An Algebraic Approach for Reasoning About Information Flow

This paper concerns the analysis of information leaks in security systems. We address the problem of specifying and analyzing large systems in the (standard) channel model used in quantitative information flow (QIF). We propose several operators which match typical interactions between system components. We explore their algebraic properties with respect to the security-preserving refinement relation defined by Alvim et al. and McIver et al. We show how the algebra can be used to simplify large system specifications in order to facilitate the computation of information leakage bounds. We demonstrate our results on the specification and analysis of the Crowds Protocol. Finally, we use the algebra to justify a new algorithm to compute leakage bounds for this protocol.

[1]  Catuscia Palamidessi,et al.  Quantitative Notions of Leakage for One-try Attacks , 2009, MFPS.

[2]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[3]  Mário S. Alvim,et al.  Additive and Multiplicative Notions of Leakage, and Their Capacities , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[4]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[5]  V. Strassen Gaussian elimination is not optimal , 1969 .

[6]  Prakash Panangaden,et al.  On the Bayes risk in information-hiding protocols , 2008, J. Comput. Secur..

[7]  Michele Boreale,et al.  Quantitative information flow under generic leakage functions and adaptive adversaries , 2015, Log. Methods Comput. Sci..

[8]  S L Warner,et al.  Randomized response: a survey technique for eliminating evasive answer bias. , 1965, Journal of the American Statistical Association.

[9]  Annabelle McIver,et al.  Abstract Channels and Their Robust Information-Leakage Ordering , 2014, POST.

[10]  Kai Engelhardt,et al.  A Better Composition Operator for Quantitative Information Flow Analyses , 2017, ESORICS.

[11]  Geoffrey Smith,et al.  Min-entropy as a resource , 2013, Inf. Comput..

[12]  Mário S. Alvim,et al.  An Algebraic Approach for Reasoning About Information Flow , 2018 .

[13]  Mário S. Alvim,et al.  Leakage and Protocol Composition in a Game-Theoretic Perspective , 2018, POST.

[14]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[15]  Annabelle McIver,et al.  Compositional Closure for Bayes Risk in Probabilistic Noninterference , 2010, ICALP.

[16]  David A. Basin,et al.  An information-theoretic model for adaptive side-channel attacks , 2007, CCS '07.

[17]  Catuscia Palamidessi,et al.  On the Compositionality of Quantitative Information Flow , 2017, Log. Methods Comput. Sci..

[18]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[19]  Geoffrey Smith,et al.  Computing the Leakage of Information-Hiding Systems , 2010, TACAS.

[20]  David Evans,et al.  Reverse-Engineering a Cryptographic RFID Tag , 2008, USENIX Security Symposium.

[21]  J. Massey Guessing and entropy , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[22]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[23]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[24]  Mário S. Alvim,et al.  Measuring Information Leakage Using Generalized Gain Functions , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[25]  Mário S. Alvim,et al.  Axioms for Information Leakage , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).

[26]  Paul F. Syverson,et al.  Hiding Routing Information , 1996, Information Hiding.

[27]  David Clark,et al.  Quantitative Information Flow, Relations and Polymorphic Types , 2005, J. Log. Comput..

[28]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.