When not all bits are equal : worth - based information flow ( 10 / 11 / 2013 )

Only recently have approaches to quantitative information flow started to challenge the presumption that all leaks involving a given number of bits are equally harmful. This paper proposes a framework to capture the semantics of information, making the quantification of leakage independent of the syntactic representation of secrets. Secrets are defined in terms of fields, which are combined to form structures; and a worth assignment is introduced to associate each structure with a worth (perhaps in proportion to the harm that would result from disclosure). We show how worth assignments can capture inter-dependence among structures within a secret, allowing the modeling of: (i) secret sharing; (ii) information-theoretical predictors; and (iii) computational (as opposed to information-theoretic) guarantees for security. Using non-trivial worth assignments we generalize Shannon entropy, guessing entropy, and probability of guessing. For deterministic systems, we give a lattice of information to provide an underlying algebraic structure for the composition of attacks. Finally, we outline a design technique to capture into worth assignments relevant aspects of a scenario of interest.