Title :
Automatic Discovery and Quantification of Information Leaks
Author :
Backes, Michael ; Kopf, B. ; Rybalchenko, Andrey
Author_Institution :
MPI-SWS, Saarland Univ., Saarbrucken, Germany
Abstract :
Information-flow analysis is a powerful technique for reasoning about the sensitive information exposed by a program during its execution. We present the first automatic method for information-flow analysis that discovers what information is leaked and computes its comprehensive quantitative interpretation. The leaked information is characterized by an equivalence relation on secret artifacts, and is represented by a logical assertion over the corresponding program variables. Our measurement procedure computes the number of discovered equivalence classes and their sizes. This provides a basis for computing a set of quantitative properties, which includes all established information-theoretic measures in quantitative information-flow. Our method exploits an inherent connection between formal models of qualitative information-flow and program verification techniques. We provide an implementation of our method that builds upon existing tools for program verification and information-theoretic analysis. Our experimental evaluation indicates the practical applicability of the presented method.
Keywords :
reasoning about programs; security of data; comprehensive quantitative interpretation; information leaks; information-flow analysis; information-theoretic analysis; program verification techniques; Channel capacity; Communication channels; Data flow computing; Entropy; Information analysis; Information security; Information theory; Privacy; Size measurement; Throughput; Information Flow; Information Theory; Program Analysis;
Conference_Titel :
Security and Privacy, 2009 30th IEEE Symposium on
Conference_Location :
Berkeley, CA
Print_ISBN :
978-0-7695-3633-0
