Approximation and Randomization for Quantitative Information-Flow Analysis

12 years 3 months ago
Approximation and Randomization for Quantitative Information-Flow Analysis
—Quantitative information-flow analysis (QIF) is an emerging technique for establishing information-theoretic confidentiality properties. Automation of QIF is an important step towards ensuring its practical applicability, since manual reasoning about program security has been shown to be a tedious and expensive task. Existing automated techniques for QIF fall short of providing full coverage of all program executions, especially in the presence of unbounded loops and data structures, which are notoriously difficult to analyze automatically. In this paper we propose a blend of approximation and randomization techniques to bear on the challenge of sufficiently precise, yet efficient computation of quantitative information flow properties. Our approach relies on a sampling method to enumerate large or unbounded secret spaces, and applies both static and dynamic program analysis techniques to deliver necessary over- and underapproximations of information-theoretic characteristics.
Boris Köpf, Andrey Rybalchenko
Added 15 Aug 2010
Updated 15 Aug 2010
Type Conference
Year 2010
Where CSFW
Authors Boris Köpf, Andrey Rybalchenko
Comments (0)