An Interval-based Abstraction for Quantifying Information Flow

In a batch program, information about confidential inputs may flow to insecure outputs. The size of this leakage, considered as a Shannon measure, may be automatically and exactly calculated via probabilistic semantics as we have shown in our earlier work. This approach works well for small programs with small state spaces. As the scale increases the calculation suffers from a form of state space explosion and the time complexity grows. In this paper we scale up the programs and state spaces that can be handled albeit at the cost of replacing an exact result with an upper bound. To do this we introduce abstraction on the state space via interval-based partitions, adapting an abstract interpretation framework introduced by Monniaux. The user can define the partitions and the more coarse the partitions, the more coarse the resulting upper bound. In this paper we summarise our previous contribution, define the abstract interpretation, show its soundness, and prove that the result of an abstract computation is always an upper bound on the true leakage, i.e. is a safe estimate. Finally we illustrate the approach by means of some examples.

[1]  Jonathan K. Millen,et al.  Covert Channel Capacity , 1987, 1987 IEEE Symposium on Security and Privacy.

[2]  Patrick Cousot,et al.  Abstract Interpretation and Application to Logic Programs , 1992, J. Log. Program..

[3]  W. Rudin Real and complex analysis, 3rd ed. , 1987 .

[4]  Michael Backes,et al.  Quantifying Probabilistic Information Flow in Computational Reactive Systems , 2005, ESORICS.

[5]  Dexter Kozen,et al.  Semantics of probabilistic programs , 1979, 20th Annual Symposium on Foundations of Computer Science (sfcs 1979).

[6]  Chris Hankin,et al.  Quantitative static analysis of distributed systems , 2005, Journal of Functional Programming.

[7]  Stephen McCamant,et al.  Quantitative information flow as network flow capacity , 2008, PLDI '08.

[8]  Alessandro Aldini,et al.  A Quantitative Approach to Noninterference for Probabilistic Systems , 2004, MEFISTO.

[9]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[10]  David Clark,et al.  A static analysis for quantifying information flow in a simple imperative language , 2007, J. Comput. Secur..

[11]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[12]  J. Todd Wittbold,et al.  Information flow in nondeterministic systems , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  Annabelle McIver,et al.  Programming Methodology , 1974, Lecture Notes in Computer Science.

[14]  David A. Basin,et al.  An information-theoretic model for adaptive side-channel attacks , 2007, CCS '07.

[15]  David Clark,et al.  Quantitative Information Flow, Relations and Polymorphic Types , 2005, J. Log. Comput..

[16]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[17]  James W. Gray,et al.  Toward a mathematical foundation for information flow security , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[18]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[19]  John McLean,et al.  Security models and information flow , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[20]  V. Rokhlin LECTURES ON THE ENTROPY THEORY OF MEASURE-PRESERVING TRANSFORMATIONS , 1967 .

[21]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[22]  Michele Boreale Quantifying information leakage in process calculi , 2009, Inf. Comput..

[23]  Michael R. Clarkson,et al.  Quantifying information flow with beliefs , 2009, J. Comput. Secur..

[24]  Pasquale Malacaria,et al.  Assessing security threats of looping constructs , 2007, POPL '07.

[25]  David Clark,et al.  Quantitative Analysis of the Leakage of Confidential Data , 2002, QAPL.

[26]  Chris Hankin,et al.  Approximate non-interference , 2004 .

[27]  D. G. Weber,et al.  Quantitative Hook-Up Security for Covert Channel Analysis , 1988 .

[28]  R. Cooke Real and Complex Analysis , 2011 .

[29]  Gavin Lowe,et al.  Defining information flow quantity , 2004, J. Comput. Secur..

[30]  David Clark,et al.  Quantitative Analysis of Secure Information Flow via Probabilistic Semantics , 2009, 2009 International Conference on Availability, Reliability and Security.

[31]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[32]  David A. Schmidt From Trace Sets to Modal-Transition Systems by Stepwise Abstract Interpretation , 2003 .

[33]  David Monniaux,et al.  Abstract Interpretation of Probabilistic Semantics , 2000, SAS.

[34]  Annabelle McIver,et al.  A probabilistic approach to information hiding , 2003 .