{"title":"Poster: on quantitative information flow metrics","authors":"Ji Zhu, M. Srivatsa","doi":"10.1145/2046707.2093516","DOIUrl":null,"url":null,"abstract":"Information flow analysis is a powerful technique for reasoning about sensitive information that may be exposed during program execution. One promising approach is to adopt a program as a communication channel model and leverage information theoretic metrics to quantify such information flows. However, recent research has shown discrepancies in such metrics: for example, Smith et. al. [5] showed examples wherein using the classical Shannon entropy measure for quantifying information flows may be counter-intuitive. Smith et. al. [5] proposed a vulnerability measure in an attempt to resolve this problem, and this measure was subsequently enhanced by Hamadou et. al. [2] into a beliefvulnerability metric. However, as pointed out by Smith et. al., the vulnerability metric fails to distinguish between certain classes of programs (such as the password checker and the binary search program). In this paper, we propose a simple and intuitive approach to quantify program information leakage as a probability distribution over the residual uncertainty of the high input whose mean, variance and worst case measures offer insights into program vulnerability.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"9 1","pages":"877-880"},"PeriodicalIF":0.0000,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2046707.2093516","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5
Abstract
Information flow analysis is a powerful technique for reasoning about sensitive information that may be exposed during program execution. One promising approach is to adopt a program as a communication channel model and leverage information theoretic metrics to quantify such information flows. However, recent research has shown discrepancies in such metrics: for example, Smith et. al. [5] showed examples wherein using the classical Shannon entropy measure for quantifying information flows may be counter-intuitive. Smith et. al. [5] proposed a vulnerability measure in an attempt to resolve this problem, and this measure was subsequently enhanced by Hamadou et. al. [2] into a beliefvulnerability metric. However, as pointed out by Smith et. al., the vulnerability metric fails to distinguish between certain classes of programs (such as the password checker and the binary search program). In this paper, we propose a simple and intuitive approach to quantify program information leakage as a probability distribution over the residual uncertainty of the high input whose mean, variance and worst case measures offer insights into program vulnerability.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
