Experiments in information flow analysis

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contribution

Abstract

Designing programs that do not leak confidential information continues to be a challenge. Part of the difficulty arises when partial information leaks are inevitable, implying that design interventions can only limit rather than eliminate their impact.

We show, by example, how to gain a better understanding of the consequences of information leaks by modelling what adversaries might be able to do with any leaked information.

Our presentation is based on the theory of Quantitative Information Flow, but takes an experimental approach to explore potential vulnerabilities in program designs. We make use of the tool Kuifje [12] to interpret a small programming language in a probabilistic semantics that supports quantitative information flow analysis.
Original languageEnglish
Title of host publicationMathematics of program construction
Subtitle of host publication13th International Conference, MPC 2019, Proceedings
EditorsGraham Hutton
Place of PublicationCham
PublisherSpringer, Springer Nature
Pages1-17
Number of pages17
ISBN (Electronic)9783030336363
ISBN (Print)9783030336356
DOIs
Publication statusPublished - 2019
Event13th International Conference on the Mathematics of Program Construction, MPC 2019 - Porto, Portugal
Duration: 7 Oct 20199 Oct 2019

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume11825

Conference

Conference13th International Conference on the Mathematics of Program Construction, MPC 2019
CountryPortugal
CityPorto
Period7/10/199/10/19

Keywords

  • Quantitative Information Flow
  • Probabilistic program semantics
  • Security
  • Confidentiality

Fingerprint Dive into the research topics of 'Experiments in information flow analysis'. Together they form a unique fingerprint.

Cite this