Experiments in information flow analysis

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionResearchpeer-review

Abstract

Designing programs that do not leak confidential information continues to be a challenge. Part of the difficulty arises when partial information leaks are inevitable, implying that design interventions can only limit rather than eliminate their impact.

We show, by example, how to gain a better understanding of the consequences of information leaks by modelling what adversaries might be able to do with any leaked information.

Our presentation is based on the theory of Quantitative Information Flow, but takes an experimental approach to explore potential vulnerabilities in program designs. We make use of the tool Kuifje [12] to interpret a small programming language in a probabilistic semantics that supports quantitative information flow analysis.
LanguageEnglish
Title of host publicationMathematics of program construction
Subtitle of host publication13th International Conference, MPC 2019, Proceedings
EditorsGraham Hutton
Place of PublicationCham
PublisherSpringer, Springer Nature
Pages1-17
Number of pages17
ISBN (Electronic)9783030336363
ISBN (Print)9783030336356
DOIs
Publication statusPublished - Oct 2019
Event13th International Conference on the Mathematics of Program Construction, MPC 2019 - Porto, Portugal
Duration: 7 Oct 20199 Oct 2019

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume11825

Conference

Conference13th International Conference on the Mathematics of Program Construction, MPC 2019
CountryPortugal
CityPorto
Period7/10/199/10/19

Fingerprint

Computer programming languages
Experiments
Semantics

Keywords

  • Quantitative Information Flow
  • Probabilistic program semantics
  • Security
  • Confidentiality

Cite this

McIver, A. (2019). Experiments in information flow analysis. In G. Hutton (Ed.), Mathematics of program construction: 13th International Conference, MPC 2019, Proceedings (pp. 1-17). (Lecture Notes in Computer Science; Vol. 11825). Cham: Springer, Springer Nature. https://doi.org/10.1007/978-3-030-33636-3_1
McIver, Annabelle. / Experiments in information flow analysis. Mathematics of program construction: 13th International Conference, MPC 2019, Proceedings. editor / Graham Hutton. Cham : Springer, Springer Nature, 2019. pp. 1-17 (Lecture Notes in Computer Science).
@inproceedings{b8356081f53043479cb2f1cf936a9214,
title = "Experiments in information flow analysis",
abstract = "Designing programs that do not leak confidential information continues to be a challenge. Part of the difficulty arises when partial information leaks are inevitable, implying that design interventions can only limit rather than eliminate their impact. We show, by example, how to gain a better understanding of the consequences of information leaks by modelling what adversaries might be able to do with any leaked information. Our presentation is based on the theory of Quantitative Information Flow, but takes an experimental approach to explore potential vulnerabilities in program designs. We make use of the tool Kuifje [12] to interpret a small programming language in a probabilistic semantics that supports quantitative information flow analysis.",
keywords = "Quantitative Information Flow, Probabilistic program semantics, Security, Confidentiality",
author = "Annabelle McIver",
year = "2019",
month = "10",
doi = "10.1007/978-3-030-33636-3_1",
language = "English",
isbn = "9783030336356",
series = "Lecture Notes in Computer Science",
publisher = "Springer, Springer Nature",
pages = "1--17",
editor = "Graham Hutton",
booktitle = "Mathematics of program construction",
address = "United States",

}

McIver, A 2019, Experiments in information flow analysis. in G Hutton (ed.), Mathematics of program construction: 13th International Conference, MPC 2019, Proceedings. Lecture Notes in Computer Science, vol. 11825, Springer, Springer Nature, Cham, pp. 1-17, 13th International Conference on the Mathematics of Program Construction, MPC 2019, Porto, Portugal, 7/10/19. https://doi.org/10.1007/978-3-030-33636-3_1

Experiments in information flow analysis. / McIver, Annabelle.

Mathematics of program construction: 13th International Conference, MPC 2019, Proceedings. ed. / Graham Hutton. Cham : Springer, Springer Nature, 2019. p. 1-17 (Lecture Notes in Computer Science; Vol. 11825).

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionResearchpeer-review

TY - GEN

T1 - Experiments in information flow analysis

AU - McIver, Annabelle

PY - 2019/10

Y1 - 2019/10

N2 - Designing programs that do not leak confidential information continues to be a challenge. Part of the difficulty arises when partial information leaks are inevitable, implying that design interventions can only limit rather than eliminate their impact. We show, by example, how to gain a better understanding of the consequences of information leaks by modelling what adversaries might be able to do with any leaked information. Our presentation is based on the theory of Quantitative Information Flow, but takes an experimental approach to explore potential vulnerabilities in program designs. We make use of the tool Kuifje [12] to interpret a small programming language in a probabilistic semantics that supports quantitative information flow analysis.

AB - Designing programs that do not leak confidential information continues to be a challenge. Part of the difficulty arises when partial information leaks are inevitable, implying that design interventions can only limit rather than eliminate their impact. We show, by example, how to gain a better understanding of the consequences of information leaks by modelling what adversaries might be able to do with any leaked information. Our presentation is based on the theory of Quantitative Information Flow, but takes an experimental approach to explore potential vulnerabilities in program designs. We make use of the tool Kuifje [12] to interpret a small programming language in a probabilistic semantics that supports quantitative information flow analysis.

KW - Quantitative Information Flow

KW - Probabilistic program semantics

KW - Security

KW - Confidentiality

UR - http://purl.org/au-research/grants/arc/DP140101119

U2 - 10.1007/978-3-030-33636-3_1

DO - 10.1007/978-3-030-33636-3_1

M3 - Conference proceeding contribution

SN - 9783030336356

T3 - Lecture Notes in Computer Science

SP - 1

EP - 17

BT - Mathematics of program construction

A2 - Hutton, Graham

PB - Springer, Springer Nature

CY - Cham

ER -

McIver A. Experiments in information flow analysis. In Hutton G, editor, Mathematics of program construction: 13th International Conference, MPC 2019, Proceedings. Cham: Springer, Springer Nature. 2019. p. 1-17. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-030-33636-3_1