Skip to main content
SpringerLink
Log in

SAT-Based Analysis and Quantification of Information Flow in Programs

  • Conference paper
Quantitative Evaluation of Systems (QEST 2013)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 8054))

Included in the following conference series:

Abstract

Quantitative information flow analysis (QIF) is a portfolio of security techniques quantifying the flow of confidential information to public ports. In this paper, we advance the state of the art in QIF for imperative programs. We present both an abstract formulation of the analysis in terms of verification condition generation, logical projection and model counting, and an efficient concrete implementation targeting ANSI C programs. The implementation combines various novel and existing SAT-based tools for bounded model checking, #SAT solving in presence of projection, and SAT preprocessing. We evaluate the technique on synthetic and semi-realistic benchmarks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Backes, M., Berg, M., Köpf, B.: Non-uniform distributions in quantitative information-flow. In: ASIACCS 2011, pp. 367–375. ACM (2011)

    Google Scholar 

  2. Backes, M., Köpf, B., Rybalchenko, A.: Automatic discovery and quantification of information leaks. In: S&P 2009, pp. 141–153. IEEE Computer Society (2009)

    Google Scholar 

  3. Brauer, J., King, A.: Approximate quantifier elimination for propositional boolean formulae. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011. LNCS, vol. 6617, pp. 73–88. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  4. Brauer, J., King, A., Kriener, J.: Existential quantification as incremental SAT. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 191–207. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  5. Chatzikokolakis, K., Chothia, T., Guha, A.: Statistical measurement of information leakage. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 390–404. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  6. Clarke, E., Kroning, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  7. Darwiche, A.: Decomposable negation normal form. J. ACM 48(4), 608–647 (2001)

    Article  MathSciNet  MATH  Google Scholar 

  8. Dennis, G., Chang, F.S.-H., Jackson, D.: Modular verification of code with SAT. In: ISSTA 2006, pp. 109–120. ACM (2006)

    Google Scholar 

  9. Eén, N., Sörensson, N.: An extensible SAT-solver. In: Giunchiglia, E., Tacchella, A. (eds.) SAT 2003. LNCS, vol. 2919, pp. 502–518. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  10. Guo, Q., Sang, J., He, Y.-M.: Effective preprocessing in #SAT. In: ICMV 2011. SPIE (2011)

    Google Scholar 

  11. Heusser, J., Malacaria, P.: Applied quantitative information flow and statistical databases. In: Degano, P., Guttman, J.D. (eds.) FAST 2009. LNCS, vol. 5983, pp. 96–110. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  12. Heusser, J., Malacaria, P.: Quantifying information leaks in software. In: ACSAC 2010, pp. 261–269. ACM (2010)

    Google Scholar 

  13. Klebanov, V.: Precise quantitative information flow analysis using symbolic model counting. In: Martinelli, F., Nielson, F. (eds.) Proceedings of the International Workshop on Quantitative Aspects in Security Assurance, QASA (2012)

    Google Scholar 

  14. Köpf, B., Rybalchenko, A.: Approximation and randomization for quantitative information-flow analysis. In: CSF 2010, pp. 3–14. IEEE Computer Society, Washington, DC (2010)

    Google Scholar 

  15. Manthey, N.: Coprocessor 2.0 – A flexible CNF simplifier. In: Cimatti, A., Sebastiani, R. (eds.) SAT 2012. LNCS, vol. 7317, pp. 436–441. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  16. Manthey, N., Heule, M.J.H., Biere, A.: Automated reencoding of boolean formulas. In: Proceedings of Haifa Verification Conference 2012 (2012)

    Google Scholar 

  17. McCamant, S., Ernst, M.D.: Quantitative information flow as network flow capacity. In: PLDI 2008, pp. 193–205. ACM (2008)

    Google Scholar 

  18. Meng, Z., Smith, G.: Calculating bounds on information leakage using two-bit patterns. In: PLAS 2011, pp. 1–12. ACM (2011)

    Google Scholar 

  19. Mu, C.: Quantitative information flow for security: a survey. Technical Report TR-08-06, Department of Computer Science, King’s College London (2008), http://www.dcs.kcl.ac.uk/technical-reports/papers/TR-08-06.pdf (updated 2010)

  20. Muise, C., McIlraith, S.A., Beck, J.C., Hsu, E.I.: Dsharp: Fast d-DNNF compilation with sharpSAT. In: Kosseim, L., Inkpen, D. (eds.) Canadian AI 2012. LNCS, vol. 7310, pp. 356–361. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  21. Newsome, J., McCamant, S., Song, D.: Measuring channel capacity to distinguish undue influence. In: PLAS 2009, pp. 73–85. ACM, New York (2009)

    Google Scholar 

  22. Phan, Q.-S., Malacaria, P., Tkachuk, O., Păsăreanu, C.S.: Symbolic quantitative information flow. In: Mehlitz, P., Rungta, N., Visser, W. (eds.) Proceedings, Java Pathfinder Workshop, pp. 1–5 (2012)

    Google Scholar 

  23. Smith, G.: On the foundations of quantitative information flow. In: de Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  24. Terauchi, T., Aiken, A.: Secure information flow as a safety problem. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 352–367. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  25. Thurley, M.: sharpSAT – counting models with advanced component caching and implicit BCP. In: Biere, A., Gomes, C.P. (eds.) SAT 2006. LNCS, vol. 4121, pp. 424–429. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  26. Wernhard, C.: Tableaux for projection computation and knowledge compilation. In: Giese, M., Waaler, A. (eds.) TABLEAUX 2009. LNCS (LNAI), vol. 5607, pp. 325–340. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  27. Yasuoka, H., Terauchi, T.: Quantitative information flow – verification hardness and possibilities. In: CSF 2010, pp. 15–27. IEEE Computer Society (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Karlsruhe Institute of Technology (KIT), Am Fasanengarten 5, 76131, Karlsruhe, Germany

    Vladimir Klebanov

  2. Knowledge Representation and Reasoning Group, Technische Universität Dresden, 01062, Dresden, Germany

    Norbert Manthey

  3. Department of Computer Science, University of Toronto, Toronto, Canada

    Christian Muise

Authors
  1. Vladimir Klebanov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Norbert Manthey
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christian Muise
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. AT&T Labs Research, 180 Park Avenue, Building 103, 07932, Florham Park, NJ, USA

    Kaustubh Joshi

  2. Institut für Technische Informatik, Universität der Bundeswehr München, Werner-Heisenberg Weg 39, 85577, Neubiberg, Germany

    Markus Siegle

  3. Faculty of Electrical Engineering, Mathematics and Computer Science, University of Twente, Drienerlolaan 5, Zilverling Building, 7522 NB, Enschede, The Netherlands

    Mariëlle Stoelinga

  4. Facultad de Matemáticas, Astronomía y Física, Universidad Nacional de Córdoba – CONICET, Medina Allende s/n, X5000HUA, Córdoba, Argentina

    Pedro R. D’Argenio

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Klebanov, V., Manthey, N., Muise, C. (2013). SAT-Based Analysis and Quantification of Information Flow in Programs. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds) Quantitative Evaluation of Systems. QEST 2013. Lecture Notes in Computer Science, vol 8054. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40196-1_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-40196-1_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-40195-4

  • Online ISBN: 978-3-642-40196-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation