Belief in information flow

Information leakage traditionally has been defined to occur when uncertainty about secret data is reduced. This uncertainty-based approach is inadequate for measuring information flow when an attacker is making assumptions about secret inputs and these assumptions might be incorrect; such attacker beliefs are an unavoidable aspect of any satisfactory definition of leakage. To reason about information flow based on beliefs, a model is developed that describes how attacker beliefs change due to the attacker's observation of the execution of a probabilistic (or deterministic) program. The model leads to a new metric for quantitative information flow that measures accuracy rather than uncertainty of beliefs.

[1]  John McLean,et al.  Security models and information flow , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Dennis M. Volpano Secure introduction of one-way functions , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[3]  Paul F. Syverson,et al.  A logical approach to multilevel security of probabilistic systems , 1998, Distributed Computing.

[4]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[5]  Martín Abadi,et al.  The existence of refinement mappings , 1988, [1988] Proceedings. Third Annual Information Symposium on Logic in Computer Science.

[6]  Annabelle McIver,et al.  Abstraction, Refinement and Proof for Probabilistic Systems , 2004, Monographs in Computer Science.

[7]  David M. Clark,et al.  Quantified Interference: Information Theory and Information Flow , 2004 .

[8]  Chris Hankin,et al.  Approximate non-interference , 2004 .

[9]  Joseph Y. Halpern,et al.  Knowledge, probability, and adversaries , 1993, JACM.

[10]  Jerry Nedelman,et al.  Book review: “Bayesian Data Analysis,” Second Edition by A. Gelman, J.B. Carlin, H.S. Stern, and D.B. Rubin Chapman & Hall/CRC, 2004 , 2005, Comput. Stat..

[11]  David Clark,et al.  Quantitative Information Flow, Relations and Polymorphic Types , 2005, J. Log. Comput..

[12]  Chris Hankin,et al.  Approximate non-interference , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[13]  David B. Dunson,et al.  Bayesian Data Analysis , 2010 .

[14]  Joseph Y. Halpern,et al.  Anonymity and information hiding in multiagent systems , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[15]  Lyle Harold Ramshaw,et al.  Formalizing the analysis of algorithms , 1979 .

[16]  Geoffrey Smith,et al.  Verifying secrets and relative secrecy , 2000, POPL '00.

[17]  Joseph Y. Halpern Reasoning about uncertainty , 2003 .

[18]  Andrew C. Myers,et al.  Observational determinism for concurrent program security , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[19]  A. W. Roscoe CSP and determinism in security modelling , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[20]  G. Jones,et al.  Information and Coding Theory , 2000 .

[21]  A. Tversky,et al.  Subjective Probability: A Judgment of Representativeness , 1972 .

[22]  Dexter Kozen,et al.  Semantics of probabilistic programs , 1979, 20th Annual Symposium on Foundations of Computer Science (sfcs 1979).

[23]  Jonathan K. Millen,et al.  Covert Channel Capacity , 1987, 1987 IEEE Symposium on Security and Privacy.

[24]  D. G. Weber,et al.  Quantitative Hook-Up Security for Covert Channel Analysis , 1988 .

[25]  P. Strevens Iii , 1985 .

[26]  J. Koehler The base rate fallacy reconsidered: Descriptive, normative, and methodological challenges , 1996, Behavioral and Brain Sciences.

[27]  Geoffrey Smith,et al.  Confinement properties for programming languages , 1998, SIGA.

[28]  Glynn Winskel,et al.  The formal semantics of programming languages - an introduction , 1993, Foundation of computing series.

[29]  R. Browne The Turing Test and non-information flow , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[30]  Gavin Lowe,et al.  Quantifying information flow , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[31]  John McLean,et al.  Proving Noninterference and Functional Correctness Using Traces , 1992, J. Comput. Secur..

[32]  Annabelle McIver,et al.  A probabilistic approach to information hiding , 2003 .

[33]  James W. Gray,et al.  Toward a mathematical foundation for information flow security , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[34]  J. Todd Wittbold,et al.  Information flow in nondeterministic systems , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[35]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[36]  Daryl McCullough,et al.  Specifications for Multi-Level Security and a Hook-Up , 1987, 1987 IEEE Symposium on Security and Privacy.

[37]  David Clark,et al.  Quantified Interference for a While Language , 2005, QAPL.

[38]  Alexandre V. Evfimievski,et al.  Limiting privacy breaches in privacy preserving data mining , 2003, PODS.

[39]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[40]  Chris Hankin,et al.  Measuring the confinement of probabilistic systems , 2005, Theor. Comput. Sci..