Name
Abstract | ||
|---|---|---|
Information flow analysis is a powerful technique for reasoning about sensitive information that may be exposed during program execution. One promising approach is to adopt a program as a communication channel model and leverage information theoretic metrics to quantify such information flows. However, recent research has shown discrepancies in such metrics: for example, Smith et. al. [5] showed examples wherein using the classical Shannon entropy measure for quantifying information flows may be counter-intuitive. Smith et. al. [5] proposed a vulnerability measure in an attempt to resolve this problem, and this measure was subsequently enhanced by Hamadou et. al. [2] into a beliefvulnerability metric. However, as pointed out by Smith et. al., the vulnerability metric fails to distinguish between certain classes of programs (such as the password checker and the binary search program). In this paper, we propose a simple and intuitive approach to quantify program information leakage as a probability distribution over the residual uncertainty of the high input whose mean, variance and worst case measures offer insights into program vulnerability. |
Year | DOI | Venue |
|---|---|---|
2011 | 10.1145/2046707.2093516 | ACM Conference on Computer and Communications Security |
Keywords | Field | DocType |
quantitative information flow metrics,information flow | Information flow (information theory),World Wide Web,Computer science,Computer security | Conference |
Citations | PageRank | References |
1 | 0.35 | 5 |
Authors | ||
2 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Ji Zhu | 1 | 41 | 2.68 |
| Mudhakar Srivatsa | 2 | 1084 | 77.97 |