Automatically Calculating Quantitative Integrity Measures for Imperative Programs

  • Tom Chothia
  • Chris Novakovic
  • Rajiv Ranjan Singh
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8872)

Abstract

This paper presents a framework for calculating measures of data integrity for programs in a small imperative language. We develop a Markov chain semantics for our language which calculates Clarkson and Schneider’s definitions of data contamination and suppression. These definitions are based on conditional mutual information and entropy; we present a result relating them to mutual information, which can be calculated by a number of existing tools. We extend a quantitative information flow tool (CH-IMP) to calculate these measures of integrity and demonstrate this tool with examples based on error correcting codes, the Dining Cryptographers protocol and the attempts by a number of banks to influence the Libor rate.

References

  1. 1.
    BBC: Libor scandal: Seven banks face us questioning. BBC News, 16 August 2012Google Scholar
  2. 2.
    Biondi, F., Legay, A., Traonouez, L.-M., Wasowski, A.: QUAIL: a quantitative security analyzer for imperative code. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 702–707. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  3. 3.
    Birgisson, A., Russo, A., Sabelfeld, A.: Unifying facets of information integrity. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 48–65. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  4. 4.
    Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. J. Cryptology 1, 65–75 (1988)CrossRefMATHMathSciNetGoogle Scholar
  5. 5.
    Chothia, T., Kawamoto, Y., Novakovic, C.: LeakWatch: estimating information leakage from java programs. In: Kutyłowski, M., Vaidya, J. (eds.) ICAIS 2014, Part II. LNCS, vol. 8713, pp. 219–236. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  6. 6.
    Chothia, T., Kawamoto, Y., Novakovic, C., Parker, D.: Probabilistic point-to-point information leakage. In: Proceedings of the 26th IEEE Computer Security Foundations Symposium (CSF 2013), pp. 193–205. IEEE Computer Society, June 2013Google Scholar
  7. 7.
    Clark, D., Hunt, S., Malacaria, P.: Quantified interference for a while language. Electron. Notes Theor. Comput. Sci. 112, 149–166 (2005)CrossRefGoogle Scholar
  8. 8.
    Clarkson, M.R., Schneider, F.B.: Quantification of integrity. In: 2010 23rd IEEE Computer Security Foundations Symposium (CSF), pp. 28–43. IEEE (2010)Google Scholar
  9. 9.
    Clarkson, M.R., Schneider, F.B.: Quantification of integrity. Math. Struct. Comput. Sci. 25, 207–258 (2014)CrossRefMathSciNetGoogle Scholar
  10. 10.
    Cover, T.M., Thomas, J.A.: Elements of information theory. Wiley, New York (2012) Google Scholar
  11. 11.
    Mollenkamp, C., Whitehouse, M.: Study casts doubt on key rate. Wall Street J., 29 May 2008Google Scholar
  12. 12.
    Mu, C., Clark, D.: A tool: quantitative analyser for programs. In: Proceedings of the 8th Conference on Quantitative Evaluation of Systems (QEST) (2011)Google Scholar
  13. 13.
    Smith, G.: On the foundations of quantitative information flow. In: de Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  14. 14.
    University of Birmingham: \({\sf CH-IMP-IQ}\). http://www.cs.bham.ac.uk/research/projects/infotools/chimp/iq

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Tom Chothia
    • 1
  • Chris Novakovic
    • 1
  • Rajiv Ranjan Singh
    • 2
  1. 1.School of Computer ScienceUniversity of BirminghamBirminghamUK
  2. 2.Department of Computer Science, Shyam Lal CollegeUniversity of DelhiNew DelhiIndia

Personalised recommendations