Approximation and Randomization for Quantitative Information-Flow Analysis

14 years 3 months ago

Download www.infsec.cs.uni-saarland.de

—Quantitative information-ﬂow analysis (QIF) is an emerging technique for establishing information-theoretic conﬁdentiality properties. Automation of QIF is an important step towards ensuring its practical applicability, since manual reasoning about program security has been shown to be a tedious and expensive task. Existing automated techniques for QIF fall short of providing full coverage of all program executions, especially in the presence of unbounded loops and data structures, which are notoriously diﬃcult to analyze automatically. In this paper we propose a blend of approximation and randomization techniques to bear on the challenge of suﬃciently precise, yet eﬃcient computation of quantitative information ﬂow properties. Our approach relies on a sampling method to enumerate large or unbounded secret spaces, and applies both static and dynamic program analysis techniques to deliver necessary over- and underapproximations of information-theoretic characteristics.

Boris Köpf, Andrey Rybalchenko

Real-time Traffic

CSFW 2010 | Information-theoretic Conﬁdentiality Properties | QIF Fall | Security Privacy | Unbounded Secret Spaces |

claim paper

Post Info
More Details (n/a)

Added	15 Aug 2010
Updated	15 Aug 2010
Type	Conference
Year	2010
Where	CSFW
Authors	Boris Köpf, Andrey Rybalchenko

Comments (0)

Sciweavers

Approximation and Randomization for Quantitative Information-Flow Analysis

CSFW 2010 | Information-theoretic Conﬁdentiality Properties | QIF Fall | Security Privacy | Unbounded Secret Spaces |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers