Quantitative Information Flow in Boolean Programs

  • Rohit Chadha
  • Dileep Kini
  • Mahesh Viswanathan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8414)

Abstract

The quantitative information flow bounding problem asks, given a program P and threshold q, whether the information leaked by P is bounded by q. When the amount of information is measured using mutual information, the problem is known to be PSPACE-hard and decidable in EXPTIME. We show that the problem is in fact decidable in PSPACE, thus establishing the exact complexity of the quantitative information flow bounding problem. Thus, the complexity of bounding quantitative information flow in programs has the same complexity as safety verification of programs. We also show that the same bounds apply when comparing information leaked by two programs.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Agat, J.: Transforming out timing leaks. In: POPL 2000, pp. 40–53 (2000)Google Scholar
  2. 2.
    Allender, E., Bürgisser, P., Kjeldgaard-Pedersen, J., Miltersen, P.B.: On the complexity of numerical analysis. SIAM Journal on Computing 38(5), 1987–2006 (2009)CrossRefMATHGoogle Scholar
  3. 3.
    Backes, M., Köpf, B., Rybalchenko, A.: Automatic discovery and quantification of information leaks. In: IEEE Symposium on Security and Privacy, pp. 141–153 (2009)Google Scholar
  4. 4.
    Brumley, D., Boneh, D.: Remote timing attacks are practical. Computer Networks 48(5), 701–716 (2005)CrossRefGoogle Scholar
  5. 5.
    Chadha, R., Ummels, M.: The complexity of quantitative information flow in recursive programs. In: FSTTCS, pp. 534–545 (2012)Google Scholar
  6. 6.
    Chatzikokolakis, K., Chothia, T., Guha, A.: Statistical measurement of information leakage. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 390–404. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: Probability of error in information-hiding protocols. In: CSF 2007, pp. 341–354 (2007)Google Scholar
  8. 8.
    Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: Anonymity protocols as noisy channels. Information and Computation 206(2-4) (2008)Google Scholar
  9. 9.
    Clark, D., Hunt, S., Malacaria, P.: Quantified interference for a while language. Electronic Notes in Theoretical Computer Science (Proc. QAPL 2004) 112, 49–166 (1984)Google Scholar
  10. 10.
    Clark, D., Hunt, S., Malacaria, P.: Quantitative information flow, relations and polymorphic types. Journal of Logic Computation 15(2), 181–199 (2005)CrossRefMATHMathSciNetGoogle Scholar
  11. 11.
    Clark, D., Hunt, S., Malacaria, P.: A static analysis for quantifying information flow in a simple imperative language. Journal of Computer Security 15(3), 321–371 (2007)Google Scholar
  12. 12.
    Denning, D.E.R.: Cryptography and Data Security. Addison-Wesley (1982)Google Scholar
  13. 13.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)Google Scholar
  14. 14.
    Gray III, J.W.: Toward a mathematical foundation for information flow security. In: IEEE Symposium on Security and Privacy, pp. 21–35 (1991)Google Scholar
  15. 15.
    Hesse, W., Allender, E., Mix Barrington, D.A.: Uniform constant-depth threshold circuits for division and iterated multiplication. Journal of Computing Systems and Sciences 65(4), 695–716 (2002)CrossRefMATHGoogle Scholar
  16. 16.
    Köpf, B., Basin, D.A.: An information-theoretic model for adaptive side-channel attacks. In: ACM Conference on Computer and Communications Security, pp. 286–296 (2007)Google Scholar
  17. 17.
    Köpf, B., Dürmuth, M.: A provably secure and efficient countermeasure against timing attacks. In: CSF 2009, pp. 324–335 (2009)Google Scholar
  18. 18.
    Köpf, B., Rybalchenko, A.: Approximation and randomization for quantitative information-flow analysis. In: CSF 2010, pp. 3–14 (2010)Google Scholar
  19. 19.
    Millen, J.K.: Covert channel capacity. In: IEEE Symposium on Security and Privacy, pp. 60–66 (1987)Google Scholar
  20. 20.
    Reynolds, J.C.: Syntactic control of interference. In: POPL 1978, pp. 39–46 (1978)Google Scholar
  21. 21.
    Shannon, C.: A mathematical theory of communication. The Bell System Technical Journal 27, 379–423, 623–656 (1948)Google Scholar
  22. 22.
    Smith, G.: On the foundations of quantitative information flow. In: de Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  23. 23.
    van der Meyden, R., Zhang, C.: Algorithmic verification of noninterference properties. Electronic Notes in Theoretical Computer Science 168, 61–75 (2007)CrossRefGoogle Scholar
  24. 24.
    Černý, P., Chatterjee, K., Henzinger, T.A.: The complexity of quantitative information flow problems. In: CSF 2011, pp. 205–217 (2011)Google Scholar
  25. 25.
    Yasuoka, H., Terauchi, T.: On bounding problems of quantitative information flow. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 357–372. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  26. 26.
    Yasuoka, H., Terauchi, T.: Quantitative information flow - verification hardness and possibilities. In: CSF 2010, pp. 15–27 (2010)Google Scholar
  27. 27.
    Yasuoka, H., Terauchi, T.: Quantitative information flow as safety and liveness hyperproperties. In: QAPL 2012, pp. 77–91 (2012)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Rohit Chadha
    • 1
  • Dileep Kini
    • 2
  • Mahesh Viswanathan
    • 2
  1. 1.University of MissouriUSA
  2. 2.University of Illinois, Urbana-ChampaignUSA

Personalised recommendations