Abstract
The outputs of a program that processes secret data may reveal information about the values of these secrets. This paper develops an information leakage model that can measure the leakage between arbitrary points in a probabilistic program. Our aim is to create a model of information leakage that makes it convenient to measure specific leaks, and provide a tool that may be used to investigate a program's information security. To make our leakage model precise, we base our work on a simple probabilistic, imperative language in which secret values may be specified at any point in the program; other points in the program may then be marked as potential sites of information leakage. We extend our leakage model to address both non-terminating programs (with potentially infinite numbers of secret and observable values) and user input. Finally, we show how statistical approximation techniques can be used to estimate our leakage measure in real-world Java programs.
Original language | English |
---|---|
Title of host publication | Proceedings - 2013 IEEE 26th Computer Security Foundations Symposium, CSF 2013 |
Pages | 193-205 |
Number of pages | 13 |
DOIs | |
Publication status | Published - 9 Oct 2013 |
Event | 2013 IEEE 26th Computer Security Foundations Symposium, CSF 2013 - New Orleans, LA, United States Duration: 26 Jun 2013 → 28 Jun 2013 |
Conference
Conference | 2013 IEEE 26th Computer Security Foundations Symposium, CSF 2013 |
---|---|
Country/Territory | United States |
City | New Orleans, LA |
Period | 26/06/13 → 28/06/13 |
Keywords
- information leakage
- non-termination
- probabilistic language
ASJC Scopus subject areas
- Software