Skip to Main content Skip to Navigation
Conference papers

QUAIL: A Quantitative Security Analyzer for Imperative Code

Fabrizio Biondi 1 Axel Legay 1 Louis-Marie Traonouez 1 Andrzej Wasowski 2 
1 ESTASYS - Efficient STAtistical methods in SYstems of systems
Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : Quantitative security analysis evaluates and compares how effectively a system protects its secret data. We introduce QUAIL, the first tool able to perform an arbitrary-precision quantitative analysis of the security of a system depending on private information. QUAIL builds a Markov Chain model of the system's behavior as observed by an attacker, and computes the correlation between the system's observable output and the behavior depending on the private information, obtaining the expected amount of bits of the secret that the attacker will infer by observing the system. QUAIL is able to evaluate the safety of randomized protocols depending on secret data, allowing to verify a security protocol's effectiveness. We experiment with a few examples and show that QUAIL's security analysis is more accurate and revealing than results of other tools.
Document type :
Conference papers
Complete list of metadata

Cited literature [21 references]  Display  Hide  Download
Contributor : Fabrizio Biondi Connect in order to contact the contributor
Submitted on : Sunday, December 13, 2015 - 2:40:58 PM
Last modification on : Friday, August 5, 2022 - 12:35:03 PM
Long-term archiving on: : Saturday, April 29, 2017 - 12:55:36 PM


Files produced by the author(s)



Fabrizio Biondi, Axel Legay, Louis-Marie Traonouez, Andrzej Wasowski. QUAIL: A Quantitative Security Analyzer for Imperative Code. CAV 2013 - 25th International Conference on Computer Aided Verification, Jul 2013, Saint Petersburg, Russia. pp.702-707, ⟨10.1007/978-3-642-39799-8_49⟩. ⟨hal-01242615⟩



Record views


Files downloads