### Abstract

We show, by example, how to gain a better understanding of the consequences of information leaks by modelling what adversaries might be able to do with any leaked information.

Our presentation is based on the theory of Quantitative Information Flow, but takes an experimental approach to explore potential vulnerabilities in program designs. We make use of the tool Kuifje [12] to interpret a small programming language in a probabilistic semantics that supports quantitative information flow analysis.

Language | English |
---|---|

Title of host publication | Mathematics of program construction |

Subtitle of host publication | 13th International Conference, MPC 2019, Proceedings |

Editors | Graham Hutton |

Place of Publication | Cham |

Publisher | Springer, Springer Nature |

Pages | 1-17 |

Number of pages | 17 |

ISBN (Electronic) | 9783030336363 |

ISBN (Print) | 9783030336356 |

DOIs | |

Publication status | Published - Oct 2019 |

Event | 13th International Conference on the Mathematics of Program Construction, MPC 2019 - Porto, Portugal Duration: 7 Oct 2019 → 9 Oct 2019 |

### Publication series

Name | Lecture Notes in Computer Science |
---|---|

Publisher | Springer |

Volume | 11825 |

### Conference

Conference | 13th International Conference on the Mathematics of Program Construction, MPC 2019 |
---|---|

Country | Portugal |

City | Porto |

Period | 7/10/19 → 9/10/19 |

### Fingerprint

### Keywords

- Quantitative Information Flow
- Probabilistic program semantics
- Security
- Confidentiality

### Cite this

*Mathematics of program construction: 13th International Conference, MPC 2019, Proceedings*(pp. 1-17). (Lecture Notes in Computer Science; Vol. 11825). Cham: Springer, Springer Nature. https://doi.org/10.1007/978-3-030-33636-3_1

}

*Mathematics of program construction: 13th International Conference, MPC 2019, Proceedings.*Lecture Notes in Computer Science, vol. 11825, Springer, Springer Nature, Cham, pp. 1-17, 13th International Conference on the Mathematics of Program Construction, MPC 2019, Porto, Portugal, 7/10/19. https://doi.org/10.1007/978-3-030-33636-3_1

**Experiments in information flow analysis.** / McIver, Annabelle.

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › Research › peer-review

TY - GEN

T1 - Experiments in information flow analysis

AU - McIver, Annabelle

PY - 2019/10

Y1 - 2019/10

N2 - Designing programs that do not leak confidential information continues to be a challenge. Part of the difficulty arises when partial information leaks are inevitable, implying that design interventions can only limit rather than eliminate their impact. We show, by example, how to gain a better understanding of the consequences of information leaks by modelling what adversaries might be able to do with any leaked information. Our presentation is based on the theory of Quantitative Information Flow, but takes an experimental approach to explore potential vulnerabilities in program designs. We make use of the tool Kuifje [12] to interpret a small programming language in a probabilistic semantics that supports quantitative information flow analysis.

AB - Designing programs that do not leak confidential information continues to be a challenge. Part of the difficulty arises when partial information leaks are inevitable, implying that design interventions can only limit rather than eliminate their impact. We show, by example, how to gain a better understanding of the consequences of information leaks by modelling what adversaries might be able to do with any leaked information. Our presentation is based on the theory of Quantitative Information Flow, but takes an experimental approach to explore potential vulnerabilities in program designs. We make use of the tool Kuifje [12] to interpret a small programming language in a probabilistic semantics that supports quantitative information flow analysis.

KW - Quantitative Information Flow

KW - Probabilistic program semantics

KW - Security

KW - Confidentiality

UR - http://purl.org/au-research/grants/arc/DP140101119

U2 - 10.1007/978-3-030-33636-3_1

DO - 10.1007/978-3-030-33636-3_1

M3 - Conference proceeding contribution

SN - 9783030336356

T3 - Lecture Notes in Computer Science

SP - 1

EP - 17

BT - Mathematics of program construction

A2 - Hutton, Graham

PB - Springer, Springer Nature

CY - Cham

ER -