A Better Composition Operator for Quantitative Information Flow Analyses

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10492)


Given a description of the quantitative information flow (qif) for components, how can we determine the qif of a system composed from components? We explore this fundamental question mathematically and provide an answer based on a new composition operator. We investigate its properties and prove that it generalises existing composition operators. We illustrate the results with a fresh look on Chaum’s dining cryptographers. We show that the new operator enjoys various convenient algebraic properties and that it is well-behaved under composition refinement.



For helpful discussions and comments on preliminary versions of this paper I would like to thank Carroll Morgan and Ron van der Meyden. I thank the anonymous referees for their detailed and most useful comments.


  1. 1.
    Agat, J.: Transforming out timing leaks. In: Wegman, M.N., Reps, T.W. (eds.) POPL 2000, Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Boston, Massachusetts, USA, 19–21 January, 2000, pp. 40–53. ACM (2000), http://doi.acm.org/10.1145/325694.325702
  2. 2.
    Alvim, M.S., Chatzikokolakis, K., Palamidessi, C., Smith, G.: Measuring information leakage using generalized gain functions. In: Chong, S. (ed.) 25th IEEE Computer Security Foundations Symposium, CSF 2012, Cambridge, MA, USA, 25–27 June 2012, pp. 265–279. IEEE Computer Society (2012), http://dx.doi.org/10.1109/CSF.2012.26
  3. 3.
    Barthe, G., Köpf, B.: Information-theoretic bounds for differentially private mechanisms. In: Proceedings of the 2011 IEEE 24th Computer Security Foundations Symposium, CSF 2011, pp. 191–204 (2011), http://dx.doi.org/10.1109/CSF.2011.20
  4. 4.
    Barthe, G., Rezk, T., Warnier, M.: Preventing timing leaks through transactional branching instructions. In: Cerone, A., Wiklicky, H. (eds.) Proceedings of the Third Workshop on Quantitative Aspects of Programming Languages (QAPL 2005). ENTCS, vol. 153(2), pp. 33–55 (2006), https://doi.org/10.1016/j.entcs.2005.10.031
  5. 5.
    Blackwell, D.: Comparison of experiments. In: Neyman, J. (ed.) Proceedings of the Second Berkeley Symposium on Mathematical Statistics and Probability, pp. 93–102. Univ. of Calif. Press (1951), http://projecteuclid.org/euclid.bsmsp/1200500222
  6. 6.
    Braun, C., Chatzikokolakis, K., Palamidessi, C.: Quantitative notions of leakage for one-try attacks. In: Proceedings of the 25th Conference on Mathematical Foundations of Programming Semantics (MFPS 2009). ENTCS, vol. 249, pp. 75–91 (2009), http://dx.doi.org/10.1016/j.entcs.2009.07.085
  7. 7.
    Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. J. Crypto. 1(1), 65–75 (1988)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Clarkson, M.R., Myers, A.C., Schneider, F.B.: Belief in information flow. In: 18th IEEE Computer Security Foundations Workshop, (CSFW-18 2005), 20–22, Aix-en-Provence, France, pp. 31–45. IEEE Computer Society (2005), http://dx.doi.org/10.1109/CSFW.2005.10
  9. 9.
    Clarkson, M.R., Myers, A.C., Schneider, F.B.: Quantifying information flow with beliefs. J. Comput. Secur. 17(5), 655–701 (2009), http://dx.doi.org/10.3233/JCS-2009-0353
  10. 10.
    Espinoza, B., Smith, G.: Min-entropy as a resource. Inf. Comput., 226, 57–75 (2013). Blakey, Coecke, B., Mislove, M., Pavlovic, D.: Information Security as a Resource (special Issue), http://dx.doi.org/10.1016/j.ic.2013.03.005
  11. 11.
    Fagin, R., Halpern, J.Y., Moses, Y., Vardi, M.Y.: Reasoning About Knowledge. MIT-Press (1995)Google Scholar
  12. 12.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: 1982 IEEE Symposium on Security and Privacy, Oakland, CA, USA, 26–28 April 1982, pp. 11–20 (1982), http://ieeexplore.ieee.org/document/6234468
  13. 13.
    Gray III., J.W., Syverson, P.F.: A logical approach to multilevel security of probabilistic systems. Distrib. Comput. 11(2), 73–90 (1998), http://dx.doi.org/10.1007/s004460050043
  14. 14.
    Halpern, J.Y., O’Neill, K.R.: Secrecy in multiagent systems. ACM Trans. Inf. Syst. Secur. (TISSEC) 12(1), 5 (2008)Google Scholar
  15. 15.
    Halpern, J.Y., Tuttle, M.R.: Knowledge, probability, and adversaries. J. ACM 40(4), 917–960 (1993), http://doi.acm.org/10.1145/153724.153770
  16. 16.
    Kawamoto, Y., Chatzikokolakis, K., Palamidessi, C.: Compositionality results for quantitative information flow. In: Norman, G., Sanders, W. (eds.) QEST 2014. LNCS, vol. 8657, pp. 368–383. Springer, Cham (2014). doi: 10.1007/978-3-319-10696-0_28 Google Scholar
  17. 17.
    Kawamoto, Y., Chatzikokolakis, K., Palamidessi, C.: On the compositionality of quantitative information flow. CoRR abs/1611.00455 (2016), http://arxiv.org/abs/1611.00455
  18. 18.
    Kumar, R., Myreen, M.O., Norrish, M., Owens, S.: CakeML: a verified implementation of ML. In: Jagannathan, S., Sewell, P. (eds.) The 41st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2014, San Diego, CA, USA, 20–21 January 2014, pp. 179–192. ACM (2014), http://doi.acm.org/10.1145/2535838.2535841
  19. 19.
    Leroy, X.: Formal verification of a realistic compiler. Commun. ACM 52(7), 107–115 (2009), http://doi.acm.org/10.1145/1538788.1538814
  20. 20.
    Mantel, H.: Preserving information flow properties under refinement. In: 2001 IEEE Symposium on Security and Privacy, Oakland, California, USA, 14–16 May 2001, pp. 78–91. IEEE Computer Society (2001), http://dx.doi.org/10.1109/SECPRI.2001.924289
  21. 21.
    McIver, A., Meinicke, L., Morgan, C.: Compositional closure for bayes risk in probabilistic noninterference. In: Abramsky, S., Gavoille, C., Kirchner, C., Meyer auf der Heide, F., Spirakis, P.G. (eds.) ICALP 2010. LNCS, vol. 6199, pp. 223–235. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-14162-1_19 CrossRefGoogle Scholar
  22. 22.
    McIver, A., Meinicke, L., Morgan, C.: Hidden-Markov program algebra with iteration. Math. Struct. Comput. Sci. 25(2), 320–360 (2015), https://doi.org/10.1017/S0960129513000625
  23. 23.
    McIver, A., Morgan, C., Rabehaja, T.M.: Abstract hidden Markov models: a monadic account of quantitative information flow. In: 30th Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2015, Kyoto, Japan, 6–10 July 2015, pp. 597–608. IEEE Computer Society (2015), https://doi.org/10.1109/LICS.2015.61
  24. 24.
    McIver, A., Morgan, C., Smith, G., Espinoza, B., Meinicke, L.: Abstract channels and their robust information-leakage ordering. In: Abadi, M., Kremer, S. (eds.) POST 2014. LNCS, vol. 8414, pp. 83–102. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-54792-8_5 CrossRefGoogle Scholar
  25. 25.
    McIver, A., Rabehaja, T.M., Struth, G.: Probabilistic rely-guarantee calculus (v3). CoRR abs/1409.0582 (2015), http://arxiv.org/abs/1409.0582
  26. 26.
    Murray, T.C., Sison, R., Pierzchalski, E., Rizkallah, C.: Compositional verification and refinement of concurrent value-dependent noninterference. In: IEEE 29th Computer Security Foundations Symposium, CSF 2016, Lisbon, Portugal, 27 June–1 July 2016, pp. 417–431. IEEE Computer Society (2016), http://dx.doi.org/10.1109/CSF.2016.36
  27. 27.
    Smith, G.: Recent developments in quantitative information flow (invited tutorial). In: Proceedings of the 2015 30th Annual ACM/IEEE Symposium on Logic in Computer Science (LICS), LICS 2015, pp. 23–31 (2015), http://dx.doi.org/10.1109/LICS.2015.13

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.CSEUNSWSydneyAustralia

Personalised recommendations