Hybrid Statistical Estimation of Mutual Information for Quantifying Information Flow

Analysis of a probabilistic system often requires to learn the joint probability distribution of its random variables. The computation of the exact distribution is usually an exhaustive precise analysis on all executions of the system. To avoid the high computational cost of such an exhaustive search, statistical analysis has been studied to efficiently obtain approximate estimates by analyzing only a small but representative subset of the system’s behavior. In this paper we propose a hybrid statistical estimation method that combines precise and statistical analyses to estimate mutual information and its confidence interval. We show how to combine the analyses on different components of the system with different precision to obtain an estimate for the whole system. The new method performs weighted statistical analysis with different sample sizes over different components and dynamically finds their optimal sample sizes. Moreover it can reduce sample sizes by using prior knowledge about systems and a new abstraction-then-sampling technique based on qualitative analysis. We show the new method outperforms the state of the art in quantifying information leakage.

[1]  David A. Basin,et al.  An information-theoretic model for adaptive side-channel attacks , 2007, CCS '07.

[2]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[3]  Axel Legay,et al.  Statistical Model Checking: An Overview , 2010, RV.

[4]  Supratik Chakraborty,et al.  A Scalable Approximate Model Counter , 2013, CP.

[5]  Axel Legay,et al.  QUAIL: A Quantitative Security Analyzer for Imperative Code , 2013, CAV.

[6]  Prakash Panangaden,et al.  Anonymity protocols as noisy channels , 2008, Inf. Comput..

[7]  Andrey Rybalchenko,et al.  Approximation and Randomization for Quantitative Information-Flow Analysis , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[8]  R. Gallager Information Theory and Reliable Communication , 1968 .

[9]  Thomas Given-Wilson,et al.  Quantitative Information Flow for Scheduler-Dependent Systems , 2015, QAPL.

[10]  Geoffrey Smith,et al.  Min-entropy as a resource , 2013, Inf. Comput..

[11]  Tom Chothia,et al.  Statistical Measurement of Information Leakage , 2010, TACAS.

[12]  Sanjit A. Seshia,et al.  On Parallel Scalable Uniform SAT Witness Generation , 2015, TACAS.

[13]  Tom Chothia,et al.  A Tool for Estimating Information Leakage , 2013, CAV.

[14]  Serge Haddad,et al.  Coupling and Importance Sampling for Statistical Model Checking , 2012, TACAS.

[15]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[16]  R. Moddemeijer On estimation of entropy and mutual information of continuous distributions , 1989 .

[17]  David J. C. MacKay,et al.  Information Theory, Inference, and Learning Algorithms , 2004, IEEE Transactions on Information Theory.

[18]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[19]  Michael R. Clarkson,et al.  Hyperproperties , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[20]  Tom Chothia,et al.  LeakWatch: Estimating Information Leakage from Java Programs , 2014, ESORICS.

[21]  David Clark,et al.  A static analysis for quantifying information flow in a simple imperative language , 2007, J. Comput. Secur..

[22]  Stephen McCamant,et al.  Quantitative information flow as network flow capacity , 2008, PLDI '08.

[23]  Axel Legay,et al.  Comparative Analysis of Leakage Tools on Scalable Case Studies , 2015, SPIN.

[24]  Jeffrey Scott Vitter,et al.  Random sampling with a reservoir , 1985, TOMS.

[25]  Robert B. Ash,et al.  Information Theory , 2020, The SAGE International Encyclopedia of Mass Media and Society.

[26]  David R. Brillinger,et al.  Some data analyses using mutual information , 2004 .

[27]  Catuscia Palamidessi,et al.  Compositionality Results for Quantitative Information Flow , 2014, QEST.

[28]  M. Wilde Quantum Information Theory: Noisy Quantum Shannon Theory , 2013 .

[29]  Stephen McCamant,et al.  DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation , 2011, NDSS.

[30]  David Clark,et al.  Quantitative Analysis of the Leakage of Confidential Data , 2002, QAPL.

[31]  Michael Backes,et al.  Automatic Discovery and Quantification of Information Leaks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[32]  Pasquale Malacaria,et al.  Abstract model counting: a novel approach for quantification of information leaks , 2014, AsiaCCS.

[33]  Axel Legay,et al.  Quantifying information leakage of randomized protocols , 2015, Theor. Comput. Sci..

[34]  Christoph Adami,et al.  Information theory in molecular biology , 2004, q-bio/0405004.

[35]  Mark M. Wilde,et al.  Quantum Information Theory , 2013 .

[36]  Gilles Barthe,et al.  Information-Theoretic Bounds for Differentially Private Mechanisms , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[37]  Michele Boreale,et al.  On Formally Bounding Information Leakage by Statistical Estimation , 2014, ISC.

[38]  Thomas M. Cover,et al.  Elements of Information Theory 2006 , 2009 .

[39]  Sanjit A. Seshia,et al.  Speeding Up SMT-Based Quantitative Program Analysis , 2014, SMT.

[40]  James W. Gray,et al.  Toward a mathematical foundation for information flow security , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[41]  Stephen McCamant,et al.  Measuring channel capacity to distinguish undue influence , 2009, PLAS '09.

[42]  Luis Enrique Sucar,et al.  Introduction to Bayesian Networks and Influence Diagrams , 2012 .

[43]  Rohit Chadha,et al.  Computing Information Flow Using Symbolic Model-Checking , 2014, FSTTCS.

[44]  Edmund M. Clarke,et al.  Statistical Model Checking for Cyber-Physical Systems , 2011, ATVA.

[45]  Tom Chothia,et al.  Probabilistic Point-to-Point Information Leakage , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[46]  Hirotoshi Yasuoka,et al.  Quantitative information flow as safety and liveness hyperproperties , 2014, Theor. Comput. Sci..

[47]  Pablo Suau,et al.  Information Theory in Computer Vision and Pattern Recognition , 2009 .

[48]  Marcelo d'Amorim,et al.  Quantifying information leaks using reliability analysis , 2014, SPIN.