Top

Published in:

2017 | OriginalPaper | Chapter

A Better Composition Operator for Quantitative Information Flow Analyses

Author : Kai Engelhardt

Published in: Computer Security – ESORICS 2017

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Given a description of the quantitative information flow (qif) for components, how can we determine the qif of a system composed from components? We explore this fundamental question mathematically and provide an answer based on a new composition operator. We investigate its properties and prove that it generalises existing composition operators. We illustrate the results with a fresh look on Chaum’s dining cryptographers. We show that the new operator enjoys various convenient algebraic properties and that it is well-behaved under composition refinement.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter AVR Processors as a Platform for Language-Based Security

next chapter Analyzing the Capabilities of the CAN Attacker

Available only for authorised users

Proofs are given in the Appendix.

and then discovered by Geoffrey Smith to be already contained in [5].

Agat, J.: Transforming out timing leaks. In: Wegman, M.N., Reps, T.W. (eds.) POPL 2000, Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Boston, Massachusetts, USA, 19–21 January, 2000, pp. 40–53. ACM (2000), http://doi.acm.org/10.1145/325694.325702

Alvim, M.S., Chatzikokolakis, K., Palamidessi, C., Smith, G.: Measuring information leakage using generalized gain functions. In: Chong, S. (ed.) 25th IEEE Computer Security Foundations Symposium, CSF 2012, Cambridge, MA, USA, 25–27 June 2012, pp. 265–279. IEEE Computer Society (2012), http://dx.doi.org/10.1109/CSF.2012.26

Barthe, G., Köpf, B.: Information-theoretic bounds for differentially private mechanisms. In: Proceedings of the 2011 IEEE 24th Computer Security Foundations Symposium, CSF 2011, pp. 191–204 (2011), http://dx.doi.org/10.1109/CSF.2011.20

Barthe, G., Rezk, T., Warnier, M.: Preventing timing leaks through transactional branching instructions. In: Cerone, A., Wiklicky, H. (eds.) Proceedings of the Third Workshop on Quantitative Aspects of Programming Languages (QAPL 2005). ENTCS, vol. 153(2), pp. 33–55 (2006), https://doi.org/10.1016/j.entcs.2005.10.031

Blackwell, D.: Comparison of experiments. In: Neyman, J. (ed.) Proceedings of the Second Berkeley Symposium on Mathematical Statistics and Probability, pp. 93–102. Univ. of Calif. Press (1951), http://projecteuclid.org/euclid.bsmsp/1200500222

Braun, C., Chatzikokolakis, K., Palamidessi, C.: Quantitative notions of leakage for one-try attacks. In: Proceedings of the 25th Conference on Mathematical Foundations of Programming Semantics (MFPS 2009). ENTCS, vol. 249, pp. 75–91 (2009), http://dx.doi.org/10.1016/j.entcs.2009.07.085

Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. J. Crypto. 1(1), 65–75 (1988)MathSciNetCrossRefMATH

Clarkson, M.R., Myers, A.C., Schneider, F.B.: Belief in information flow. In: 18th IEEE Computer Security Foundations Workshop, (CSFW-18 2005), 20–22, Aix-en-Provence, France, pp. 31–45. IEEE Computer Society (2005), http://dx.doi.org/10.1109/CSFW.2005.10

Clarkson, M.R., Myers, A.C., Schneider, F.B.: Quantifying information flow with beliefs. J. Comput. Secur. 17(5), 655–701 (2009), http://dx.doi.org/10.3233/JCS-2009-0353

10.

Espinoza, B., Smith, G.: Min-entropy as a resource. Inf. Comput., 226, 57–75 (2013). Blakey, Coecke, B., Mislove, M., Pavlovic, D.: Information Security as a Resource (special Issue), http://dx.doi.org/10.1016/j.ic.2013.03.005

11.

Fagin, R., Halpern, J.Y., Moses, Y., Vardi, M.Y.: Reasoning About Knowledge. MIT-Press (1995)

12.

Goguen, J.A., Meseguer, J.: Security policies and security models. In: 1982 IEEE Symposium on Security and Privacy, Oakland, CA, USA, 26–28 April 1982, pp. 11–20 (1982), http://ieeexplore.ieee.org/document/6234468

13.

Gray III., J.W., Syverson, P.F.: A logical approach to multilevel security of probabilistic systems. Distrib. Comput. 11(2), 73–90 (1998), http://dx.doi.org/10.1007/s004460050043

14.

Halpern, J.Y., O’Neill, K.R.: Secrecy in multiagent systems. ACM Trans. Inf. Syst. Secur. (TISSEC) 12(1), 5 (2008)

15.

Halpern, J.Y., Tuttle, M.R.: Knowledge, probability, and adversaries. J. ACM 40(4), 917–960 (1993), http://doi.acm.org/10.1145/153724.153770

16.

Kawamoto, Y., Chatzikokolakis, K., Palamidessi, C.: Compositionality results for quantitative information flow. In: Norman, G., Sanders, W. (eds.) QEST 2014. LNCS, vol. 8657, pp. 368–383. Springer, Cham (2014). doi:10.1007/978-3-319-10696-0_28

17.

Kawamoto, Y., Chatzikokolakis, K., Palamidessi, C.: On the compositionality of quantitative information flow. CoRR abs/1611.00455 (2016), http://arxiv.org/abs/1611.00455

18.

Kumar, R., Myreen, M.O., Norrish, M., Owens, S.: CakeML: a verified implementation of ML. In: Jagannathan, S., Sewell, P. (eds.) The 41st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2014, San Diego, CA, USA, 20–21 January 2014, pp. 179–192. ACM (2014), http://doi.acm.org/10.1145/2535838.2535841

19.

Leroy, X.: Formal verification of a realistic compiler. Commun. ACM 52(7), 107–115 (2009), http://doi.acm.org/10.1145/1538788.1538814

20.

Mantel, H.: Preserving information flow properties under refinement. In: 2001 IEEE Symposium on Security and Privacy, Oakland, California, USA, 14–16 May 2001, pp. 78–91. IEEE Computer Society (2001), http://dx.doi.org/10.1109/SECPRI.2001.924289

21.

McIver, A., Meinicke, L., Morgan, C.: Compositional closure for bayes risk in probabilistic noninterference. In: Abramsky, S., Gavoille, C., Kirchner, C., Meyer auf der Heide, F., Spirakis, P.G. (eds.) ICALP 2010. LNCS, vol. 6199, pp. 223–235. Springer, Heidelberg (2010). doi:10.1007/978-3-642-14162-1_19 CrossRef

22.

McIver, A., Meinicke, L., Morgan, C.: Hidden-Markov program algebra with iteration. Math. Struct. Comput. Sci. 25(2), 320–360 (2015), https://doi.org/10.1017/S0960129513000625

23.

McIver, A., Morgan, C., Rabehaja, T.M.: Abstract hidden Markov models: a monadic account of quantitative information flow. In: 30th Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2015, Kyoto, Japan, 6–10 July 2015, pp. 597–608. IEEE Computer Society (2015), https://doi.org/10.1109/LICS.2015.61

24.

McIver, A., Morgan, C., Smith, G., Espinoza, B., Meinicke, L.: Abstract channels and their robust information-leakage ordering. In: Abadi, M., Kremer, S. (eds.) POST 2014. LNCS, vol. 8414, pp. 83–102. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54792-8_5 CrossRef

25.

McIver, A., Rabehaja, T.M., Struth, G.: Probabilistic rely-guarantee calculus (v3). CoRR abs/1409.0582 (2015), http://arxiv.org/abs/1409.0582

26.

Murray, T.C., Sison, R., Pierzchalski, E., Rizkallah, C.: Compositional verification and refinement of concurrent value-dependent noninterference. In: IEEE 29th Computer Security Foundations Symposium, CSF 2016, Lisbon, Portugal, 27 June–1 July 2016, pp. 417–431. IEEE Computer Society (2016), http://dx.doi.org/10.1109/CSF.2016.36

27.

Smith, G.: Recent developments in quantitative information flow (invited tutorial). In: Proceedings of the 2015 30th Annual ACM/IEEE Symposium on Logic in Computer Science (LICS), LICS 2015, pp. 23–31 (2015), http://dx.doi.org/10.1109/LICS.2015.13

Title: A Better Composition Operator for Quantitative Information Flow Analyses
Author: Kai Engelhardt
Publisher: Springer International Publishing
Book: Computer Security – ESORICS 2017
Print ISBN: 978-3-319-66401-9

Electronic ISBN: 978-3-319-66402-6

Copyright Year: 2017
DOI: https://doi.org/10.1007/978-3-319-66402-6_26

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner