Quantifying Probabilistic Information Flow in Computational Reactive Systems

  • Michael Backes
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3679)


Information flow and non-interference are well-established techniques for expressing both integrity and privacy properties. Because of the enormous potential to transmit information using probabilistic methods of cryptography, interest has arisen in extending the traditional notions of information flow to fully reactive settings that allow for reasoning about arbitrary interactive systems, and in particular arbitrary cryptographic protocols. We propose definitions for quantifying the amount of information that users are able to transmit to each other in such reactive settings, and we in particular address computational restrictions and error probabilities so that our definitions are suited for complexity-theoretic reasoning about cryptographic systems. We show that our definitions are preserved under simulatability, which constitutes the cryptographic notion of a secure implementation, and we link our definitions to non-interference by showing that a zero or negligible quantity of information flow is equivalent to perfect or computational probabilistic non-interference, respectively.


Security Parameter Reactive Setting Covert Channel Information Quantity Service Port 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Backes, M., Pfitzmann, B.: Computational probabilistic non-interference. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 1–23. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Backes, M., Pfitzmann, B.: Intransitive non-interference for cryptographic purposes. In: Proc. 24th IEEE Symposium on Security & Privacy, pp. 140–152 (2003)Google Scholar
  3. 3.
    Backes, M., Pfitzmann, B., Waidner, M.: Secure asynchronous reactive systems. IACR Cryptology ePrint Archive 2004/082 (March 2004)Google Scholar
  4. 4.
    Bell, D., LaPadula, L.: Secure computer systems: Unified exposition and multics interpretation. Computer Science Technical Report ESD-TR-75-306, The Mitre Corporation (1976)Google Scholar
  5. 5.
    Clark, D., Hunt, S., Malacaria, P.: Quantitative analysis of the leakage of confidential data. In: A Comparative Study of Very Large Data Bases. Electronic Notes in Theoretical Computer Science, vol. 59. Elsevier, Amsterdam (2002)Google Scholar
  6. 6.
    Denning, D.: Cryptography and Data Security. Addison-Wesley, Reading (1982)zbMATHGoogle Scholar
  7. 7.
    Denning, D.E.: A lattice model of secure information flow. Communications of the ACM 19(5), 236–243 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Di Pierro, A., Hankin, C., Wiklicky, H.: Approximate non-interference. In: Proc. 15th IEEE Computer Security Foundations Workshop (CSFW), pp. 1–17 (2002)Google Scholar
  9. 9.
    Focardi, R., Gorrieri, R.: The compositional security checker: A tool for the verification of information flow security properties. IEEE Transactions on Software Engineering 23(9), 550–571 (1997)CrossRefGoogle Scholar
  10. 10.
    Focardi, R., Martinelli, F.: A uniform approach for the definition of security properties. In: Wing, J.M., Woodcock, J.C.P., Davies, J. (eds.) FM 1999. LNCS, vol. 1708, pp. 794–813. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  11. 11.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proc. 3rd IEEE Symposium on Security & Privacy, pp. 11–20 (1982)Google Scholar
  12. 12.
    Goguen, J.A., Meseguer, J.: Unwinding and inference control. In: Proc. 5th IEEE Symposium on Security & Privacy, pp. 75–86 (1984)Google Scholar
  13. 13.
    Gray III., J.W.: Probabilistic interference. In: Proc. 11th IEEE Symposium on Security & Privacy, pp. 170–179 (1990)Google Scholar
  14. 14.
    Gray III., J.W.: Toward a mathematical foundation for information flow security. Journal of Computer Security 1(3), 255–295 (1992)Google Scholar
  15. 15.
    Hoare, C.A.R.: Communicating Sequential Processes. International Series in Computer Science. Prentice Hall, Hemel Hempstead (1985)zbMATHGoogle Scholar
  16. 16.
