Information Theory and Security: Quantitative Information Flow

  • Pasquale Malacaria
  • Jonathan Heusser
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6154)


We present the information theoretical basis of Quantitative Information Flow. We show the relationship between lattices, partitions and information theoretical concepts and their applicability to quantify leakage of confidential information in programs, including looping programs.

We also report on recent works that use these ideas to build tools for the automatic quantitative analysis of programs. The applicability of this information theoretical framework to the wider context of network protocols and the use of Lagrange multipliers in this setting is also demonstrated.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Babić, D., Hutter, F.: Spear Theorem Prover. In: Proc. of the SAT 2008 Race (2008)Google Scholar
  2. 2.
    Backes, M., Köpf, B., Rybalchenko, A.: Automatic Discovery and Quantification of Information Leaks. In: Proc. 30th IEEE Symposium on Security and Privacy, S& P 2009 (2009) (to appear)Google Scholar
  3. 3.
    Barthe, G., D’Argenio, P.R., Rezk, T.: Secure Information Flow by Self-Composition. In: CSFW 2004: Proceedings of the 17th IEEE workshop on Computer Security Foundations (2004)Google Scholar
  4. 4.
    Bayardo, R., Schrag, R.: Using CSP look-back techniques to solve real-world SAT instances. In: Proc. of AAAI 1997, pp. 203–208. AAAI Press/The MIT Press (1997)Google Scholar
  5. 5.
    Birkhoff, G.: Lattice theory. Amer. Math. Soc. Colloq. Publ. 25 (1948)Google Scholar
  6. 6.
    Braun, C., Chatzikokolakis, K., Palamidessi, C.: Quantitative notions of leakage for one-try attacks. In: Proceedings of MFPS 2009. ENTCS, vol. 248, pp. 75–91. Elsevier, Amsterdam (2009)Google Scholar
  7. 7.
    Chatzikokolakis, K., Chothia, T., Guha, A.: Statistical Measurement of Information Leakage. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 390–404. Springer, Heidelberg (2010)Google Scholar
  8. 8.
    Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: Anonymity protocols as noisy channels. Information and Computation 206(2-4), 378–401 (2008)MathSciNetCrossRefMATHGoogle Scholar
  9. 9.
    Cachin, C.: Entropy Measures and Unconditional Security in Cryptography. PhD thesis, Swiss Federal Institute of Technology (1997)Google Scholar
  10. 10.
    Chen, H., Malacaria, P.: Quantitative analysis of leakage for multi-threaded programs. In: PLAS 2007: Proceedings of the 2007 workshop on Programming languages and analysis for security (2007)Google Scholar
  11. 11.
    Chen, H., Malacaria, P.: Quantifying Maximal Loss of Anonymity in Protocols. In: Proceedings ACM Symposium on Information, Computer and Communication Security 2009 (2009)Google Scholar
  12. 12.
    Clark, D., Hunt, S., Malacaria, P.: Quantitative Analysis of the Leakage of Confidential Data. In: QAPL 2001, Quantitative Aspects of Programming Laguages, November 2002. ENTCS, pp. 238–251 (2002)Google Scholar
  13. 13.
    Clark, D., Hunt, S., Malacaria, P.: A static analysis for quantifying information flow in a simple imperative language. Journal of Computer Security 15(3) (2007)Google Scholar
  14. 14.
    Clark, D., Hunt, S., Malacaria, P.: Quantitative information flow, relations and polymorphic types. Journal of Logic and Computation, Special Issue on Lambda-calculus, type theory and natural language 18(2), 181–199 (2005)MathSciNetMATHGoogle Scholar
  15. 15.
    Clarke, E., Kroening, D., Lerda, F.: A Tool for Checking ANSI-C Programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Clarkson, M.R., Myers, A.C., Schneider, F.B.: Quantifying information flow with beliefs. J. Comput. Secur. 17(5), 655–701 (2009)CrossRefGoogle Scholar
  17. 17.
    Cover, T.M., Thomas, J.A.: Elements of Information Theory. John Wiley, Chichester (1991)CrossRefMATHGoogle Scholar
  18. 18.
    Köpf, B., Basin, D.: An information-theoretic model for adaptive side-channel attacks. In: CCS 2007: Proceedings of the 14th ACM conference on Computer and communications security, pp. 286–296 (2007)Google Scholar
  19. 19.
    Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)MathSciNetCrossRefMATHGoogle Scholar
  20. 20.
    Denning, D.: Cryptography and data security, 0-201-10150-5. Addison-Wesley Longman Publishing Co., Inc., Boston (1982)MATHGoogle Scholar
  21. 21.
    Gray III, J.W.: Toward a mathematical foundation for information flow security. In: Proc. 1991 IEEE Symposium on Security and Privacy, Oakland, CA, pp. 21–34 (1991)Google Scholar
  22. 22.
