QUAIL: A Quantitative Security Analyzer for Imperative Code

Abstract : Quantitative security analysis evaluates and compares how effectively a system protects its secret data. We introduce QUAIL, the first tool able to perform an arbitrary-precision quantitative analysis of the security of a system depending on private information. QUAIL builds a Markov Chain model of the system's behavior as observed by an attacker, and computes the correlation between the system's observable output and the behavior depending on the private information, obtaining the expected amount of bits of the secret that the attacker will infer by observing the system. QUAIL is able to evaluate the safety of randomized protocols depending on secret data, allowing to verify a security protocol's effectiveness. We experiment with a few examples and show that QUAIL's security analysis is more accurate and revealing than results of other tools.
Type de document :
Communication dans un congrès
Natasha Sharygina; Helmut Veith. CAV 2013 - 25th International Conference on Computer Aided Verification, Jul 2013, Saint Petersburg, Russia. Springer, 8044, pp.702-707, 2013, LNCS - Lecture Notes in Computer Science. 〈10.1007/978-3-642-39799-8_49〉
Liste complète des métadonnées

Littérature citée [21 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01242615
Contributeur : Fabrizio Biondi <>
Soumis le : dimanche 13 décembre 2015 - 14:40:58
Dernière modification le : mercredi 16 mai 2018 - 11:24:07
Document(s) archivé(s) le : samedi 29 avril 2017 - 12:55:36

Fichier

main.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Fabrizio Biondi, Axel Legay, Louis-Marie Traonouez, Andrzej Wasowski. QUAIL: A Quantitative Security Analyzer for Imperative Code. Natasha Sharygina; Helmut Veith. CAV 2013 - 25th International Conference on Computer Aided Verification, Jul 2013, Saint Petersburg, Russia. Springer, 8044, pp.702-707, 2013, LNCS - Lecture Notes in Computer Science. 〈10.1007/978-3-642-39799-8_49〉. 〈hal-01242615〉

Partager

Métriques

Consultations de la notice

386

Téléchargements de fichiers

88