Probabilistic point-to-point information leakage

Tom Chothia, Yusuke Kawamoto, Chris Novakovic, David Parker

Research output: Chapter in Book/Report/Conference proceedingConference contribution

20 Citations (Scopus)


The outputs of a program that processes secret data may reveal information about the values of these secrets. This paper develops an information leakage model that can measure the leakage between arbitrary points in a probabilistic program. Our aim is to create a model of information leakage that makes it convenient to measure specific leaks, and provide a tool that may be used to investigate a program's information security. To make our leakage model precise, we base our work on a simple probabilistic, imperative language in which secret values may be specified at any point in the program; other points in the program may then be marked as potential sites of information leakage. We extend our leakage model to address both non-terminating programs (with potentially infinite numbers of secret and observable values) and user input. Finally, we show how statistical approximation techniques can be used to estimate our leakage measure in real-world Java programs.

Original languageEnglish
Title of host publicationProceedings - 2013 IEEE 26th Computer Security Foundations Symposium, CSF 2013
Number of pages13
Publication statusPublished - 9 Oct 2013
Event2013 IEEE 26th Computer Security Foundations Symposium, CSF 2013 - New Orleans, LA, United States
Duration: 26 Jun 201328 Jun 2013


Conference2013 IEEE 26th Computer Security Foundations Symposium, CSF 2013
Country/TerritoryUnited States
CityNew Orleans, LA


  • information leakage
  • non-termination
  • probabilistic language

ASJC Scopus subject areas

  • Software


Dive into the research topics of 'Probabilistic point-to-point information leakage'. Together they form a unique fingerprint.

Cite this