article

Quantifying information flow with beliefs

Authors:

Michael R. Clarkson,

Andrew C. Myers,

Fred B. SchneiderAuthors Info & Claims

Journal of Computer Security, Volume 17, Issue 5

Pages 655 - 701

Published: 01 October 2009 Publication History

Abstract

To reason about information flow, a new model is developed that describes how attacker beliefs change due to the attacker's observation of the execution of a probabilistic (or deterministic) program. The model enables compositional reasoning about information flow from attacks involving sequences of interactions. The model also supports a new metric for quantitative information flow that measures accuracy of an attacker's beliefs. Applying this new metric reveals inadequacies of traditional information flow metrics, which are based on reduction of uncertainty. However, the new metric is sufficiently general that it can be instantiated to measure either accuracy or uncertainty. The new metric can also be used to reason about misinformation; deterministic programs are shown to be incapable of producing misinformation. Additionally, programs in which nondeterministic choices are made by insiders, who collude with attackers, can be analyzed.

References

[1]

M. Abadi and L. Lamport, The existence of refinement mappings, Theoretical Computer Science 82(2) (1991), 253-284.

Digital Library

[2]

R. Browne, The Turing test and non-information flow, in: Proceedings of the 1991 IEEE Symposium on Security and Privacy, Oakland, CA, 1991, pp. 375-385.

[3]

D. Clark, S. Hunt and P. Malacaria, Quantified interference: Information theory and information flow, in: Workshop on Issues in the Theory of Security, Barcelona, Spain, April 2004.

[4]

D. Clark, S. Hunt and P. Malacaria, Quantified interference for a while language, Electronic Notes in Theoretical Computer Science 112 (2005), 149-166.

Digital Library

[5]

D. Clark, S. Hunt and P. Malacaria, Quantitative information flow, relations and polymorphic types, Journal of Logic and Computation 18(2) (2005), 181-199.

Digital Library

[6]

M.R. Clarkson, A.C. Myers and F.B. Schneider, Belief in information flow, in Proc. 18th IEEE Computer Security Foundations Workshop, Aix-en-Provence, France, June 2005, pp. 31-45.

Digital Library

[7]

T.M. Cover and J.A. Thomas, Elements of Information Theory, John Wiley & Sons, New York, NY, 1991.

Digital Library

[8]

D. Denning, Cryptography and Data Security, Addison-Wesley, Reading, MA, 1982.

[9]

A. Di Pierro, C. Hankin and H. Wiklicky, Approximate non-interference, Journal of Computer Security 12(1) (2004), 37-81.

Digital Library

[10]

A. Di Pierro, C. Hankin and H. Wiklicky, Measuring the confinement of probabilistic systems, Theoretical Computer Science 340(1) (2005), 3-56.

Digital Library

[11]

A. Evfimievski, J. Gehrke and R. Srikant, Limiting privacy breaches in privacy preserving data mining, in: Proc. ACM Symp. on Principles of Database Systems, San Diego, CA, 2003, pp. 211-222.

Digital Library

[12]

A. Gelman, J.B. Carlin, H.S. Stern and D.B. Rubin, Bayesian Data Analysis, Chapman and Hall/CRC, Boca Raton, FL, 2004.

[13]

J.A. Goguen and J. Meseguer, Security policies and security models, in: Proc. IEEE Symp. on Security and Privacy, Oakland, CA, April 1982, pp. 11-20.

[14]

J.W. Gray III, Toward a mathematical foundation for information flow security, in: Proceedings of the 1991 IEEE Symposium on Security and Privacy, Oakland, CA, 1991, pp. 21-35.

[15]

J.W. Gray III and P.F. Syverson, A logical approach to multilevel security of probabilistic systems, Distributed Computing 11(2) (1998), 73-90.

Digital Library

[16]

J. Halpern and K. O'Neill, Secrecy in multiagent systems, in: Proceedings of the 15th IEEE Computer Security Foundations Workshop, Cape Breton, NS, Canada, 2002, pp. 32-46.

Digital Library

[17]

J. Halpern and K. O'Neill, Anonymity and information hiding inmultiagent systems, in: Proceedings of the 16th IEEE Computer Security Foundations Workshop, Pacific Grove, CA, 2003, pp. 75-88.

[18]

J.Y. Halpern, Reasoning about Uncertainty, MIT Press, Cambridge, MA, 2003.

Digital Library

[19]

J.Y. Halpern and M.R. Tuttle, Knowledge, probability, and adversaries, Journal of the ACM 40(4) (1993), 917-962.

Digital Library

[20]

G.A. Jones and J.M. Jones, Information and Coding Theory, Springer, London, UK, 2000.

Digital Library

[21]

D. Kahneman and A. Tversky, Subjective probability: A judgment of representativeness, Cognitive Psychology 3 (1972), 430-454.

[22]

J.J. Koehler, The base rate fallacy reconsidered: Descriptive, normative, and methodological challenges, Behavioral and Brain Sciences 19(1) (1996), 1-53.

[23]

D. Kozen, Semantics of probabilistic programs, Journal of Computer and System Sciences 22 (1981), 328-350.

[24]

G. Lowe, Quantifying information flow, in: Proceedings of the 15th IEEE Computer Security Foundations Workshop, Cape Breton, NS, Canada, 2002, pp. 18-31.

Digital Library

[25]

P. Malacaria, Assessing security threats of looping constructs, in: Proc. 34th ACM Symposium on Principles of Programming Languages, Nice, France, January 2007, pp. 225-235.

Digital Library

[26]

D. McCullough, Specifications for multi-level security and a hook-up property, in: Proceedings of the 1987 IEEE Symposium on Security and Privacy, Oakland, CA, 1987.

[27]

A. McIver and C. Morgan, A probabilistic approach to information hiding, in: Programming Methodology, Chapter 20, Springer, New York, NY, 2003, pp. 441-460.

Digital Library

[28]

A. McIver and C. Morgan, Abstraction, Refinement and Proof for Probabilistic Systems, Springer, New York, NY, 2004.

Digital Library

[29]

J. McLean, Security models and information flow, in: Proceedings of the 1990 IEEE Symposium on Security and Privacy, Oakland, CA, 1990, pp. 180-189.

[30]

J. McLean, Proving noninterference and functional correctness using traces, Journal of Computer Security 1(1) (1992), 37-57.

Digital Library

[31]

J. Millen, Covert channel capacity, in: Proceedings of the 1987 IEEE Symposium on Security and Privacy, Oakland, CA, 1987, pp. 60-66.

[32]

L.H. Ramshaw, Formalizing the analysis of algorithms, PhD thesis, Stanford University, 1979; available as technical report, XEROX PARC, 1981.

Digital Library

[33]

A.W. Roscoe, CSP and determinism in security modelling, in: Proc. IEEE Symp. on Security and Privacy, Oakland, CA, 1995, pp. 114-127.

Digital Library

[34]

D. Sutherland, A model of information, in: Proceedings of the 9th National Computer Security Conference, Washington, DC, September 1986, pp. 175-183.

[35]

D. Volpano, Secure introduction of one-way functions, in: Proc. 13th IEEE Computer Security Foundations Workshop, Cambridge, UK, 2000, pp. 246-254.

Digital Library

[36]

D. Volpano and G. Smith, Confinement properties for programming languages, SIGACT News 29(3) (1998), 33-42.

Digital Library

[37]

D. Volpano and G. Smith, Verifying secrets and relative secrecy, in: Proc. 27th ACM Symposium on Principles of Programming Languages, Boston, MA, 2000, pp. 268-276.

Digital Library

[38]

D.G. Weber, Quantitative hook-up security for covert channel analysis, in: Proc. First IEEE Computer Security Foundations Workshop, Franconia, NH, 1988, pp. 58-71.

[39]

G. Winskel, The Formal Semantics of Programming Languages: An Introduction, MIT Press, Cambridge, MA, 1993.

Digital Library

[40]

J.T. Wittbold and D. Johnson, Information flow in nondeterministic systems, in: Proceedings of the 1990 IEEE Symposium on Security and Privacy, Oakland, CA, 1990, pp. 144-161.

[41]

S. Zdancewic and A.C. Myers, Observational determinism for concurrent program security, in: Proceedings of the 16th IEEE Computer Security Foundations Workshop, Pacific Grove, CA, 2003, pp. 29-43.

Cited By

Sakib SAmariucai GGuan Y(2025)Information Leakage Measures for Imperfect Statistical Information: Application to Non-Bayesian FrameworkIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.351658520(1065-1080)Online publication date: 1-Jan-2025
https://dl.acm.org/doi/10.1109/TIFS.2024.3516585
Zinkus MCao YGreen MCalandrino JTroncoso C(2023)McFILProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620629(7001-7018)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620629
Sakib SAmariucai GGuan Y(2023)Measures of Information Leakage for Incomplete Statistical Information: Application to a Binary Privacy MechanismACM Transactions on Privacy and Security10.1145/362498226:4(1-31)Online publication date: 13-Nov-2023
https://dl.acm.org/doi/10.1145/3624982
Show More Cited By

Quantifying information flow with beliefs
1. Security and privacy
  1. Systems security

Recommendations

Reconciling Belief and Vulnerability in Information Flow
SP '10: Proceedings of the 2010 IEEE Symposium on Security and Privacy

Belief and vulnerability have been proposed recently to quantify information flow in security systems. Both concepts stand as alternatives to the traditional approaches founded on Shannon entropy and mutual information, which were shown to provide ...
Quantifying Information Flow for Dynamic Secrets
SP '14: Proceedings of the 2014 IEEE Symposium on Security and Privacy

A metric is proposed for quantifying leakage of information about secrets and about how secrets change over time. The metric is used with a model of information flow for probabilistic, interactive systems with adaptive adversaries. The model and metric ...
Towards a Realistic Risk Assessment Methodology for Insider Threats of Information Misuse
FIT '14: Proceedings of the 2014 12th International Conference on Frontiers of Information Technology

The problem of insider threats is not new to organizations and research community. Organization cannot afford any kinds of attacks on their confidential information and resources either from insiders or out-siders. The damage done by insiders is more ...

Comments

Information & Contributors

Information

Published In

cover image Journal of Computer Security

Journal of Computer Security Volume 17, Issue 5

18th IEEE Computer Security Foundations Symposium (CSF 18)

October 2009

317 pages

ISSN:0926-227X

Issue’s Table of Contents

Publisher

IOS Press

Netherlands

Publication History

Published: 01 October 2009

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

25
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Sakib SAmariucai GGuan Y(2025)Information Leakage Measures for Imperfect Statistical Information: Application to Non-Bayesian FrameworkIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.351658520(1065-1080)Online publication date: 1-Jan-2025
Zinkus MCao YGreen MCalandrino JTroncoso C(2023)McFILProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620629(7001-7018)Online publication date: 9-Aug-2023
Sakib SAmariucai GGuan Y(2023)Measures of Information Leakage for Incomplete Statistical Information: Application to a Binary Privacy MechanismACM Transactions on Privacy and Security10.1145/362498226:4(1-31)Online publication date: 13-Nov-2023
Assaf MNaumann DSignoles JTotel ÉTronel F(2017)Hypercollecting semantics and its application to static analysis of information flowACM SIGPLAN Notices10.1145/3093333.300988952:1(874-887)Online publication date: 1-Jan-2017
Assaf MNaumann DSignoles JTotel ÉTronel FCastagna GGordon A(2017)Hypercollecting semantics and its application to static analysis of information flowProceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages10.1145/3009837.3009889(874-887)Online publication date: 1-Jan-2017
Ah-Fat PHuth M(2017)Secure Multi-party ComputationProceedings of the 6th International Conference on Principles of Security and Trust - Volume 1020410.1007/978-3-662-54455-6_4(71-92)Online publication date: 22-Apr-2017
Castagna GGordon A(2017)Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming LanguagesundefinedOnline publication date: 1-Jan-2017
Bielova NMurray TStefan D(2016)Short Paper: Dynamic leakageProceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security10.1145/2993600.2993607(83-88)Online publication date: 24-Oct-2016
Li DShen SSun YChen JZhang JZussman G(2015)PosterProceedings of the 16th ACM International Symposium on Mobile Ad Hoc Networking and Computing10.1145/2746285.2764870(393-394)Online publication date: 22-Jun-2015
Biskup JTadros C(2015)Preserving confidentiality while reacting on iterated queries and belief revisionsAnnals of Mathematics and Artificial Intelligence10.1007/s10472-013-9374-673:1-2(75-123)Online publication date: 1-Jan-2015
Show More Cited By

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents