Automatic Discovery and Quantification of Information Leaks

Free registration required

Executive Summary

Information-flow analysis is a powerful technique for reasoning about the sensitive information exposed by a program during its execution. The authors present the first automatic method for information-flow analysis that discovers what information is leaked and computes its comprehensive quantitative interpretation. The leaked information is characterized by an equivalence relation on secret artifacts, and is represented by a logical assertion over the corresponding program variables. Their measurement procedure computes the number of discovered equivalence classes and their sizes. This provides a basis for computing a set of quantitative properties, which includes all established information-theoretic measures in quantitative information-flow.

  • Format: PDF
  • Size: 181.83 KB