when the fragments are executed within a larger system. Mathematically this property corresponds to monotonicity of refinement : if A refines B then C(A) refines C(B) for any (valid) context defined by C(·). In other work we have studied a refines order for information flow in programs where ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: ACM SIGSOFT Software Engineering Notes
سال: 2012
ISSN: 0163-5948
DOI: 10.1145/2382756.2382791