Title :
Belief in information flow
Author :
Clarkson, Michael R. ; Myers, Andrew C. ; Schneider, Fred B.
Author_Institution :
Dept. of Comput. Sci., Cornell Univ., Ithaca, NY, USA
Abstract :
Information leakage traditionally has been defined to occur when uncertainty about secret data is reduced. This uncertainty-based approach is inadequate for measuring information flow when an attacker is making assumptions about secret inputs and these assumptions might be incorrect; such attacker beliefs are an unavoidable aspect of any satisfactory definition of leakage. To reason about information flow based on beliefs, a model is developed that describes how attacker beliefs change due to the attacker´s observation of the execution of a probabilistic (or deterministic) program. The model leads to a new metric for quantitative information flow that measures accuracy rather than uncertainty of beliefs.
Keywords :
security of data; uncertainty handling; belief uncertainty; deterministic program; information leakage; probabilistic program; quantitative information flow; uncertainty-based approach; Authentication; Computer science; Fluid flow measurement; Government; Information security; Mechanical factors;
Conference_Titel :
Computer Security Foundations, 2005. CSFW-18 2005. 18th IEEE Workshop
Print_ISBN :
0-7695-2340-4
DOI :
10.1109/CSFW.2005.10
