Abstract
The quantification of information leakage provides a quantitative evaluation of the security of a system. We propose the usage of Markovian processes to model and analyze the information leakage of deterministic and probabilistic systems. We show that this method generalizes the lattice of information approach and is a natural framework for modeling refined attackers capable to observe the internal behavior of the system. We also use our method to obtain an algorithm for the computation of channel capacity from our Markovian models. Finally, we show how to use the method to analyze timed and non-timed attacks on the Onion Routing protocol.
The research presented in this paper has been partially supported by MT-LAB, a VKR Centre of Excellence for the Modelling of Information Technology.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Malacaria, P.: Algebraic foundations for information theoretical, probabilistic and guessability measures of information flow. CoRR abs/1101.3453 (2011)
Clark, D., Hunt, S., Malacaria, P.: A static analysis for quantifying information flow in a simple imperative language. Journal of Computer Security 15, 321–371 (2007)
Heusser, J., Malacaria, P.: Quantifying information leaks in software. In: Gates, C., Franz, M., McDermott, J.P. (eds.) ACSAC, pp. 261–269. ACM (2010)
Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: Anonymity protocols as noisy channels. Inf. Comput. 206, 378–401 (2008)
Chen, H., Malacaria, P.: Quantifying maximal loss of anonymity in protocols. In: Li, W., Susilo, W., Tupakula, U.K., Safavi-Naini, R., Varadharajan, V. (eds.) ASIACCS, pp. 206–217. ACM (2009)
Köpf, B., Smith, G.: Vulnerability bounds and leakage resilience of blinded cryptography under timing attacks. In: CSF, pp. 44–56. IEEE Computer Society (2010)
Köpf, B., Basin, D.A.: An information-theoretic model for adaptive side-channel attacks. In: Ning, P., di Vimercati, S.D.C., Syverson, P.F. (eds.) ACM Conference on Computer and Communications Security, pp. 286–296. ACM (2007)
Millen, J.K.: Covert channel capacity. In: IEEE Symposium on Security and Privacy, pp. 60–66 (1987)
Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Onion routing. Commun. ACM 42, 39–41 (1999)
Murdoch, S.J., Danezis, G.: Low-cost traffic analysis of tor. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, SP 2005, pp. 183–195. IEEE Computer Society, Washington, DC (2005)
Abbott, T.G., Lai, K.J., Lieberman, M.R., Price, E.C.: Browser-Based Attacks on Tor. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 184–199. Springer, Heidelberg (2007)
Cover, T., Thomas, J.: Elements of information theory. Wiley, New York (1991)
Shannon, C.E.: A mathematical theory of communication. The Bell System Technical Journal 27, 379–423 (1948)
Biondi, F., Legay, A., Nielsen, B.F., Wąsowski, A.: Maximizing entropy over markov processes (2012) (under review), http://www.itu.dk/people/fbio/maxent.pdf
Landauer, J., Redmond, T.: A lattice of information. In: CSFW, pp. 65–70 (1993)
Winskel, G.: The formal semantics of programming languages - an introduction. Foundation of computing series. MIT Press (1993)
Malacaria, P.: Risk assessment of security threats for looping constructs. Journal of Computer Security 18, 191–228 (2010)
Malacaria, P., Chen, H.: Lagrange multipliers and maximum information leakage in different observational models. In: Erlingsson, Ã., Pistoia, M. (eds.) PLAS, pp. 135–146. ACM (2008)
Alvim, M.S., Andrés, M.E., Palamidessi, C.: Quantitative information flow in interactive systems. Journal of Computer Security 20, 3–50 (2012)
Chen, H., Malacaria, P.: The Optimum Leakage Principle for Analyzing Multi-threaded Programs. In: Kurosawa, K. (ed.) ICITS 2009. LNCS, vol. 5973, pp. 177–193. Springer, Heidelberg (2010)
Köpf, B., Mauborgne, L., Ochoa, M.: Automatic Quantification of Cache Side-Channels. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 564–580. Springer, Heidelberg (2012)
Alvim, M.S., Chatzikokolakis, K., Palamidessi, C., Smith, G.: Measuring information leakage using generalized gain functions. In: CSF (2012)
Preda, M.D., Giacobazzi, R.: Semantics-based code obfuscation by abstract interpretation. Journal of Computer Security 17, 855–908 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Biondi, F., Legay, A., Malacaria, P., Wąsowski, A. (2013). Quantifying Information Leakage of Randomized Protocols. In: Giacobazzi, R., Berdine, J., Mastroeni, I. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2013. Lecture Notes in Computer Science, vol 7737. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35873-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-35873-9_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35872-2
Online ISBN: 978-3-642-35873-9
eBook Packages: Computer ScienceComputer Science (R0)