Abstract
We put forward a model of action-based randomization mechanisms to analyse quantitative information flow (qif) under generic leakage functions, and under possibly adaptive adversaries. This model subsumes many of the qif models proposed so far. Our main contributions include the following: (1) we identify mild general conditions on the leakage function under which it is possible to derive general and significant results on adaptive qif; (2) we contrast the efficiency of adaptive and non-adaptive strategies, showing that the latter are as efficient as the former in terms of length up to an expansion factor bounded by the number of available actions; (3) we show that the maximum information leakage over strategies, given a finite time horizon, can be expressed in terms of a Bellman equation. This can be used to compute an optimal finite strategy recursively, by resorting to standard methods like backward induction.
Work partially supported by the eu project Ascens under the fet open initiative in fp7.
Chapter PDF
Similar content being viewed by others
References
Alvim, M.S., Andrés, M.E., Palamidessi, C.: Information Flow in Interactive Systems. Journal of Computer Security (2011) (to appear)
Alvim, M.S., Chatzikokolakis, K., Palamidessi, C., Smith, G.: Measuring Information Leakage Using Generalized Gain Functions. In: IEEE 25th Computer Security Foundations Symposium 2012, pp. 265–279. IEEE Computer Society (2012)
Backes, M., Köpf, B.: Formally Bounding the Side-Channel Leakage in Unknown-Message Attacks. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 517–532. Springer, Heidelberg (2008)
Braun, C., Chatzikokolakis, K., Palamidessi, C.: Quantitative Notions of Leakage for One-try Attacks. In: Proc. of MFPS 2009. Electr. Notes Theor. Comput. Sci, vol. 249, pp. 75–91 (2009)
Boreale, M.: Quantifying information leakage in process calculi. Information and Computation 207(6), 699–725 (2009)
Boreale, M., Pampaloni, F., Paolini, M.: Asymptotic information leakage under one-try attacks. In: Hofmann, M. (ed.) FOSSACS 2011. LNCS, vol. 6604, pp. 396–410. Springer, Heidelberg (2011)
Boreale, M., Pampaloni, F., Paolini, M.: Quantitative information flow, with a view. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 588–606. Springer, Heidelberg (2011)
Boreale, M., Pampaloni, F.: Quantitative multirun security under active adversaries. In: Proc. of QEST 2012, pp. 158–167 (2012)
Boreale, M., Paolini, M.: Worst- and Average-Case Privacy Breaches in Randomization Mechanisms. In: Baeten, J.C.M., Ball, T., de Boer, F.S. (eds.) TCS 2012. LNCS, vol. 7604, pp. 72–86. Springer, Heidelberg (2012)
Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: Anonimity Protocols as Noisy Channels. Information and Computation 206(2-4), 378–401 (2008)
Clark, D., Hunt, S., Malacaria, P.: Quantitative Analysis of the Leakage of Confidential Data. Electr. Notes Theor. Comput. Sci. 59(3) (2001)
Cover, T.M., Thomas, J.A.: Elements of Information Theory, 2/e. John Wiley & Sons (2006)
Dodis, Y., Smith, A.: Entropic Security and the Encryption of High Entropy Messages. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 556–577. Springer, Heidelberg (2005)
Dwork, C.: Differential Privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006)
Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating Noise to Sensitivity in Private Data Analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006)
Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side Channel Cryptanalysis of Product Ciphers. Journal of Computer Security 8(2/3) (2000)
Köpf, B., Basin, D.: An Information-Theoretic Model for Adaptive Side-Channel Attacks. In: ACM Conference on Computer and Communications Security 2007, pp. 286–296 (2007)
LeMay, E., Ford, M.D., Keefe, K., Sanders, W.H., Muehrcke, C.: Model-based Security Metrics using ADversary VIew Security Evaluation (ADVISE). In: Proc. of QEST 2011, pp. 191–200 (2011)
Ford, M.D., Buchholz, P., Sanders, W.H.: State-Based Analysis in ADVISE. In: Proc. of QEST 2012, pp. 148–157 (2012)
Köpf, B., Smith, G.: Vulnerability Bounds and Leakage Resilience of Blinded Cryptography under Timing Attacks. In: CSF 2010, pp. 44–56 (2010)
Smith, G.: On the Foundations of Quantitative Information Flow. In: de Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Boreale, M., Pampaloni, F. (2014). Quantitative Information Flow under Generic Leakage Functions and Adaptive Adversaries. In: Ábrahám, E., Palamidessi, C. (eds) Formal Techniques for Distributed Objects, Components, and Systems. FORTE 2014. Lecture Notes in Computer Science, vol 8461. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43613-4_11
Download citation
DOI: https://doi.org/10.1007/978-3-662-43613-4_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-43612-7
Online ISBN: 978-3-662-43613-4
eBook Packages: Computer ScienceComputer Science (R0)