Quantitative security analysis for programs with low input and noisy output

Minh Tri Ngo, Marieke Huisman

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    4 Citations (Scopus)

    Abstract

    Classical quantitative information flow analysis often considers a system as an information-theoretic channel, where private data are the only inputs and public data are the outputs. However, for systems where an attacker is able to influence the initial values of public data, these should also be considered as inputs of the channel. This paper adapts the classical view of information-theoretic channels in order to quantify information flow of programs that contain both private and public inputs. Additionally, we show that our measure also can be used to reason about the case where a system operator on purpose adds noise to the output, instead of always producing the correct output. The noisy outcome is used to reduce the correlation between the output and the input, and thus to increase the remaining uncertainty. However, even though adding noise to the output enhances the security, it reduces the reliability of the program. We show how given a certain noisy output policy, the increase in security and the decrease in reliability can be quantified.
    Original languageUndefined
    Title of host publicationProceedings of the 6th International Symposium on Engineering Secure Software and Systems, ESSoS 2014
    Place of PublicationLondon
    PublisherSpringer
    Pages77-94
    Number of pages18
    ISBN (Print)978-3-319-04896-3
    DOIs
    Publication statusPublished - Feb 2014
    Event6th International Symposium on Engineering Secure Software and Systems, ESSoS 2014 - Technische Universität München, Munich, Germany
    Duration: 26 Feb 201428 Feb 2014
    Conference number: 6
    https://distrinet.cs.kuleuven.be/events/essos/2014/

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer Verlag
    Volume8364

    Conference

    Conference6th International Symposium on Engineering Secure Software and Systems, ESSoS 2014
    Abbreviated titleESSoS
    CountryGermany
    CityMunich
    Period26/02/1428/02/14
    Internet address

    Keywords

    • EWI-24027
    • METIS-303973
    • IR-88367

    Cite this