Quantitative analysis of the leakage of confidential data

Article English OPEN
Hunt, S. ; Clark, D. ; Malacaria, P. (2002)
  • Publisher: Elsevier
  • Journal: Electronic Notes in Theoretical Computer Science (issn: 1571-0661, vol: 59, pp: 238-251)
  • Related identifiers: doi: 10.1016/S1571-0661(04)00290-7
  • Subject: Theoretical Computer Science | Computer Science(all) | QA75

Basic information theory is used to analyse the amount of confidential information which may be leaked by programs written in a very simple imperative language. In particular, a detailed analysis is given of the possible leakage due to equality tests and if statements. The analysis is presented as a set of syntax-directed inference rules and can readily be automated.
  • References (9)

    [Den82] D. E. R. Denning. Cryptography and Data Security. Addison-Wesley, 1982.

    [LF89] Richard L.Burden and J. Douglas Faires. Numerical Analysis. PWSKENT, 1989. ISBN 0-534-93219-3.

    [Mas94] James L. Massey. Guessing and entropy. In Proc. IEEE International Symposium on Information Theory, Trondheim, Norway, 1994.

    [Mil87] Jonathan Millen. Covert channel capacity. In Proc. 1987 IEEE Symposium on Research in Security and Privacy. IEEE Computer Society Press, 1987.

    [Sha48] Claude Shannon. A mathematical theory of communication. The Bell System Technical Journal, 27:379-423 and 623-656, July and October 1948. Available online at http://cm.bell-labs.com/cm/ms/what/shannonday/paper.html.

    [SS99] Andrei Sabelfeld and David Sands. A per model of secure information flow in sequential programs. In Proc. European Symposium on Programming, Amsterdam, The Netherlands, March 1999. ACM Press.

    [SS00] Andrei Sabelfeld and David Sands. Probabilistic noninterference for multithreaded programs. In Proc. 13th IEEE Computer Security Foundations Workshop, Cambridge, England, July 2000. IEEE Computer Society Press.

    [VS00] Dennis Volpano and Geoffrey Smith. Verifying secrets and relative secrecy. In Proc. 27th ACM Symposium on Principles of Programming Languages, pages 268-276, Boston MA, Jan 2000.

    [WG91] James W. Gray, III. Toward a mathematical foundation for information flow security. In Proc. 1991 IEEE Symposium on Security and Privacy, pages 21-34, Oakland, CA, May 1991.

  • Metrics
    No metrics available
Share - Bookmark