Title :
Quantitative Multirun Security under Active Adversaries
Author :
Boreale, Michele ; Pampaloni, Francesca
Author_Institution :
Dipt. di Sist. ed Inf., Univ. di Firenze, Florence, Italy
Abstract :
We study the security of probabilistic programsunder the assumption that an active adversary controls part ofthe program´s inputs, and the program can be run several times. The adversary´s target are the high, confidential inputs to theprogram. We model the program behaviour as an information-theoretic channel and define a notion of quantitative multi-runleakage. We characterize in a simple way both the asymptoticmulti-run leakage and its exponential growth rate, depending onthe number of runs, the characterization is given in terms ofthe program´s channel matrix. We then study the case where adeclassification policy is specified: we define a measure of thedegree of violation of the policy and characterize its asymptoticmulti-run behaviour, thus allowing for a combined analysis ofwhat and how much information is leaked. We finally study thecase where a user is faced with the task of assessing the undueinfluence of an active adversary on a deployed program or system, of which only a (black-box) specification is available.
Keywords :
data integrity; formal specification; matrix algebra; probability; security of data; active adversary; asymptotic multirun behaviour; asymptotic multirun leakage; black-box specification; data confidentiality; declassification policy; exponential growth rate; information theory channel; probabilistic program security; program channel matrix; quantitative multirun security; Context; Credit cards; Probabilistic logic; Probability distribution; Security; Terminology; Vectors; Security; confidentiality; information theory; integrity; quantitative information flow;
Conference_Titel :
Quantitative Evaluation of Systems (QEST), 2012 Ninth International Conference on
Conference_Location :
London
Print_ISBN :
978-1-4673-2346-8
Electronic_ISBN :
978-0-7695-4781-7
DOI :
10.1109/QEST.2012.31