Quantifying information leaks using reliability analysis

We report on our work-in-progress into the use of reliability analysis to quantify information leaks. In recent work we have proposed a software reliability analysis technique that uses symbolic execution and model counting to quantify the probability of reaching designated program states, e.g. assert violations, under uncertainty conditions in the environment. The technique has many applications beyond reliability analysis, ranging from program understanding and debugging to analysis of cyber-physical systems. In this paper we report on a novel application of the technique, namely Quantitative Information Flow analysis (QIF). The goal of QIF is to measure information leakage of a program by using information-theoretic metrics such as Shannon entropy or Renyi entropy. We exploit the model counting engine of the reliability analyzer over symbolic program paths, to compute an upper bound of the maximum leakage over all possible distributions of the confidential data. We have implemented our approach into a prototype tool, called QILURA, and explore its effectiveness on a number of case studies.

[1]  Jan Reineke,et al.  CacheAudit: A Tool for the Static Analysis of Cache Side Channels , 2013, TSEC.

[2]  Corina S. Pasareanu,et al.  Reliability analysis in Symbolic PathFinder , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[3]  Corina S. Pasareanu,et al.  Symbolic PathFinder: symbolic execution of Java bytecode , 2010, ASE.

[4]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[5]  Pasquale Malacaria,et al.  Quantifying information leaks in software , 2010, ACSAC '10.

[6]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[7]  Vladimir Klebanov,et al.  SAT-Based Analysis and Quantification of Information Flow in Programs , 2013, QEST.

[8]  Pasquale Malacaria,et al.  Lagrange multipliers and maximum information leakage in different observational models , 2008, PLAS '08.

[9]  Axel Legay,et al.  QUAIL: A Quantitative Security Analyzer for Imperative Code , 2013, CAV.

[10]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[11]  Stephen McCamant,et al.  Measuring channel capacity to distinguish undue influence , 2009, PLAS '09.

[12]  Geoffrey Smith,et al.  Calculating bounds on information leakage using two-bit patterns , 2011, PLAS '11.

[13]  Quoc-Sang Phan,et al.  Self-composition by Symbolic Execution , 2013, ICCSW.

[14]  Vladimir Klebanov,et al.  Precise Quantitative Information Flow Analysis Using Symbolic Model Counting , 2012 .

[15]  Michael Backes,et al.  Automatic Discovery and Quantification of Information Leaks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[16]  Corina S. Pasareanu,et al.  Symbolic quantitative information flow , 2012, SOEN.

[17]  Geoffrey Smith,et al.  Faster Two-Bit Pattern Analysis of Leakage , 2013 .

[18]  Pasquale Malacaria,et al.  Abstract model counting: a novel approach for quantification of information leaks , 2014, AsiaCCS.

[19]  Laurent Mauborgne,et al.  Automatic Quantification of Cache Side-Channels , 2012, CAV.

[20]  David Clark,et al.  A static analysis for quantifying information flow in a simple imperative language , 2007, J. Comput. Secur..

[21]  A. Rényi On Measures of Entropy and Information , 1961 .

[22]  Stephen McCamant,et al.  Quantitative information flow as network flow capacity , 2008, PLDI '08.

[23]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[24]  Pasquale Malacaria,et al.  Assessing security threats of looping constructs , 2007, POPL '07.