Measuring Information Leakage Using Network Information Theory
Tom Chothia :: Tuesday 27th January 2009
Venue: Room 124 @ 1200
Abstract. The field of Information Flow assess the security of a system by checking if it is possible to learn anything about the high level secure data in a system from observing low level public data. Many frameworks can ensure zero leakage, however real systems often allow a small amount of information to flow. e.g. checking a failed password guess leaks the information that the secret values doesn't have that value. I will explain how Information Theory has been used to measure this leakage and I will propose using Network Information Theory as a more flexible measuring framework. I will not assume any previous knowledge of either Information Flow or Information Theory.
Materials: slides (.pdf)