Title :
Probabilistic Point-to-Point Information Leakage
Author :
Chothia, Tom ; Kawamoto, Yasutaka ; Novakovic, Chris ; Parker, Dennis
Author_Institution :
Sch. of Comput. Sci., Univ. of Birmingham, Birmingham, UK
Abstract :
The outputs of a program that processes secret data may reveal information about the values of these secrets. This paper develops an information leakage model that can measure the leakage between arbitrary points in a probabilistic program. Our aim is to create a model of information leakage that makes it convenient to measure specific leaks, and provide a tool that may be used to investigate a program´s information security. To make our leakage model precise, we base our work on a simple probabilistic, imperative language in which secret values may be specified at any point in the program; other points in the program may then be marked as potential sites of information leakage. We extend our leakage model to address both non-terminating programs (with potentially infinite numbers of secret and observable values) and user input. Finally, we show how statistical approximation techniques can be used to estimate our leakage measure in real-world Java programs.
Keywords :
approximation theory; security of data; statistical analysis; Java program; imperative language; information security; nonterminating program; probabilistic point-to-point information leakage; statistical approximation technique; Computational modeling; Face; Markov processes; Probabilistic logic; Probability distribution; Semantics; Standards; information leakage; non-termination; probabilistic language;
Conference_Titel :
Computer Security Foundations Symposium (CSF), 2013 IEEE 26th
Conference_Location :
New Orleans, LA
DOI :
10.1109/CSF.2013.20
