Quantitative analysis of secure information flow via probabilistic semantics Technical Report: TR-08-08
نویسندگان
چکیده
We present an automatic analyzer for measuring information flow within software systems. In this paper, we quantify leakage in terms of information theory and incorporate this computation into probabilistic semantics. Our semantic functions provide information flow measurement for programs given secure inputs under any probability distribution. The major contribution is a automatically quantitative analyzer based on the leakage definition for such a language. While-loops are handled by applying entropy of generalized distributions and relative properties in order to provide a more precise analysis with observing time.
منابع مشابه
Jensen-Shannon Divergency as a Measure of Information Flow in Reactive Processes Technical Report: TR-09-07
This paper outlines an approach for measuring information flow in reactive process descriptions with input, output, and probabilistic non-deterministic behaviours. The basic concept in our work is that the quantity of information flow is calculated by looking at the different behaviours of a high user from a low user’s observations. First, we present the probabilistic model of reactive labelled...
متن کاملUnified Platform for Secure Networked Information Systems
In this paper, we present a unified declarative platform for specifying, implementing, analyzing and auditing large-scale secure information systems. Our proposed system builds upon techniques from logic-based trust management systems, declarative networking, and data analysis via provenance. First, we propose the Secure Network Datalog (SeNDlog) language that unifies Binder, a logic-based lang...
متن کاملA Per Model of Secure Information Flow in Sequential Programs
This paper proposes an extensional semantics-based formal specification of secure information-flow properties in sequential programs based on representing degrees of security by partial equivalence relations (pers). The specification clarifies and unifies a number of specific correctness arguments in the literature, and connections to other forms of program analysis. The approach is inspired by...
متن کاملAfrl - Sr - Ar - Tr - 08 - 0525
Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for re gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments reg; of information, including suggestions for reducing this burden to Washington Headquarters Service, Directorate for Information 1215 Jefferson Dav...
متن کاملGSDLAB TECHNICAL REPORT Why CART Works for Variability-Aware Performance Prediction? An Empirical Study on Performance Distributions
This report presents follow-up work for our previous technical report “Variability-Aware Performance Modeling: A Statistical Learning Approach" (GSDLAB-TR-2012-08-18). We try to give evidence why our approach, based on a statisticallearning technique called Classification And Regression Trees (CART), works for variability-aware performance prediction. To this end, we conduct a comparative analy...
متن کامل