Quantitative Information Flow and Applications to Differential Privacy

  • Mário S. Alvim
  • Miguel E. Andrés
  • Konstantinos Chatzikokolakis
  • Catuscia Palamidessi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6858)

Abstract

Secure information flow is the problem of ensuring that the information made publicly available by a computational system does not leak information that should be kept secret. Since it is practically impossible to avoid leakage entirely, in recent years there has been a growing interest in considering the quantitative aspects of information flow, in order to measure and compare the amount of leakage. Information theory is widely regarded as a natural framework to provide firm foundations to quantitive information flow. In this notes we review the two main information-theoretic approaches that have been investigated: the one based on Shannon entropy, and the one based on Rényi min-entropy. Furthermore, we discuss some applications in the area of privacy. In particular, we consider statistical databases and the recently-proposed notion of differential privacy. Using the information-theoretic view, we discuss the bound that differential privacy induces on leakage, and the trade-off between utility and privacy.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Alvim, M.S., Andrés, M.E., Chatzikokolakis, K., Degano, P., Palamidessi, C.: Differential privacy: on the trade-off between utility and information leakage. Technical report (2011), http://hal.inria.fr/inria-00580122/en/
  2. 2.
    Alvim, M.S., Chatzikokolakis, K., Degano, P., Palamidessi, C.: Differential privacy versus quantitative information flow. Technical report (2010)Google Scholar
  3. 3.
    Barthe, G., Köpf, B.: Information-theoretic bounds for differentially private mechanisms. In: Proc. of CSF (to appear, 2011)Google Scholar
  4. 4.
    Cachin, C.: Entropy Measures and Unconditional Security in Cryptography. PhD thesis (1997)Google Scholar
  5. 5.
    Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: Anonymity protocols as noisy channels. Inf. and Comp. 206(2-4), 378–401 (2008)MathSciNetCrossRefMATHGoogle Scholar
  6. 6.
    Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: On the Bayes risk in information-hiding protocols. J. of Comp. Security 16(5), 531–571 (2008)CrossRefGoogle Scholar
  7. 7.
    Chaum, D.: The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of Cryptology 1, 65–75 (1988)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Clark, D., Hunt, S., Malacaria, P.: Quantitative information flow, relations and polymorphic types. J. of Logic and Computation 18(2), 181–199 (2005)MathSciNetCrossRefMATHGoogle Scholar
  9. 9.
    Clarkson, M.R., Schneider, F.B.: Quantification of integrity, Tech. Rep. (2011), http://hdl.handle.net/1813/22012
  10. 10.
    Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM Journal of Computing 38(1), 97–139 (2008)CrossRefMATHGoogle Scholar
  11. 11.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Dwork, C.: Differential privacy in new settings. In: Proc. of the Twenty-First Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2010, Austin, Texas, USA, January 17-19, pp. 174–183. SIAM, Philadelphia (2010)CrossRefGoogle Scholar
  14. 14.
    Dwork, C.: A firm foundation for private data analysis. Communications of the ACM 54(1), 86–96 (2011)CrossRefGoogle Scholar
  15. 15.
    Dwork, C., Lei, J.: Differential privacy and robust statistics. In: Proc. of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, Bethesda, MD, USA, May 31-June 2, pp. 371–380. ACM, New York (2009)Google Scholar
  16. 16.
    Ghosh, A., Roughgarden, T., Sundararajan, M.: Universally utility-maximizing privacy mechanisms. In: Proc. of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, pp. 351–360. ACM, New York (2009)Google Scholar
  17. 17.
    Heusser, J., Malacaria, P.: Applied quantitative information flow and statistical databases. In: Degano, P., Guttman, J.D. (eds.) FAST 2009. LNCS, vol. 5983, pp. 96–110. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  18. 18.
    Joinson, A.N.: Self-disclosure in computer-mediated communication: The role of self-awareness and visual anonymity. Eur. J. Soc. Psychol. 31(2), 177–192 (2001)CrossRefGoogle Scholar
  19. 19.
    Köpf, B., Basin, D.A.: An information-theoretic model for adaptive side-channel attacks. In: Proc. of CCS, pp. 286–296. ACM, New York (2007)Google Scholar
  20. 20.
    Köpf, B., Basin, D.A.: An information-theoretic model for adaptive side-channel attacks. In: Proc. of CCS, pp. 286–296. ACM, New York (2007)Google Scholar
  21. 21.
    Malacaria, P.: Assessing security threats of looping constructs. In: Proc. of POPL, pp. 225–235. ACM, New York (2007)Google Scholar
  22. 22.
    Malacaria, P., Chen, H.: Lagrange multipliers and maximum information leakage in different observational models. In: Proc. of PLAS, pp. 135–146. ACM, New York (2008)Google Scholar
  23. 23.
    Massey: Guessing and entropy. In: Proc. of ISIT, p. 204. IEEE, Los Alamitos (1994)Google Scholar
  24. 24.
    Moskowitz, I.S., Newman, R.E., Crepeau, D.P., Miller, A.R.: Covert channels and anonymizing networks. In: Proc. of PES, pp. 79–88. ACM, New York (2003)Google Scholar
  25. 25.
    Moskowitz, I.S., Newman, R.E., Syverson, P.F.: Quasi-anonymous channels. In: Proc. of CNIS, pp. 126–131. IASTED (2003)Google Scholar
  26. 26.
    Pliam, J.O.: On the incomparability of entropy and marginal guesswork in brute-force attacks. In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol. 1977, pp. 67–79. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  27. 27.
    Rényi, A.: On Measures of Entropy and Information. In: Proc. of the 4th Berkeley Symposium on Mathematics, Statistics, and Probability, pp. 547–561 (1961)Google Scholar
  28. 28.
    Shannon, C.E.: A mathematical theory of communication. Bell System Technical Journal 27, 379–423, 625–656 (1948)MathSciNetCrossRefMATHGoogle Scholar
  29. 29.
    Smith, G.: On the foundations of quantitative information flow. In: de Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  30. 30.
    Zhu, Y., Bettati, R.: Anonymity vs. information leakage in anonymity systems. In: Proc. of ICDCS, pp. 514–524. IEEE, Los Alamitos (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Mário S. Alvim
    • 1
  • Miguel E. Andrés
    • 1
  • Konstantinos Chatzikokolakis
    • 1
  • Catuscia Palamidessi
    • 1
  1. 1.INRIA and LIX, Ecole PolytechniqueFrance

Personalised recommendations