Dynamic leakage - a need for a new quantitative information flow measure

Nataliia Bielova 1
1 INDES - Secure Diffuse Programming
CRISAM - Inria Sophia Antipolis - Méditerranée
Abstract : A number of measures for quantifying information leakage of a program have been proposed. Most of these measures evaluate a program as a whole by quantifying how much information can be leaked on average by different program outputs. While these measures perfectly fit for static program analyses, they cannot be used by dynamic analyses since they do not specify what information an attacker learns through observing one concrete program output. In this paper we study the existing definitions of quantitative information flow. Our goal is to find the definition of dynamic leakage – it should evaluate how much information an attacker learns when she observes one program output. Surprisingly, we find out that none of the existing definitions provide a suitable measure for dynamic leakage. We hence open a new research question in quantitative information flow area: which definition of dynamic leakage is suitable?
Complete list of metadatas

Cited literature [21 references]  Display  Hide  Download

https://hal.inria.fr/hal-01409706
Contributor : Nataliia Bielova <>
Submitted on : Tuesday, December 13, 2016 - 5:03:54 PM
Last modification on : Thursday, January 11, 2018 - 4:48:03 PM

Annex

Identifiers

Collections

Citation

Nataliia Bielova. Dynamic leakage - a need for a new quantitative information flow measure. Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, Oct 2016, Vienna, Austria. pp.83-88, ⟨10.1145/2993600.2993607⟩. ⟨hal-01409706⟩

Share

Metrics

Record views

162

Files downloads

47