Quantitative Information Flow in Boolean Programs
نویسندگان
چکیده
The quantitative information flow bounding problem asks, given a program P and threshold q, whether the information leaked by P is bounded by q. When the amount of information is measured using mutual information, the problem is known to be PSPACE-hard and decidable in EXPTIME. We show that the problem is in fact decidable in PSPACE, thus establishing the exact complexity of the quantitative information flow bounding problem. Thus, the complexity of bounding quantitative information flow in programs has the same complexity as safety verification of programs. We also show that the same bounds apply when comparing information leaked by two programs.
منابع مشابه
SAT-Based Analysis and Quantification of Information Flow in Programs
Quantitative information flow analysis (QIF) is a portfolio of security techniques quantifying the flow of confidential information to public ports. In this paper, we advance the state of the art in QIF for imperative programs. We present both an abstract formulation of the analysis in terms of verification condition generation, logical projection and model counting, and an efficient concrete i...
متن کاملOn Bounding Problems of Quantitative Information Flow
Researchers have proposed formal definitions of quantitative information flow based on information theoretic notions such as the Shannon entropy, the min entropy, the guessing entropy, belief, and channel capacity. This paper investigates the hardness of precisely checking the quantitative information flow of a program according to such definitions. More precisely, we study the “bounding proble...
متن کاملOn Automatic Placement of Declassifiers for Information-Flow Security
Security-typed languages can be used to build programs that are information-flow secure, meaning that they do not allow secret data to leak. Declassification allows programs to leak secret information in carefully prescribed ways. Manually placing declassifiers to authorize certain flows of information can be dangerous because an incorrectly placed declassifier can leak far more secure data tha...
متن کاملThe Complexity of Quantitative Information Flow in Recursive Programs
Information-theoretic measures based upon mutual information can be employed to quantify the information that an execution of a program reveals about its secret inputs. The information leakage bounding problem asks whether the information leaked by a program does not exceed a given threshold. We consider this problem for two scenarios: a) the outputs of the program are revealed, and b) the timi...
متن کاملA Survey of Quantitative Information Flow
Traditional information flow security policies declare that many useful and necessary programs are insecure. This results from the qualitative nature of these policies: either information flows, or it does not. A richer class of security properties that can express the degree of information flow is needed; we call these quantitative information flow policies. Such policies have recently become ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2014