Quantitative Analysis of Information Flow Using Theorem Proving

  • Tarek Mhamdi
  • Osman Hasan
  • Sofiène Tahar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7635)


Quantitative analysis of information flow is widely used to measure how much information was leaked from the secret inputs to the outputs or public inputs of a program. We propose to conduct the quantitative analysis of information flow within the trusted kernel of a higher-order-logic theorem prover in order to overcome the inaccuracy limitations of traditional analysis techniques used in this domain. For this purpose, we present the formalization of the Kullback-Leibler divergence that can be used as a unified measure of information leakage. Furthermore, we propose two new measures of information leakage, namely the information leakage degree and the conditional information leakage degree. We also formalize the notion of anonymity-based single MIX and use the channel capacity as a measure of information leakage in the MIX. Finally, for illustration purposes, we show how our framework allowed us to find a counter-example for a theorem that was reported in the literature to describe the leakage properties of the anonymity-based single MIX.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: Anonymity Protocols as Noisy Channels. In: Montanari, U., Sannella, D., Bruni, R. (eds.) TGC 2006. LNCS, vol. 4661, pp. 281–300. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Chaum, D.: The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability. Journal of Cryptology 1(1), 65–75 (1988)MathSciNetzbMATHCrossRefGoogle Scholar
  3. 3.
    Coble, A.R.: Formalized Information-Theoretic Proofs of Privacy Using the HOL4 Theorem-Prover. In: Borisov, N., Goldberg, I. (eds.) PETS 2008. LNCS, vol. 5134, pp. 77–98. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  4. 4.
    Cover, T.M., Thomas, J.A.: Elements of Information Theory. Wiley-Interscience (1991)Google Scholar
  5. 5.
    Deng, Y., Pang, J., Wu, P.: Measuring Anonymity with Relative Entropy. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2006. LNCS, vol. 4691, pp. 65–79. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards Measuring Anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Gallager, R.G.: Information Theory and Reliable Communication. John Wiley & Sons, Inc. (1968)Google Scholar
  8. 8.
    Goldberg, R.R.: Methods of Real Analysis. Wiley (1976)Google Scholar
  9. 9.
    Gordon, M.J.C.: Mechanizing Programming Logics in Higher-Order Logic. In: Current Trends in Hardware Verification and Automated Theorem Proving, pp. 387–439. Springer (1989)Google Scholar
  10. 10.
    Gordon, M.J.C., Melham, T.F.: Introduction to HOL: A Theorem Proving Environment for Higher-Order Logic. Cambridge University Press (1993)Google Scholar
  11. 11.
    Kwiatkowska, M., Norman, G., Parker, D.: Quantitative Analysis with the Probabilistic Model Checker PRISM. Electronic Notes in Theoretical Computer Science 153(2), 5–31 (2005)CrossRefGoogle Scholar
  12. 12.
    Malacaria, P.: Assessing Security Threats of Looping Constructs. SIGPLAN Notes 42(1), 225–235 (2007)CrossRefGoogle Scholar
  13. 13.
    Mhamdi, T., Hasan, O., Tahar, S.: On the Formalization of the Lebesgue Integration Theory in HOL. In: Kaufmann, M., Paulson, L.C. (eds.) ITP 2010. LNCS, vol. 6172, pp. 387–402. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Mhamdi, T., Hasan, O., Tahar, S.: Formalization of Entropy Measures in HOL. In: van Eekelen, M., Geuvers, H., Schmaltz, J., Wiedijk, F. (eds.) ITP 2011. LNCS, vol. 6898, pp. 233–248. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  15. 15.
    Mhamdi, T., Hasan, O., Tahar, S.: Quantitative Information Flow Analysis in HOL (2012),
  16. 16.
    Reiter, M.K., Rubin, A.D.: Crowds: Anonymity for Web Transactions. ACM Transactions on Information and System Security 1(1), 66–92 (1998)CrossRefGoogle Scholar
  17. 17.
    Sabelfeld, A., Myers, A.C.: Language-Based Information-Flow Security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)CrossRefGoogle Scholar
  18. 18.
    Serjantov, A., Danezis, G.: Towards an Information Theoretic Metric for Anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
    Smith, G.: On the Foundations of Quantitative Information Flow. In: de Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  20. 20.
    Zhu, Y., Bettati, R.: Information Leakage as a Model for Quality of Anonymity Networks. IEEE Transactions on Parallel and Distributed Systems 20(4), 540–552 (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Tarek Mhamdi
    • 1
  • Osman Hasan
    • 1
  • Sofiène Tahar
    • 1
  1. 1.ECE DepartmentConcordia UniversityMontrealCanada

Personalised recommendations