Applied Quantitative Information Flow and Statistical Databases

  • Jonathan Heusser
  • Pasquale Malacaria
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5983)


We firstly describe an algebraic structure which serves as solid basis to quantitatively reason about information flows. We demonstrate how programs in form of partition of states fit into that theoretical framework.

The paper presents a new method and implementation to automatically calculate such partitions, and compares it to existing approaches. As a novel application, we describe a way to transform database queries into a suitable program form which then can be statically analysed to measure its leakage and to spot database inference threats.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Babić, D., Hutter, F.: Spear Theorem Prover. In: Proc. of the SAT 2008 Race (2008)Google Scholar
  2. 2.
    Backes, M., Köpf, B., Rybalchenko, A.: Automatic Discovery and Quantification of Information Leaks. In: Proc. 30th IEEE Symposium on Security and Privacy, S& P 2009 (2009) (to appear)Google Scholar
  3. 3.
    Barthe, G., D’Argenio, P.R., Rezk, T.: Secure Information Flow by Self-Composition. In: Proceedings of the 17th IEEE workshop on Computer Security Foundations CSFW (2004)Google Scholar
  4. 4.
    Bayardo, R., Schrag, R.: Using CSP look-back techniques to solve real-world SAT instances. In: Proc. of AAAI 1997, pp. 203–208. AAAI Press/The MIT Press (1997)Google Scholar
  5. 5.
    Clark, D., Hunt, S., Malacaria, P.: A static analysis for quantifying information flow in a simple imperative language. Journal of Computer Security 15(3) (2007)Google Scholar
  6. 6.
    Clark, D., Hunt, S., Malacaria, P.: Quantitative information flow, relations and polymorphic types. Journal of Logic and Computation, Special Issue on Lambda-calculus, type theory and natural language 18(2), 181–199 (2005)MathSciNetGoogle Scholar
  7. 7.
    Clarke, E., Kroening, D., Lerda, F.: A Tool for Checking ANSI-C Programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004)Google Scholar
  8. 8.
    Darwiche, A., Marquis, P.: A Knowledge Compilation Map. Journal of Artificial Intelligence Research 17, 229–264 (2002)MATHMathSciNetGoogle Scholar
  9. 9.
    Denning, D.E., Schlšrer, J.: A fast procedure for finding a tracker in a statistical database. ACM Transactions on Database Systems 5(1), 88–102 (1980)CrossRefGoogle Scholar
  10. 10.
    Dobkin, D., Jones, A.K., Lipton, R.J.: Secure databases: Protection against user influence. ACM Transactions on Database Systems 4, 97–106 (1979)CrossRefGoogle Scholar
  11. 11.
    Chauhan, P., Clarke, E.M., Kroening, D.: Using SAT based Image Computation for Reachability. Carnegie Mellon University, Technical Report CMU-CS-03-151 (2003)Google Scholar
  12. 12.
    Köpf, B., Basin, D.: An information-theoretic model for adaptive side-channel attacks. In: Proceedings of the 14th ACM conference on Computer and communications security CCS 2007, pp. 286–296 (2007)Google Scholar
  13. 13.
    Landauer, J., Redmond, T.: A Lattice of Information. In: Proc. of the IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, Los Alamitos (1993)Google Scholar
  14. 14.
    Malacaria, P.: Assessing security threats of looping constructs. In: Proc. ACM Symposium on Principles of Programming Language (2007)Google Scholar
  15. 15.
    Malacaria, P.: Risk Assessment of Security Threats for Looping Constructs. To appear in the Journal Of Computer Security (2009)Google Scholar
  16. 16.
    Nakamura, Y.: Entropy and Semivaluations on Semilattices. Kodai Math. Sem. Rep. 22, 443–468 (1970)MATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    McCamant, S.A.: Quantitative Information-Flow Tracking for Real Systems. MIT Department of Electrical Engineering and Computer Science, Ph.D., Cambridge, MA (2008)Google Scholar
  18. 18.
    Terauchi, T., Aiken, A.: Secure information flow as a safety problem. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 352–367. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    Sweeney, L.: k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems 10(5), 557–570 (2002)MATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Jonathan Heusser
    • 1
  • Pasquale Malacaria
    • 1
  1. 1.School of Electronic Engineering and Computer ScienceQueen Mary University of London 

Personalised recommendations