An Algebraic Approach for Reasoning About Information Flow

  • Arthur AméricoEmail author
  • Mário S. Alvim
  • Annabelle McIver
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10951)


This paper concerns the analysis of information leaks in security systems. We address the problem of specifying and analyzing large systems in the (standard) channel model used in quantitative information flow (QIF). We propose several operators which match typical interactions between system components. We explore their algebraic properties with respect to the security-preserving refinement relation defined by Alvim et al. and McIver et al. [1, 2].

We show how the algebra can be used to simplify large system specifications in order to facilitate the computation of information leakage bounds. We demonstrate our results on the specification and analysis of the Crowds Protocol. Finally, we use the algebra to justify a new algorithm to compute leakage bounds for this protocol.



Arthur Américo and Mário S. Alvim are supported by CNPq, CAPES, and FAPEMIG. Annabelle McIver is supported by ARC grant DP140101119.


  1. 1.
    Alvim, M.S., Chatzikokolakis, K., Palamidessi, C., Smith, G.: Measuring information leakage using generalized gain functions. In: Proceedings of CSF, pp. 265–279 (2012)Google Scholar
  2. 2.
    McIver, A., Morgan, C., Smith, G., Espinoza, B., Meinicke, L.: Abstract channels and their robust information-leakage ordering. In: Abadi, M., Kremer, S. (eds.) POST 2014. LNCS, vol. 8414, pp. 83–102. Springer, Heidelberg (2014). Scholar
  3. 3.
    Clark, D., Hunt, S., Malacaria, P.: Quantitative information flow, relations and polymorphic types. J. Logic Comput. 18(2), 181–199 (2005)MathSciNetCrossRefGoogle Scholar
  4. 4.
    Köpf, B., Basin, D.A.: An information-theoretic model for adaptive side-channel attacks. In: Proceedings of CCS, pp. 286–296. ACM (2007)Google Scholar
  5. 5.
    Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: On the Bayes risk in information-hiding protocols. J. Comput. Secur. 16(5), 531–571 (2008)CrossRefGoogle Scholar
  6. 6.
    Smith, G.: On the foundations of quantitative information flow. In: de Alfaro, L. (ed.) FoSSaCS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009). Scholar
  7. 7.
    McIver, A., Meinicke, L., Morgan, C.: Compositional closure for Bayes risk in probabilistic noninterference. In: Abramsky, S., Gavoille, C., Kirchner, C., Meyer auf der Heide, F., Spirakis, P.G. (eds.) ICALP 2010. LNCS, vol. 6199, pp. 223–235. Springer, Heidelberg (2010). Scholar
  8. 8.
    Boreale, M., Pampaloni, F.: Quantitative information flow under generic leakage functions and adaptive adversaries. Log. Methods Comput. Sci. 11(4) (2015)Google Scholar
  9. 9.
    Alvim, M.S., Chatzikokolakis, K., McIver, A., Morgan, C., Palamidessi, C., Smith, G.: Axioms for information leakage. In: Proceedings of CSF, pp. 77–92 (2016)Google Scholar
  10. 10.
    Chaum, D.: The dining cryptographers problem: Unconditional sender and recipient untraceability. J. Cryptol. 1(1), 65–75 (1988)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Alvim, M.S., Chatzikokolakis, K., McIver, A., Morgan, C., Palamidessi, C., Smith, G.: Additive and multiplicative notions of leakage, and their capacities. In: Proceedings of CSF, pp. 308–322. IEEE (2014)Google Scholar
  12. 12.
    Reiter, M.K., Rubin, A.D.: Crowds: anonymity for web transactions. ACM Trans. Inf. Syst. Secur. 1(1), 66–92 (1998)CrossRefGoogle Scholar
  13. 13.
    Américo, A., Alvim, M.S., McIver, A.: An algebraic approach for reasoning about information flow. CoRR abs/1801.08090 (2018)Google Scholar
  14. 14.
    Shannon, C.E.: A mathematical theory of communication. Bell Syst. Tech. J. 27(379–423), 625–56 (1948)MathSciNetGoogle Scholar
  15. 15.
    Massey, J.L.: Guessing and entropy. In: Proceedings of the IEEE International Symposium on Information Theory, p. 204. IEEE (1994)Google Scholar
  16. 16.
    Braun, C., Chatzikokolakis, K., Palamidessi, C.: Quantitative notions of leakage for one-try attacks. In: Proceedings of MFPS. ENTCS, vol. 249, pp. 75–91. Elsevier (2009)CrossRefGoogle Scholar
  17. 17.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). Scholar
  18. 18.
    Brumley, D., Boneh, D.: Remote timing attacks are practical. In: Proceedings of the 12th Conference on USENIX Security Symposium. SSYM 2003, vol. 12, p. 1. USENIX Association, Berkeley (2003)Google Scholar
  19. 19.
    Nohl, K., Evans, D., Starbug, S., Plötz, H.: Reverse-engineering a cryptographic RFID tag. In: Proceedings of the 17th Conference on Security Symposium. SS 2008, pp. 185–193. USENIX Association, Berkeley (2008)Google Scholar
  20. 20.
    Warner, S.L.: Randomized response: a survey technique for eliminating evasive answer bias. J. Am. Stat. Assoc. 60(309), 63–69 (1965). PMID: 12261830CrossRefGoogle Scholar
  21. 21.
    Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Hiding routing information. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 137–150. Springer, Heidelberg (1996). Scholar
  22. 22.
    Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: the second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium, pp. 303–320. USENIX (2004)Google Scholar
  23. 23.
    Strassen, V.: Gaussian elimination is not optimal. Numer. Math. 13(4), 354–356 (1969)MathSciNetCrossRefGoogle Scholar
  24. 24.
    Andrés, M.E., Palamidessi, C., van Rossum, P., Smith, G.: Computing the leakage of information-hiding systems. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 373–389. Springer, Heidelberg (2010). Scholar
  25. 25.
    Espinoza, B., Smith, G.: Min-entropy as a resource. Inf. Comput. 226, 57–75 (2013)MathSciNetCrossRefGoogle Scholar
  26. 26.
    Kawamoto, Y., Chatzikokolakis, K., Palamidessi, C.: On the compositionality of quantitative information flow. Log. Methods Comput. Sci. 13(3) (2017)Google Scholar
  27. 27.
    Engelhardt, K.: A better composition operator for quantitative information flow analyses. In: European Symposium on Research in Computer Security, Proceedings, Part I, pp. 446–463 (2017)CrossRefGoogle Scholar
  28. 28.
    Alvim, M.S., Chatzikokolakis, K., Kawamoto, Y., Palamidessi, C.: Leakage and protocol composition in a game-theoretic perspective. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 134–159. Springer, Cham (2018). Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Arthur Américo
    • 1
    Email author
  • Mário S. Alvim
    • 1
  • Annabelle McIver
    • 2
  1. 1.Universidade Federal de Minas GeraisBelo HorizonteBrazil
  2. 2.Macquarie UniversitySydneyAustralia

Personalised recommendations