Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Verification, Model Checking, and Abstract Interpretation

VMCAI 2013: Verification, Model Checking, and Abstract Interpretation pp 68–87Cite as

Quantifying Information Leakage of Randomized Protocols

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7737))

Abstract

The quantification of information leakage provides a quantitative evaluation of the security of a system. We propose the usage of Markovian processes to model and analyze the information leakage of deterministic and probabilistic systems. We show that this method generalizes the lattice of information approach and is a natural framework for modeling refined attackers capable to observe the internal behavior of the system. We also use our method to obtain an algorithm for the computation of channel capacity from our Markovian models. Finally, we show how to use the method to analyze timed and non-timed attacks on the Onion Routing protocol.

The research presented in this paper has been partially supported by MT-LAB, a VKR Centre of Excellence for the Modelling of Information Technology.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Malacaria, P.: Algebraic foundations for information theoretical, probabilistic and guessability measures of information flow. CoRR abs/1101.3453 (2011)

    Google Scholar 

  2. Clark, D., Hunt, S., Malacaria, P.: A static analysis for quantifying information flow in a simple imperative language. Journal of Computer Security 15, 321–371 (2007)

    Google Scholar 

  3. Heusser, J., Malacaria, P.: Quantifying information leaks in software. In: Gates, C., Franz, M., McDermott, J.P. (eds.) ACSAC, pp. 261–269. ACM (2010)

    Google Scholar 

  4. Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: Anonymity protocols as noisy channels. Inf. Comput. 206, 378–401 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  5. Chen, H., Malacaria, P.: Quantifying maximal loss of anonymity in protocols. In: Li, W., Susilo, W., Tupakula, U.K., Safavi-Naini, R., Varadharajan, V. (eds.) ASIACCS, pp. 206–217. ACM (2009)

    Google Scholar 

  6. Köpf, B., Smith, G.: Vulnerability bounds and leakage resilience of blinded cryptography under timing attacks. In: CSF, pp. 44–56. IEEE Computer Society (2010)

    Google Scholar 

  7. Köpf, B., Basin, D.A.: An information-theoretic model for adaptive side-channel attacks. In: Ning, P., di Vimercati, S.D.C., Syverson, P.F. (eds.) ACM Conference on Computer and Communications Security, pp. 286–296. ACM (2007)

    Google Scholar 

  8. Millen, J.K.: Covert channel capacity. In: IEEE Symposium on Security and Privacy, pp. 60–66 (1987)

    Google Scholar 

  9. Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Onion routing. Commun. ACM 42, 39–41 (1999)

    Article  Google Scholar 

  10. Murdoch, S.J., Danezis, G.: Low-cost traffic analysis of tor. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, SP 2005, pp. 183–195. IEEE Computer Society, Washington, DC (2005)

    Google Scholar 

  11. Abbott, T.G., Lai, K.J., Lieberman, M.R., Price, E.C.: Browser-Based Attacks on Tor. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 184–199. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  12. Cover, T., Thomas, J.: Elements of information theory. Wiley, New York (1991)

    Book  MATH  Google Scholar 

  13. Shannon, C.E.: A mathematical theory of communication. The Bell System Technical Journal 27, 379–423 (1948)

    MathSciNet  MATH  Google Scholar 

  14. Biondi, F., Legay, A., Nielsen, B.F., Wąsowski, A.: Maximizing entropy over markov processes (2012) (under review), http://www.itu.dk/people/fbio/maxent.pdf

  15. Landauer, J., Redmond, T.: A lattice of information. In: CSFW, pp. 65–70 (1993)

    Google Scholar 

  16. Winskel, G.: The formal semantics of programming languages - an introduction. Foundation of computing series. MIT Press (1993)

    Google Scholar 

  17. Malacaria, P.: Risk assessment of security threats for looping constructs. Journal of Computer Security 18, 191–228 (2010)

    Google Scholar 

  18. Malacaria, P., Chen, H.: Lagrange multipliers and maximum information leakage in different observational models. In: Erlingsson, Ã., Pistoia, M. (eds.) PLAS, pp. 135–146. ACM (2008)

    Google Scholar 

  19. Alvim, M.S., Andrés, M.E., Palamidessi, C.: Quantitative information flow in interactive systems. Journal of Computer Security 20, 3–50 (2012)

    Google Scholar 

  20. Chen, H., Malacaria, P.: The Optimum Leakage Principle for Analyzing Multi-threaded Programs. In: Kurosawa, K. (ed.) ICITS 2009. LNCS, vol. 5973, pp. 177–193. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  21. Köpf, B., Mauborgne, L., Ochoa, M.: Automatic Quantification of Cache Side-Channels. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 564–580. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  22. Alvim, M.S., Chatzikokolakis, K., Palamidessi, C., Smith, G.: Measuring information leakage using generalized gain functions. In: CSF (2012)

    Google Scholar 

  23. Preda, M.D., Giacobazzi, R.: Semantics-based code obfuscation by abstract interpretation. Journal of Computer Security 17, 855–908 (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IT University of Copenhagen, Denmark

    Fabrizio Biondi & Andrzej Wąsowski

  2. INRIA Rennes, France

    Axel Legay

  3. Queen Mary University of London, United Kingdom

    Pasquale Malacaria

Authors
  1. Fabrizio Biondi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Axel Legay
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pasquale Malacaria
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Andrzej Wąsowski
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Verona, Strada Le Grazie 15, 37134, Verona, Italy

    Roberto Giacobazzi  & Isabella Mastroeni  & 

  2. Microsoft Research, 7 JJ Thomason Avenue, CB3 0FB, Cambridge, UK

    Josh Berdine

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Biondi, F., Legay, A., Malacaria, P., Wąsowski, A. (2013). Quantifying Information Leakage of Randomized Protocols. In: Giacobazzi, R., Berdine, J., Mastroeni, I. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2013. Lecture Notes in Computer Science, vol 7737. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35873-9_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-35873-9_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35872-2

  • Online ISBN: 978-3-642-35873-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation