Abstract
We firstly describe an algebraic structure which serves as solid basis to quantitatively reason about information flows. We demonstrate how programs in form of partition of states fit into that theoretical framework.
The paper presents a new method and implementation to automatically calculate such partitions, and compares it to existing approaches. As a novel application, we describe a way to transform database queries into a suitable program form which then can be statically analysed to measure its leakage and to spot database inference threats.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Babić, D., Hutter, F.: Spear Theorem Prover. In: Proc. of the SAT 2008 Race (2008)
Backes, M., Köpf, B., Rybalchenko, A.: Automatic Discovery and Quantification of Information Leaks. In: Proc. 30th IEEE Symposium on Security and Privacy, S& P 2009 (2009) (to appear)
Barthe, G., D’Argenio, P.R., Rezk, T.: Secure Information Flow by Self-Composition. In: Proceedings of the 17th IEEE workshop on Computer Security Foundations CSFW (2004)
Bayardo, R., Schrag, R.: Using CSP look-back techniques to solve real-world SAT instances. In: Proc. of AAAI 1997, pp. 203–208. AAAI Press/The MIT Press (1997)
Clark, D., Hunt, S., Malacaria, P.: A static analysis for quantifying information flow in a simple imperative language. Journal of Computer Security 15(3) (2007)
Clark, D., Hunt, S., Malacaria, P.: Quantitative information flow, relations and polymorphic types. Journal of Logic and Computation, Special Issue on Lambda-calculus, type theory and natural language 18(2), 181–199 (2005)
Clarke, E., Kroening, D., Lerda, F.: A Tool for Checking ANSI-C Programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004)
Darwiche, A., Marquis, P.: A Knowledge Compilation Map. Journal of Artificial Intelligence Research 17, 229–264 (2002)
Denning, D.E., Schlšrer, J.: A fast procedure for finding a tracker in a statistical database. ACM Transactions on Database Systems 5(1), 88–102 (1980)
Dobkin, D., Jones, A.K., Lipton, R.J.: Secure databases: Protection against user influence. ACM Transactions on Database Systems 4, 97–106 (1979)
Chauhan, P., Clarke, E.M., Kroening, D.: Using SAT based Image Computation for Reachability. Carnegie Mellon University, Technical Report CMU-CS-03-151 (2003)
Köpf, B., Basin, D.: An information-theoretic model for adaptive side-channel attacks. In: Proceedings of the 14th ACM conference on Computer and communications security CCS 2007, pp. 286–296 (2007)
Landauer, J., Redmond, T.: A Lattice of Information. In: Proc. of the IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, Los Alamitos (1993)
Malacaria, P.: Assessing security threats of looping constructs. In: Proc. ACM Symposium on Principles of Programming Language (2007)
Malacaria, P.: Risk Assessment of Security Threats for Looping Constructs. To appear in the Journal Of Computer Security (2009)
Nakamura, Y.: Entropy and Semivaluations on Semilattices. Kodai Math. Sem. Rep. 22, 443–468 (1970)
McCamant, S.A.: Quantitative Information-Flow Tracking for Real Systems. MIT Department of Electrical Engineering and Computer Science, Ph.D., Cambridge, MA (2008)
Terauchi, T., Aiken, A.: Secure information flow as a safety problem. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 352–367. Springer, Heidelberg (2005)
Sweeney, L.: k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems 10(5), 557–570 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Heusser, J., Malacaria, P. (2010). Applied Quantitative Information Flow and Statistical Databases. In: Degano, P., Guttman, J.D. (eds) Formal Aspects in Security and Trust. FAST 2009. Lecture Notes in Computer Science, vol 5983. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12459-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-12459-4_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12458-7
Online ISBN: 978-3-642-12459-4
eBook Packages: Computer ScienceComputer Science (R0)