What's the Over/Under? Probabilistic Bounds on Information Leakage
نویسندگان
چکیده
Quantitative information flow (QIF) is concerned with measuring how much of a secret is leaked to an adversary who observes the result of a computation that uses it. Prior work has shown that QIF techniques based on abstract interpretation with probabilistic polyhedra can be used to analyze the worst-case leakage of a query, on-line, to determine whether that query can be safely answered. While this approach can provide precise estimates, it does not scale well. This paper shows how to solve the scalability problem by augmenting the baseline technique with sampling and symbolic execution. We prove that our approach never underestimates a query’s leakage (it is sound), and detailed experimental results show that we can match the precision of the baseline technique but with orders of magnitude better performance.
منابع مشابه
Multi-granulation fuzzy probabilistic rough sets and their corresponding three-way decisions over two universes
This article introduces a general framework of multi-granulation fuzzy probabilistic roughsets (MG-FPRSs) models in multi-granulation fuzzy probabilistic approximation space over twouniverses. Four types of MG-FPRSs are established, by the four different conditional probabilitiesof fuzzy event. For different constraints on parameters, we obtain four kinds of each type MG-FPRSs...
متن کاملRobust Privacy-Utility Tradeoffs under Differential Privacy and Hamming Distortion
A privacy utility tradeoff is developed for any arbitrary set of finite-alphabet source distributions. Privacy is quantified using differential privacy (DP), and utility is quantified using expected Hamming distortion maximized over the set of distributions. The family of source distribution sets (source sets) is categorized into three classes, based on different levels of prior knowledge they ...
متن کاملQuantitative analysis of secure information flow via probabilistic semantics Technical Report: TR-08-08
We present an automatic analyzer for measuring information flow within software systems. In this paper, we quantify leakage in terms of information theory and incorporate this computation into probabilistic semantics. Our semantic functions provide information flow measurement for programs given secure inputs under any probability distribution. The major contribution is a automatically quantita...
متن کاملInformation Leakage of Heterogeneous Encoded Correlated Sequences over Eavesdropped Channel
Correlated sources are present in communication systems where protocols ensure that there is some predetermined information for sources. Here correlated sources across an eavesdropped channel that incorporate a heterogeneous encoding scheme and their effect on the information leakage when some channel information and a source have been wiretapped is investigated. The information leakage bounds ...
متن کاملRisk Assessment of Buffer “Heartbleed” Over-read Vulnerabilities (Practical Experience Report)
Buffer over-read vulnerabilities (e.g., Heartbleed) can lead to serious information leakage and monetary lost. Most of previous approaches focus on buffer overflow (i.e., overwrite), which are either infeasible (e.g., canary) or impractical (e.g., bounds checking) in dealing with over-read vulnerabilities. As an emerging type of vulnerability, people need in-depth understanding of buffer over-r...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1802.08234 شماره
صفحات -
تاریخ انتشار 2017