On Bounding Problems of Quantitative Information Flow

Researchers have proposed formal definitions of quantitative information flow based on information theoretic notions such as the Shannon entropy, the min entropy, the guessing entropy, and channel capacity. This paper investigates the hardness of precisely checking the quantitative information flow of a program according to such definitions. More precisely, we study the "bounding problem" of quantitative information flow, defined as follows: Given a program M and a positive real number q, decide if the quantitative information flow of M is less than or equal to q. We prove that the bounding problem is not a k-safety property for any k (even when q is fixed, for the Shannon-entropy-based definition with the uniform distribution), and therefore is not amenable to the self-composition technique that has been successfully applied to checking non-interference. We also prove complexity theoretic hardness results for the case when the program is restricted to loop-free boolean programs. Specifically, we show that the problem is PP-hard for all the definitions, showing a gap with non-interference which is coNP-complete for the same class of programs. The paper also compares the results with the recently proved results on the comparison problems of quantitative information flow.

[1]  Pasquale Malacaria,et al.  Lagrange multipliers and maximum information leakage in different observational models , 2008, PLAS '08.

[2]  Pasquale Malacaria,et al.  Assessing security threats of looping constructs , 2007, POPL '07.

[3]  J. Massey Guessing and entropy , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[4]  Seinosuke Toda,et al.  PP is as Hard as the Polynomial-Time Hierarchy , 1991, SIAM J. Comput..

[5]  Kenneth L. McMillan,et al.  Lazy Abstraction with Interpolants , 2006, CAV.

[6]  Thomas A. Henzinger,et al.  The software model checker Blast , 2007, International Journal on Software Tools for Technology Transfer.

[7]  Michael R. Clarkson,et al.  Belief in information flow , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[8]  Hirotoshi Yasuoka,et al.  Quantitative Information Flow - Verification Hardness and Possibilities , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[9]  Akinori Yonezawa,et al.  Combining type-based analysis and model checking for finding counterexamples against non-interference , 2006, PLAS '06.

[10]  Stephen McCamant,et al.  Measuring channel capacity to distinguish undue influence , 2009, PLAS '09.

[11]  Catuscia Palamidessi,et al.  Quantitative Notions of Leakage for One-try Attacks , 2009, MFPS.

[12]  Reiner Hähnle,et al.  A Theorem Proving Approach to Analysis of Secure Information Flow , 2005, SPC.

[13]  Ellis S. Cohen Information transmission in computational systems , 1977, SOSP '77.

[14]  Pasquale Malacaria,et al.  Applied Quantitative Information Flow and Statistical Databases , 2009, Formal Aspects in Security and Trust.

[15]  Stephen McCamant,et al.  Quantitative information flow as network flow capacity , 2008, PLDI '08.

[16]  David Clark,et al.  Quantified Interference for a While Language , 2005, QAPL.

[17]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[18]  David Clark,et al.  A static analysis for quantifying information flow in a simple imperative language , 2007, J. Comput. Secur..

[19]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[20]  Michael Backes,et al.  Automatic Discovery and Quantification of Information Leaks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[21]  Pasquale Malacaria,et al.  Quantifying information leaks in software , 2010, ACSAC '10.

[22]  David A. Naumann From Coupling Relations to Mated Invariants for Checking Information Flow , 2006, ESORICS.

[23]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[24]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[25]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[26]  David A. Basin,et al.  An information-theoretic model for adaptive side-channel attacks , 2007, CCS '07.

[27]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[28]  C. E. SHANNON,et al.  A mathematical theory of communication , 1948, MOCO.

[29]  Thomas A. Henzinger,et al.  The software model checker B last : Applications to software engineering , 2007 .

[30]  Alexander Aiken,et al.  Secure Information Flow as a Safety Problem , 2005, SAS.

[31]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[32]  Geoffrey Smith,et al.  Vulnerability Bounds and Leakage Resilience of Blinded Cryptography under Timing Attacks , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.