Precise quantitative information flow analysis - a symbolic approach

Quantitative information flow analysis (QIF) is a portfolio of software security assessment techniques measuring the amount of confidential information leaked by a program to its public outputs. In this paper, we extend the scope of precise QIF for deterministic imperative programs where information flow can be described with linear integer arithmetic. We propose two novel QIF analyses that precisely measure both residual Shannon entropy and min-entropy of the secret and that feature improved tolerance to large leaks and large input domains. For this purpose, we investigate the use of program specifications in QIF. We present criteria for specification admissibility and a program analysis that replaces exhaustive program exploration with symbolic execution, while incorporating user-supplied (but machine-checked) specifications. This kind of program analysis allows to trade automation for scalability, e.g., to programs with unbounded loops. Furthermore, we show how symbolic projection and counting, based in this instance on symbolic manipulation of polyhedra, avoid subsequent leak enumeration and enable precise QIF for programs with large leaks.