    Heusser, J., Malacaria, P.: Applied Quantitative Information Flow and Statistical Databases. In: Proceedings of Workshop on Formal Aspects in Security and Trust, FAST 2009 (2009)Google Scholar
  23. 23.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proceedings of the 1982 IEEE Computer Society Symposium on Security and Privacy (1982)Google Scholar
  24. 24.
    Landauer, J., Redmond, T.: A Lattice of Information. In: Proc. of the IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, Los Alamitos (1993)Google Scholar
  25. 25.
    Malacaria, P.: Assessing security threats of looping constructs. In: Proc. ACM Symposium on Principles of Programming Language (2007)Google Scholar
  26. 26.
    Malacaria, P.: Risk Assessment of Security Threats for Looping Constructs. Journal of Computer Security 18(2) (2010)Google Scholar
  27. 27.
    Malacaria, P., Chen, H.: Lagrange Multipliers and Maximum Information Leakage in Different Observational Models. In: ACM SIGPLAN Third Workshop on Programming Languages and Analysis for Security (June 2008)Google Scholar
  28. 28.
    Massey, J.L.: Guessing and entropy. In: Proceedings of the 1994 IEEE International Symposium on Information Theory, p. 204 (1994)Google Scholar
  29. 29.
    Maurer, U.M.: The Role of Information Theory in Cryptography. In: Fourth IMA Conference on Cryptography and Coding, pp. 49–71 (1993)Google Scholar
  30. 30.
    McCamant, S., Ernst, M.D.: Quantitative information flow as network flow capacity. In: PLDI 2008, Proceedings of the ACM SIGPLAN 2008, Conference on Programming Language Design and Implementation, Tucson, AZ, USA (2008)Google Scholar
  31. 31.
    McIver, A., Morgan, C.: A probabilistic approach to information hiding. In: Programming Methodology, pp. 441–460. Springer, New York (2003)CrossRefGoogle Scholar
  32. 32.
    Mclean, J.: Security Models and Information Flow. In: Proc. IEEE Symposium on Security and Privacy, pp. 180–187. IEEE Computer Society Press, Los Alamitos (1990)Google Scholar
  33. 33.
    Millen, J.K.: Covert Channel Capacity. In: IEEE Symposium on Security and Privacy, pp. 1540–7993, p. 60. IEEE Computer Society, Los Alamitos (1987)Google Scholar
  34. 34.
    Mu, C., Clark, D.: An Abstraction Quantifying Information Flow over Probabilistic Semantics. In: Workshop on Quantitative Aspects of Programming Languages (QAPL), ETAPS (2009)Google Scholar
  35. 35.
    Nakamura, Y.: Entropy and Semivaluations on Semilattices. Kodai Math. Sem. Rep. 22, 443–468 (1970)MathSciNetCrossRefMATHGoogle Scholar
  36. 36.
    Rényi, A.: On measures of information and entropy. In: Proceedings of the 4th Berkeley Symposium on Mathematics, Statistics and Probability, pp. 547–561 (1960)Google Scholar
  37. 37.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)CrossRefGoogle Scholar
  38. 38.
    Shannon, C.E.: A mathematical theory of communication. Bell Systems Technical Journal 27(3), 379–423 (1948)MathSciNetCrossRefMATHGoogle Scholar
  39. 39.
    Shannon, C.E.: The lattice theory of information. IEEE Transactions on Information Theory 1, 105–107 (1953)MATHGoogle Scholar
  40. 40.
    Simovici, D.: Metric-Entropy Pairs on Lattices. Journal of Universal Computer Science 13(11), 1767–1778 (2007)MathSciNetGoogle Scholar
  41. 41.
    Smith, G.: On the Foundations of Quantitative Information Flow. In: de Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  42. 42.
    Sutherland, D.: A model of information. In: Proc. 9th National Security Conference, Gaithersburg, Md., pp. 175–183 (1986)Google Scholar
  43. 43.
    Yeung, R.W.: A new outlook on Shannon’s information measures. IEEE Transactions on Information Theory 37(3), 466–474 (1991)MathSciNetCrossRefMATHGoogle Scholar
  44. 44.
    Terauchi, T., Aiken, A.: Secure information flow as a safety problem. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 352–367. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  45. 45.
    Tschantz, M.C., Nori, A.V.: Measuring the Loss of Privacy from Statistics. In: QA 2009: Workshop on Quantitative Analysis of Software (June 2009)Google Scholar
  46. 46.
    Vapnyarskii, I.B.: Lagrange multipliers. In: Hazewinkel, M. (ed.) Encyclopaedia of Mathematics. Springer, Heidelberg (2001)Google Scholar
  47. 47.
    Winskel, G.: The Formal Semantics of Programming Languages. MIT Press, Cambridge (1993)MATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Pasquale Malacaria
    • 1
  • Jonathan Heusser
    • 1
  1. 1.School of Electronic Engineering and Computer ScienceQueen Mary University of LondonUK

Personalised recommendations