Quantitative information flow-verification hardness and possibilities

Proceedings - IEEE Computer Security Foundations Symposium

Volumn , Issue , 2010, Pages 15-27

  Hirotoshi, Yasuoka ^a   Tachio, Terauchi ^a  

^a TOHOKU UNIVERSITY   (Japan)

Author keywords

[No Author keywords available]

Indexed keywords

BOOLEAN PROGRAMS; COMPOSITION TECHNIQUE; FORMAL DEFINITION; MIN-ENTROPY; NON INTERFERENCE; QUANTITATIVE INFORMATION; SAFETY PROBLEMS; SAFETY PROPERTY; SHANNON ENTROPY;

ENTROPY; HARDNESS; INFORMATION THEORY; SECURITY SYSTEMS;

STRUCTURED PROGRAMMING;

EID: 77957590642     PISSN: 19401434     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSF.2010.9     Document Type: Conference Paper

References (34)

1. M. Backes, B. Köpf, and A. Rybalchenko. Automatic discovery and quantification of information leaks. In IEEE Symposium on Security and Privacy, pages 141-153. IEEE Computer Society, 2009.
2. T. Ball and S. K. Rajamani. The SLAM project: debugging system software via static analysis. In POPL, pages 1-3, 2002.
3. G. Barthe, P. R. D'Argenio, and T. Rezk. Secure information flow by self-composition. In CSFW, pages 100-114. IEEE Computer Society, 2004.
4. D. Beyer, T. A. Henzinger, R. Jhala, and R. Majumdar. The software model checker Blast. STTT, 9(5-6):505-525, 2007.
5. D. Clark, S. Hunt, and P. Malacaria. Quantified interference for a while language. Electr. Notes Theor. Comput. Sci., 112:149-166, 2005.
6. D. Clark, S. Hunt, and P. Malacaria. Quantitative information flow, relations and polymorphic types. J. Log. Comput., 15(2):181-199, 2005.
7. D. Clark, S. Hunt, and P. Malacaria. A static analysis for quantifying information flow in a simple imperative language. Journal of Computer Security, 15(3):321-371, 2007.
8. M. R. Clarkson, A. C. Myers, and F. B. Schneider. Belief in information flow. In CSFW, pages 31-45. IEEE Computer Society, 2005.
9. M. R. Clarkson and F. B. Schneider. Hyperproperties. In CSF, pages 51-65. IEEE Computer Society, 2008.
10. E. S. Cohen. Information transmission in computational systems. In SOSP, pages 133-139, 1977.
11. Á . Darvas, R. Hähnle, and D. Sands. A theorem proving approach to analysis of secure information flow. In D. Hutter and M. Ullmann, editors, SPC, volume 3450 of Lecture Notes in Computer Science, pages 193-209. Springer, 2005.
12. D. E. R. Denning. Cryptography and data security. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 1982.
13. C. Flanagan and J. B. Saxe. Avoiding exponential explosion: generating compact verification conditions. In POPL, pages 193-205, 2001.
14. J. A. Goguen and J. Meseguer. Security policies and security models. In IEEE Symposium on Security and Privacy, pages 11-20, 1982.
15. T. A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In POPL, pages 58-70, 2002.
16. B. K̈opf and D. A. Basin. An information-theoretic model for adaptive side-channel attacks. In P. Ning, S. D. C. di Vimercati, and P. F. Syverson, editors, ACM Conference on Computer and Communications Security, pages 286-296. ACM, 2007.
17. K. R. M. Leino. Efficient weakest preconditions. Inf. Process. Lett., 93(6):281-288, 2005.
18. P. Li and S. Zdancewic. Downgrading policies and relaxed noninterference. In J. Palsberg and M. Abadi, editors, POPL, pages 158-170. ACM, 2005.
19. P. Malacaria. Assessing security threats of looping constructs. In M. Hofmann and M. Felleisen, editors, POPL, pages 225- 235. ACM, 2007.
20. P. Malacaria and H. Chen. Lagrange multipliers and maximum information leakage in different observational models. In Ú . Erlingsson and M. Pistoia, editors, PLAS, pages 135- 146. ACM, 2008.
21. J. L. Massey. Guessing and entropy. In ISIT '94: Proceedings of the 1994 IEEE International Symposium on Information Theory, page 204, 1994.
22. S. McCamant and M. D. Ernst. Quantitative information flow as network flow capacity. In R. Gupta and S. P. Amarasinghe, editors, PLDI, pages 193-205. ACM, 2008.
23. J. McLean. A general theory of composition for trace sets closed under selective interleaving functions. In SP '94: Proceedings of the 1994 IEEE Symposium on Security and Privacy, page 79, Washington, DC, USA, 1994. IEEE Computer Society.
24. K. L. McMillan. Lazy abstraction with interpolants. In T. Ball and R. B. Jones, editors, CAV, volume 4144 of Lecture Notes in Computer Science, pages 123-136. Springer, 2006.
25. D. A. Naumann. From coupling relations to mated invariants for checking information flow. In Computer Security - ESORICS 2006, 11th European Symposium on Research in Computer Security, Proceedings, pages 279-296, Hamburg, Germany, Sept. 2006.
26. J. Newsome, S. McCamant, and D. Song. Measuring channel capacity to distinguish undue influence. In S. Chong and D. A. Naumann, editors, PLAS, pages 73-85. ACM, 2009.
27. A. Sabelfeld and A. C. Myers. A model for delimited information release. In K. Futatsugi, F. Mizoguchi, and N. Yonezaki, editors, ISSS, volume 3233 of Lecture Notes in Computer Science, pages 174-191. Springer, 2003.
28. C. Shannon. A mathematical theory of communication. Bell System Technical Journal, 27:379-423, 623-656, 1948.
29. G. Smith. On the foundations of quantitative information flow. In L. de Alfaro, editor, FOSSACS, volume 5504 of Lecture Notes in Computer Science, pages 288-302. Springer, 2009.
30. T. Terauchi and A. Aiken. Secure information flow as a safety problem. In C. Hankin and I. Siveroni, editors, SAS, volume 3672 of Lecture Notes in Computer Science, pages 352-367. Springer, 2005.
31. S. Toda. PP is as hard as the polynomial-time hierarchy. SIAM J. Comput., 20(5):865-877, 1991.
32. H. Unno, N. Kobayashi, and A. Yonezawa. Combining type-based analysis and model checking for finding counterexamples against non-interference. In V. C. Sreedhar and S. Zdancewic, editors, PLAS, pages 17-26. ACM, 2006.
33. D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(3):167- 187, 1996.
34. H. Yasuoka and T. Terauchi. Quantitative information flow - verification hardness and possibilities, 2010. http://www.kb.ecei.tohoku.ac.jp/̃yasuoka.