David Parker
Senior Lecturer, University of Birmingham
[CKNP13] Tom Chothia, Yusuke Kawamoto, Chris Novakovic and David Parker. Probabilistic Point-to-Point Information Leakage. In Proc. 26th IEEE Computer Security Foundations Symposium (CSF'13), pages 193-205. June 2013. [pdf] [bib]
Downloads:  pdf pdf (264 KB)  bib bib
Abstract. The outputs of a program that processes secret data may reveal information about the values of these secrets. This paper develops an information leakage model that can measure the leakage between arbitrary points in a probabilistic program. Our aim is to create a model of information leakage that makes it convenient to measure specific leaks, and provide a tool that may be used to investigate a program's information security. To make our leakage model precise, we base our work on a simple probabilistic, imperative language in which secret values may be specified at any point in the program; other points in the program may then be marked as potential sites of information leakage. We extend our leakage model to address both non-terminating programs (with potentially infinite numbers of secret and observable values) and user input. Finally, we show how statistical approximation techniques can be used to estimate our leakage measure in real-world Java programs.