When Not All Bits Are Equal: Worth-Based Information Flow

  • Mário S. Alvim
  • Andre Scedrov
  • Fred B. Schneider
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8414)


Only recently have approaches to quantitative information flow started to challenge the presumption that all leaks involving a given number of bits are equally harmful. This paper proposes a framework to capture the semantics of information, making quantification of leakage independent of the syntactic representation of secrets. Secrets are defined in terms of fields, which are combined to form structures; and a worth assignment is introduced to associate each structure with a worth (perhaps in proportion to the harm that would result from disclosure). We show how worth assignments can capture inter-dependence among structures within a secret, modeling: (i) secret sharing, (ii) information-theoretic predictors, and (iii) computational (as opposed to information-theoretic) guarantees for security. Using non-trivial worth assignments, we generalize Shannon entropy, guessing entropy, and probability of guessing. For


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Cachin, C.: Entropy Measures and Unconditional Security in Cryptography. PhD thesis, ETH Zürich (1997) Reprint as of ETH Series in Information Security and Cryptography, vol. 1. Hartung-Gorre Verlag, Konstanz (1997) ISBN 3-89649-185-7Google Scholar
  2. 2.
    Clark, D., Hunt, S., Malacaria, P.: Quantitative information flow, relations and polymorphic types. J. of Logic and Computation 18(2), 181–199 (2005)CrossRefMathSciNetGoogle Scholar
  3. 3.
    Malacaria, P.: Assessing security threats of looping constructs. In: Hofmann, M., Felleisen, M. (eds.) Proceedings of the 34th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2007, pp. 225–235. ACM (2007)Google Scholar
  4. 4.
    Malacaria, P., Chen, H.: Lagrange multipliers and maximum information leakage in different observational models. In: Proc. of the 2008 Workshop on Programming Languages and Analysis for Security (PLAS 2008), pp. 135–146. ACM (June 2008)Google Scholar
  5. 5.
    Moskowitz, I.S., Newman, R.E., Syverson, P.F.: Quasi-anonymous channels. In: Proc. of CNIS, pp. 126–131, IASTED (2003)Google Scholar
  6. 6.
    Moskowitz, I.S., Newman, R.E., Crepeau, D.P., Miller, A.R.: Covert channels and anonymizing networks. In: Jajodia, S., Samarati, P., Syverson, P.F. (eds.) Workshop on Privacy in the Electronic Society 2003, pp. 79–88. ACM (2003)Google Scholar
  7. 7.
    Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: Anonymity protocols as noisy channels. Inf. and Comp. 206(2-4), 378–401 (2008)CrossRefMATHMathSciNetGoogle Scholar
  8. 8.
    Alvim, M.S., Andrés, M.E., Palamidessi, C.: Information Flow in Interactive Systems. In: Gastin, P., Laroussinie, F. (eds.) CONCUR 2010. LNCS, vol. 6269, pp. 102–116. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Massey: Guessing and entropy. In: Proceedings of the IEEE International Symposium on Information Theory, p. 204. IEEE (1994)Google Scholar
  10. 10.
    Malacaria, P.: Algebraic foundations for information theoretical, probabilistic and guessability measures of information flow. CoRR abs/1101.3453 (2011)Google Scholar
  11. 11.
    Smith, G.: On the foundations of quantitative information flow. In: de Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Braun, C., Chatzikokolakis, K., Palamidessi, C.: Quantitative notions of leakage for one-try attacks. In: Proceedings of the 25th Conf. on Mathematical Foundations of Programming Semantics. Electronic Notes in Theoretical Computer Science, vol. 249, pp. 75–91. Elsevier B.V. (2009)Google Scholar
  13. 13.
    Alvim, M.S., Chatzikokolakis, K., Palamidessi, C., Smith, G.: Measuring information leakage using generalized gain functions. In: Proceedings of the 25th IEEE Computer Security Foundations Symposium (CSF), pp. 265–279 (2012)Google Scholar
  14. 14.
    Landauer, J., Redmond, T.: A lattice of information. In: Proc. Computer Security Foundations Workshop VI, pp. 65–70 (June 1993)Google Scholar
  15. 15.
    Alvim, M.S., Scedrov, A., Schneider, F.B.: When not all bits are equal: Worth-based information flow. Technical report (2013), http://ecommons.library.cornell.edu/handle/1813/33124
  16. 16.
    Sweeney, L.: Uniqueness of simple demographics in the U.S. population, Carnegie Mellon University, Laboratory for International Data Privacy (2000)Google Scholar
  17. 17.
    Köpf, B., Basin, D.: Automatically deriving information-theoretic bounds for adaptive side-channel attacks. J. Comput. Secur. 19(1), 1–31 (2011)Google Scholar
  18. 18.
    Yasuoka, H., Terauchi, T.: Quantitative information flow — verification hardness and possibilities. In: Proc. 23rd IEEE Computer Security Foundations Symposium (CSF 2010), pp. 15–27 (2010)Google Scholar
  19. 19.
    Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006, part II. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  20. 20.
    Ghosh, A., Roughgarden, T., Sundararajan, M.: Universally utility-maximizing privacy mechanisms. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, pp. 351–360. ACM, New York (2009)Google Scholar
  21. 21.
    Alvim, M.S., Andrés, M.E., Chatzikokolakis, K., Palamidessi, C.: On the relation between differential privacy and quantitative information flow. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011, Part II. LNCS, vol. 6756, pp. 60–76. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  22. 22.
    Nakamura, Y.: Entropy and semivaluations on semilattices. Kodai Mathematical Seminar Reports 22(4), 443–468 (1970)CrossRefMATHMathSciNetGoogle Scholar
  23. 23.
    Shannon, C.: The lattice theory of information. IRE Professional Group on Information Theory 1(1), 105–107 (1953)CrossRefMATHGoogle Scholar
  24. 24.
    Backes, M., Köpf, B., Rybalchenko, A.: Automatic discovery and quantification of information leaks. In: IEEE Symposium on Security and Privacy, pp. 141–153 (2009)Google Scholar
  25. 25.
    Heusser, J., Malacaria, P.: Quantifying information leaks in software. In: Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC 2010, pp. 261–269. ACM, New York (2010)Google Scholar
  26. 26.
    Adão, P., Mateus, P., Viganò, L.: Protocol insecurity with a finite number of sessions and a cost-sensitive guessing intruder is np-complete. Theoretical Computer Science (2013) ISSN 0304-3975, http://www.sciencedirect.com/science/article/pii/S0304397513006956, doi:http://dx.doi.org/10.1016/j.tcs.2013.09.015
  27. 27.
    Askarov, A., Hunt, S., Sabelfeld, A., Sands, D.: Termination-insensitive noninterference leaks more than just a bit. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 333–348. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  28. 28.
    Demange, D., Sands, D.: All secrets great and small. In: Castagna, G. (ed.) ESOP 2009. LNCS, vol. 5502, pp. 207–221. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Mário S. Alvim
    • 1
  • Andre Scedrov
    • 2
  • Fred B. Schneider
    • 3
  1. 1.Universidade Federal de Minas GeraisBrazil
  2. 2.University of PennsylvaniaUSA
  3. 3.Cornell UniversityUSA

Personalised recommendations