Probabilistic point-to-point information leakage

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Colleges, School and Institutes

Abstract

The outputs of a program that processes secret data may reveal information about the values of these secrets. This paper develops an information leakage model that can measure the leakage between arbitrary points in a probabilistic program. Our aim is to create a model of information leakage that makes it convenient to measure specific leaks, and provide a tool that may be used to investigate a program's information security. To make our leakage model precise, we base our work on a simple probabilistic, imperative language in which secret values may be specified at any point in the program; other points in the program may then be marked as potential sites of information leakage. We extend our leakage model to address both non-terminating programs (with potentially infinite numbers of secret and observable values) and user input. Finally, we show how statistical approximation techniques can be used to estimate our leakage measure in real-world Java programs.

Details

Original languageEnglish
Title of host publicationProceedings - 2013 IEEE 26th Computer Security Foundations Symposium, CSF 2013
Publication statusPublished - 9 Oct 2013
Event2013 IEEE 26th Computer Security Foundations Symposium, CSF 2013 - New Orleans, LA, United States
Duration: 26 Jun 201328 Jun 2013

Conference

Conference2013 IEEE 26th Computer Security Foundations Symposium, CSF 2013
CountryUnited States
CityNew Orleans, LA
Period26/06/1328/06/13

Keywords

  • information leakage, non-termination, probabilistic language

ASJC Scopus subject areas