Algebra for Quantitative Information Flow

  • A. K. McIver
  • C. C. Morgan
  • T. Rabehaja
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10226)


A core property of program semantics is that local reasoning about program fragments remains sound even when the fragments are executed within a larger system. Mathematically this property corresponds to monotonicity of refinement: if A refines B then \(\mathcal{C}(A)\) refines \(\mathcal{C}(B)\) for any (valid) context defined by \(\mathcal{C}(\cdot )\).

In other work we have studied a refines order for information flow in programs where the comparison defined by the order preserves both functional and confidentiality properties of secrets. However the semantic domain used in that work is only sufficient for scenarios where either the secrets are static (i.e. once initialised they never change), or where contexts \(\mathcal{C}(\cdot )\) never introduce fresh secrets.

In this paper we show how to extend those ideas to obtain a model of information flow which supports local reasoning about confidentiality. We use our model to explore some algebraic properties of programs which contain secrets that can be updated, and which are valid in arbitrary contexts made up of possibly freshly declared secrets.


Refinement Information flow Security Monotonicity Probabilistic semantics Compositional reasoning Dalenius desideratum 


  1. 1.
    Alvim, M.S., Chatzikokolakis, K., McIver, A., Morgan, C., Palamidessi, C., Smith, G.: Additive and multiplicative notions of leakage, and their capacities. In: IEEE 27th Computer Security Foundations Symposium, CSF 2014, Vienna, Austria, 19–22 July 2014, pp. 308–322. IEEE (2014)Google Scholar
  2. 2.
    Alvim, M.S., Chatzikokolakis, K., Palamidessi, C., Smith, G.: Measuring information leakage using generalized gain functions. In: Proceedings of the 25th IEEE Computer Security Foundations Symposium (CSF 2012), pp. 265–279, June 2012Google Scholar
  3. 3.
    Back, R.-J.R., von Wright, J.: Refinement Calculus: A Systematic Introduction. Springer, Heidelberg (1998)CrossRefMATHGoogle Scholar
  4. 4.
    Clark, D., Hunt, S., Malacaria, P.: Quantitative analysis of the leakage of confidential data. Electr. Notes Theor. Comput. Sci. 59(3), 238–251 (2001)CrossRefGoogle Scholar
  5. 5.
    Clarkson, M.R., Myers, A.C., Schneider, F.B.: Belief in information flow. In: 18th IEEE Computer Security Foundations Workshop, (CSFW-18 2005), 20–22 June 2005, Aix-en-Provence, France, pp. 31–45 (2005)Google Scholar
  6. 6.
    Dalenius, T.: Towards a methodology for statistical disclosure control. Statistik Tidskrift 15, 429–444 (1977)Google Scholar
  7. 7.
    Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006). doi: 10.1007/11787006_1 CrossRefGoogle Scholar
  8. 8.
    Giry, M.: A categorical approach to probability theory. In: Banaschewski, B. (ed.) Categorical Aspects of Topology and Analysis. LNM, vol. 915, pp. 68–85. Springer, Heidelberg (1981). doi: 10.1007/BFb0092872 CrossRefGoogle Scholar
  9. 9.
    Goguen, J.A., Meseguer, J.: Unwinding and inference control. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 75–86. IEEE Computer Society (1984)Google Scholar
  10. 10.
    Jones, C., Plotkin, G.: A probabilistic powerdomain of evaluations. In: Proceedings of the IEEE 4th Annual Symposium on Logic in Computer Science, Los Alamitos, California, pp. 186–195. Computer Society Press (1989)Google Scholar
  11. 11.
    Mardziel, P., Alvim, M.S., Hicks, M.W., Clarkson, M.R.: Quantifying information flow for dynamic secrets. In: 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, 18–21 May 2014, pp. 540–555 (2014)Google Scholar
  12. 12.
    McIver, A.K., Morgan, C.C.: Abstraction, Refinement and Proof for Probabilistic Systems. Monographs in Computer Science. Springer, New York (2005)MATHGoogle Scholar
  13. 13.
    McIver, A., Meinicke, L., Morgan, C.: Compositional closure for bayes risk in probabilistic noninterference. In: Abramsky, S., Gavoille, C., Kirchner, C., Meyer auf der Heide, F., Spirakis, P.G. (eds.) ICALP 2010. LNCS, vol. 6199, pp. 223–235. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-14162-1_19 CrossRefGoogle Scholar
  14. 14.
    McIver, A., Meinicke, L., Morgan, C.: A Kantorovich-monadic powerdomain for information hiding, with probability and nondeterminism. In: Proceedings of LiCS 2012 (2012)Google Scholar
  15. 15.
    McIver, A., Meinicke, L., Morgan, C.: Hidden-Markov program algebra with iteration. Mathematical Structures in Computer Science (2014)Google Scholar
  16. 16.
    McIver, A., Morgan, C., Rabehaja, T.: Abstract hidden Markov models: a monadic account of quantitative information flow. In: Proceedings of LiCS 2015 (2015)Google Scholar
  17. 17.
    McIver, A., Morgan, C., Rabehaja, T., Bordenabe, N.: Reasoning about distributed secrets. Submitted to FORTE 2017Google Scholar
  18. 18.
    McIver, A., Morgan, C., Smith, G., Espinoza, B., Meinicke, L.: Abstract channels and their robust information-leakage ordering. In: Abadi, M., Kremer, S. (eds.) POST 2014. LNCS, vol. 8414, pp. 83–102. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-54792-8_5 CrossRefGoogle Scholar
  19. 19.
    Moggi, E.: Computational lambda-calculus and monads. In: Proceedings of 4th Symposium on LiCS, pp. 14–23 (1989)Google Scholar
  20. 20.
    Morgan, C.C.: Programming from Specifications, 2nd edn. Prentice-Hall, Upper Saddle River (1994). MATHGoogle Scholar
  21. 21.
    Morgan, C.C.: The Shadow Knows: refinement of ignorance in sequential programs. In: Uustalu, T. (ed.) MPC 2006. LNCS, vol. 4014, pp. 359–378. Springer, Heidelberg (2006). doi: 10.1007/11783596_21 CrossRefGoogle Scholar
  22. 22.
    Morgan, C.C., McIver, A.K., Seidel, K.: Probabilistic predicate transformers. ACM Trans. Program. Lang. Syst. 18(3), 325–353 (1996). CrossRefGoogle Scholar
  23. 23.
    Schrijvers, T., Morgan, C.: Hypers.hs Haskell code implementing quantitative non-interference monadic security semantics (2015).
  24. 24.
    Smith, G.: On the foundations of quantitative information flow. In: Alfaro, L. (ed.) FoSSaCS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-00596-1_21 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Department of ComputingMacquarie UniversitySydneyAustralia
  2. 2.School of Computer Science and EngineeringUNSW and Data61SydneyAustralia

Personalised recommendations