On the Compositionality of Quantitative Information Flow

Information flow is the branch of security that studies the leakage of information due to correlation between secrets and observables. Since in general such correlation cannot be avoided completely, it is important to quantify the leakage. The most followed approaches to defining appropriate measures are those based on information theory. In particular, one of the most successful approaches is the recently proposed $g$-leakage framework, which encompasses most of the information-theoretic ones. A problem with $g$-leakage, however, is that it is defined in terms of a minimization problem, which, in the case of large systems, can be computationally rather heavy. In this paper we study the case in which the channel associated to the system can be decomposed into simpler channels, which typically happens when the observables consist of multiple components. Our main contribution is the derivation of bounds on the (multiplicative version of) $g$-leakage of the whole system in terms of the $g$-leakages of its components. We also consider the particular cases of min-entropy leakage and of parallel channels, generalizing and systematizing results from the literature. We demonstrate the effectiveness of our method and evaluate the precision of our bounds using examples.

[1]  Prakash Panangaden,et al.  On the Bayes risk in information-hiding protocols , 2008, J. Comput. Secur..

[2]  Vladimiro Sassone,et al.  Trust in Anonymity Networks , 2010, CONCUR.

[3]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[4]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[5]  Pasquale Malacaria,et al.  Algebraic foundations for quantitative information flow , 2014, Mathematical Structures in Computer Science.

[6]  Hirotoshi Yasuoka,et al.  Quantitative Information Flow - Verification Hardness and Possibilities , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[7]  Daryl McCullough,et al.  Noninterference and the composability of security properties , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[8]  Marta Z. Kwiatkowska,et al.  PRISM 2.0: a tool for probabilistic model checking , 2004, First International Conference on the Quantitative Evaluation of Systems, 2004. QEST 2004. Proceedings..

[9]  Michele Boreale,et al.  Asymptotic information leakage under one-try attacks , 2015, Math. Struct. Comput. Sci..

[10]  Axel Legay,et al.  HyLeak: Hybrid Analysis Tool for Information Leakage , 2017, ATVA.

[11]  Mário S. Alvim,et al.  Axioms for Information Leakage , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).

[12]  David A. Basin,et al.  An information-theoretic model for adaptive side-channel attacks , 2007, CCS '07.

[13]  Thomas Given-Wilson,et al.  Quantitative Information Flow for Scheduler-Dependent Systems , 2015, QAPL.

[14]  Heiko Mantel,et al.  On the composition of secure systems , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[15]  Mário S. Alvim,et al.  Measuring Information Leakage Using Generalized Gain Functions , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[16]  Catuscia Palamidessi,et al.  Compositionality Results for Quantitative Information Flow , 2014, QEST.

[17]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[18]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[19]  Tom Chothia,et al.  LeakWatch: Estimating Information Leakage from Java Programs , 2014, ESORICS.

[20]  Geoffrey Smith,et al.  Min-entropy as a resource , 2013, Inf. Comput..

[21]  E. Stewart Lee,et al.  A general theory of security properties , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[22]  Tom Chothia,et al.  Statistical Measurement of Information Leakage , 2010, TACAS.

[23]  Catuscia Palamidessi,et al.  Quantitative Notions of Leakage for One-try Attacks , 2009, MFPS.

[24]  Tom Chothia,et al.  Probabilistic Point-to-Point Information Leakage , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[25]  Christian Cachin,et al.  Smooth Entropy and Rényi Entropy , 1997, EUROCRYPT.

[26]  Tom Chothia,et al.  A Tool for Estimating Information Leakage , 2013, CAV.

[27]  Annabelle McIver,et al.  Abstract Channels and Their Robust Information-Leakage Ordering , 2014, POST.

[28]  Michele Boreale Quantifying information leakage in process calculi , 2009, Inf. Comput..

[29]  Axel Legay,et al.  Hybrid Statistical Estimation of Mutual Information for Quantifying Information Flow , 2016, FM.

[30]  Prakash Panangaden,et al.  Anonymity protocols as noisy channels , 2008, Inf. Comput..

[31]  Pasquale Malacaria,et al.  Assessing security threats of looping constructs , 2007, POPL '07.

[32]  David Clark,et al.  Quantitative Analysis of the Leakage of Confidential Data , 2002, QAPL.

[33]  Mário S. Alvim,et al.  Additive and Multiplicative Notions of Leakage, and Their Capacities , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[34]  Gilles Barthe,et al.  Information-Theoretic Bounds for Differentially Private Mechanisms , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[35]  Takashi Nanya,et al.  Topology Discovery in Dynamic and Decentralized Networks with Mobile Agents and Swarm Intelligence , 2007, Seventh International Conference on Intelligent Systems Design and Applications (ISDA 2007).

[36]  Geoffrey Smith,et al.  Computing the Leakage of Information-Hiding Systems , 2010, TACAS.

[37]  Vitaly Shmatikov,et al.  Probabilistic analysis of anonymity , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.