Automatic Discovery and Quantification of Information Leaks

Information-flow analysis is a powerful technique for reasoning about the sensitive information exposed by a program during its execution. We present the first automatic method for information-flow analysis that discovers what information is leaked and computes its comprehensive quantitative interpretation. The leaked information is characterized by an equivalence relation on secret artifacts, and is represented by a logical assertion over the corresponding program variables. Our measurement procedure computes the number of discovered equivalence classes and their sizes. This provides a basis for computing a set of quantitative properties, which includes all established information-theoretic measures in quantitative information-flow. Our method exploits an inherent connection between formal models of qualitative information-flow and program verification techniques. We provide an implementation of our method that builds upon existing tools for program verification and information-theoretic analysis. Our experimental evaluation indicates the practical applicability of the presented method.

[1]  Reiner Hähnle,et al.  A Theorem Proving Approach to Analysis of Secure Information Flow , 2005, SPC.

[2]  Peter W. O'Hearn,et al.  Compositional Shape Analysis by Means of Bi-Abduction , 2011, JACM.

[3]  Alexander Aiken,et al.  Secure Information Flow as a Safety Problem , 2005, SAS.

[4]  Andreas Podelski,et al.  Termination proofs for systems code , 2006, PLDI '06.

[5]  Steve Alten,et al.  Omega Project , 1978, Encyclopedia of Parallel Computing.

[6]  Pasquale Malacaria,et al.  Assessing security threats of looping constructs , 2007, POPL '07.

[7]  Andrew C. Myers,et al.  Robust declassification , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[8]  Jonathan K. Millen,et al.  Covert Channel Capacity , 1987, 1987 IEEE Symposium on Security and Privacy.

[9]  Roberto Giacobazzi,et al.  Abstract non-interference: parameterizing non-interference by abstract interpretation , 2004, POPL.

[10]  Anindya Banerjee,et al.  Expressive Declassification Policies and Modular Static Enforcement , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[11]  Akinori Yonezawa,et al.  Combining type-based analysis and model checking for finding counterexamples against non-interference , 2006, PLAS '06.

[12]  David Clark,et al.  A static analysis for quantifying information flow in a simple imperative language , 2007, J. Comput. Secur..

[13]  Stephen McCamant,et al.  Quantitative information flow as network flow capacity , 2008, PLDI '08.

[14]  David A. Basin,et al.  An information-theoretic model for adaptive side-channel attacks , 2007, CCS '07.

[15]  Gavin Lowe,et al.  Quantifying information flow , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[16]  David Basin,et al.  Timing-Sensitive Information Flow Analysis for Synchronous Systems , 2006, European Symposium on Research in Computer Security.

[17]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[18]  J. Massey Guessing and entropy , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[19]  Michael R. Clarkson,et al.  Belief in information flow , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[20]  David Clark,et al.  Quantitative Information Flow, Relations and Polymorphic Types , 2005, J. Log. Comput..

[21]  Torben Amtoft,et al.  A logic for information flow in object-oriented programs , 2006, POPL '06.

[22]  Andrew C. Myers,et al.  A Model for Delimited Information Release , 2003, ISSS.

[23]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[24]  Christian Cachin,et al.  Entropy measures and unconditional security in cryptography , 1997 .

[25]  Alexander I. Barvinok,et al.  A polynomial time algorithm for counting integral points in polyhedra when the dimension is fixed , 1993, Proceedings of 1993 IEEE 34th Annual Foundations of Computer Science.

[26]  Ranjit Jhala,et al.  Array Abstractions from Proofs , 2007, CAV.

[27]  David Sands,et al.  Dimensions and principles of declassification , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[28]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[29]  J. Todd Wittbold,et al.  Information flow in nondeterministic systems , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[30]  Andreas Podelski,et al.  ARMC: The Logical Choice for Software Model Checking with Abstraction Refinement , 2007, PADL.

[31]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[32]  L. Goddard Information Theory , 1962, Nature.

[33]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[34]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[35]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[36]  James W. Gray,et al.  Toward a mathematical foundation for information flow security , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[37]  Daniel Kroening,et al.  SATABS: SAT-Based Predicate Abstraction for ANSI-C , 2005, TACAS.