    Kang, M.H., Moskowitz, I.S., Lee, D.C.: A network version of the pump. In: Proc. 16th IEEE Symposium on Security & Privacy, pp. 144–154 (1995)Google Scholar
  17. 17.
    Lampson, B.W.: A note on the confinement problem. Communications of the ACM 16(10), 613–615 (1973)CrossRefGoogle Scholar
  18. 18.
    Laud, P.: Semantics and program analysis of computationally secure information flow. In: Proc. 10th European Symposium on Programming (ESOP), pp. 77–91 (2001)Google Scholar
  19. 19.
    Laud, P.: Symmetric encryption in automatic analyses for confidentiality against active adversaries. In: Proc. 25th IEEE Symposium on Security & Privacy, pp. 71–85 (2004)Google Scholar
  20. 20.
    Lowe, G.: Quantifying information flow. In: Proc. 15th IEEE Computer Security Foundations Workshop (CSFW), pp. 18–31 (2002)Google Scholar
  21. 21.
    Lynch, N.: Distributed Algorithms. Morgan Kaufmann Publishers, San Francisco (1996)zbMATHGoogle Scholar
  22. 22.
    Mantel, H.: Unwinding possibilistic security properties. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 238–254. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  23. 23.
    Mantel, H., Sabelfeld, A.: A generic approach to the security of multi-threaded programs. In: Proc. 14th IEEE Computer Security Foundations Workshop (CSFW), pp. 200–214 (2001)Google Scholar
  24. 24.
    McCullough, D.: Specifications for multi-level security and a hook-up property. In: Proc. 8th IEEE Symposium on Security & Privacy, pp. 161–166 (1987)Google Scholar
  25. 25.
    McLean, J.: Security models and information flow. In: Proc. 11th IEEE Symposium on Security & Privacy, pp. 180–187 (1990)Google Scholar
  26. 26.
    McLean, J.: Encyclopedia of Software Engineering. In: Security models (1994)Google Scholar
  27. 27.
    Millen, J.K.: Covert channel capacity. In: Proc. 8th IEEE Symposium on Security & Privacy, pp. 60–66 (1987)Google Scholar
  28. 28.
    Myers, A., Liskov, B.: A decentralized model for information flow control. In: Proc. ACM Symposium on Operating System Principles, pp. 129–142 (1997)Google Scholar
  29. 29.
    Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: Proc. 22nd IEEE Symposium on Security & Privacy, pp. 184–200 (2001); Extended version of the model (with Michael Backes) IACR Cryptology ePrint Archive 2004/082,
  30. 30.
    Riccardo Focardi, R.G., Ghelli, A.: Using non-interference for the analysis of security protocols. In: Proc. DIMACS Workshop on Design and Formal Verification of Security Protocols (1997)Google Scholar
  31. 31.
    Sabelfeld, A., Sands, D.: A per model of secure information flow in sequential programs. In: Proc. European Symposium on Programming (ESOP), pp. 40–58. Springer, Heidelberg (1999)Google Scholar
  32. 32.
    Sabelfeld, A., Sands, D.: Probabilistic noninterference for multi-threaded programs. In: Proc. 13th IEEE Computer Security Foundations Workshop (CSFW), pp. 200–214 (2000)Google Scholar
  33. 33.
    Sutherland, D.: A model of information. In: Proc. 9th National Computer Security Conference, pp. 175–183 (1986)Google Scholar
  34. 34.
    Volpano, D.: Secure introduction of one-way functions. In: Proc. 13th IEEE Computer Security Foundations Workshop (CSFW), pp. 246–254 (2000)Google Scholar
  35. 35.
    Volpano, D., Smith, G.: Probabilistic noninterference in a concurrent language. In: Proc. 11th IEEE Computer Security Foundations Workshop (CSFW), pp. 34–43 (1998)Google Scholar
  36. 36.
    Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. Journal of Computer Security 4(3), 167–187 (1996)Google Scholar
  37. 37.
    Wittbold, J.T., Johnson, D.M.: Information flow in nondeterministic systems. In: Proc. 11th IEEE Symposium on Security & Privacy, pp. 144–161 (1990)Google Scholar
  38. 38.
    Yao, A.C.: Theory and applications of trapdoor functions. In: Proc. 23rd IEEE Symposium on Foundations of Computer Science (FOCS), pp. 80–91 (1982)Google Scholar
  39. 39.
    Zdancewic, S., Myers, A.C.: Secure information flow and CPS. In: Sands, D. (ed.) ESOP 2001. LNCS, vol. 2028, pp. 46–61. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Michael Backes
    • 1
  1. 1.IBM Zurich Research Laboratory 

Personalised recommendations