Abstract
Information flow analysis plays a vital role in obtaining quantitative bounds on information leakage due to external attacks. Traditionally, information flow analysis is done using paper-and-pencil based proofs or computer simulations based on the Shannon entropy and mutual information. However, these metrics sometimes provide misleading information while dealing with some specific threat models, like when the secret is correctly guessed in one try. Min-Entropy and Belief Min-entropy metrics have been recently proposed to address these problems. But the information flow analysis using these metrics is done by simulation and paper-and-pencil approaches and thus cannot ascertain accurate results due to their inherent limitations. In order to overcome these shortcomings, we formalize Min-Entropy and Belief-Min-Entropy in higher-order logic and use them to perform information flow analysis within the sound core of the HOL theorem prover. For illustration purposes, we use our formalization to evaluate the information leakage of a cascade of channels in HOL.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Andrea, S.: Possibilistic information theory: A coding theoretic approach. Fuzzy Sets Systems 132(1), 11–32 (2002)
Backes, M., Kopf, B., Rybalchenko, A.: Automatic discovery and quantification of information leaks. In: Proceedings IEEE Symposium on Security and Privacy, pp. 141–153. IEEE Computer Society (2009)
Coble, A.R.: Anonymity, information, and machine-assisted proof. Technical report, University of Cambridge, Computer Laboratory, Cambridge UK (July 2010)
Coble, A.R.: Anonymity, information, and machine-assisted proof. PhD thesis, King’s College, University of Cambridge, Cambridge UK (2010)
Cover, T.M., Thomas, J.A.: Elements of Information Theory. Wiley-Interscience (1991)
Nguyen, H.T., Dubois, D., Prade, H.: Fundamentals of fuzzy sets, possibility theory, probability and fuzzy sets: Misunderstandings, bridges and gaps. In: Fundamentals of Fuzzy Sets. The handbooks of Fuzzy Sets Series, pp. 343–438. Kluwer (2000)
Espinoza, B., Smith, G.: Min-entropy leakage of channels in cascade. In: Barthe, G., Datta, A., Etalle, S. (eds.) FAST 2011. LNCS, vol. 7140, pp. 70–84. Springer, Heidelberg (2012)
Halpern, J.Y., O’Neill, K.R.: Anonymity and information hiding in multiagent systems. Journal of Computer Security 13(3), 483–514 (2005)
Hamadou, S., Sassone, V., Palamidessi, C.: Reconciling belief and vulnerability in information flow. In: Proceedings IEEE Symposium on Security and Privacy, pp. 79–92. IEEE Computer Society (2010)
Helali, G.: Formal analysis of information flow using min-entropy and belief min-entropy, http://hvg.ece.concordia.ca/projects/prob-it/min_beliefInfo.php
Hölzl, J.: Construction and Stochastic Applications of Measure Spaces in Higher-Order Logic. PhD thesis, Institut für Informatik, Technische Universität München, Germany (October 2012)
Clarke, I., Sandberg, O., Wiley, B., Hong, T.W.: Freenet: A distributed anonymous information storage and retrieval system. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 46–66. Springer, Heidelberg (2001)
Palamidessi, C., Chatzikokolakis, K., Panangaden, P.: Anonymity Protocols as Noisy Channels. Information and Computation 206(2-4), 378–401 (2008)
Massey, J.L.: Guessing and entropy. In: Proceedings IEEE International Symposium on Information Theory, p. 204 (1994)
Mhamdi, T.: Information-Theoretic Analysis using Theorem Proving. PhD thesis, Department of Electrical and Computer Engineering, Concordia University (December 2012)
Mhamdi, T., Hasan, O., Tahar, S.: Formalization of entropy measures in HOL. In: van Eekelen, M., Geuvers, H., Schmaltz, J., Wiedijk, F. (eds.) ITP 2011. LNCS, vol. 6898, pp. 233–248. Springer, Heidelberg (2011)
Mhamdi, T., Hasan, O., Tahar, S.: Quantitative analysis of information flow using theorem proving. In: Aoki, T., Taguchi, K. (eds.) ICFEM 2012. LNCS, vol. 7635, pp. 119–134. Springer, Heidelberg (2012)
Reiter, M.K., Rubin, A.D.: Crowds: anonymity for web transactions. ACM Transactions on Information Systems Security 1(1), 66–92 (1998)
Renyi, A.: On measures of entropy and information. In: Proceedings Berkeley Symposium on Mathematics, Statistics and Probability, pp. 547–561 (1961)
Schneider, S., Sidiropoulos, A.: CSP and anonymity. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 198–218. Springer, Heidelberg (1996)
Smith, G.: Principles of secure information flow analysis. In: Malware Detection. Advances in Information Security, pp. 291–307. Springer (2007)
Smith, G.: On the foundations of quantitative information flow. In: de Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009)
Smith, G.: Quantifying information flow using min-entropy. In: Quantitative Evaluation of SysTems, pp. 159–167 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Helali, G., Hasan, O., Tahar, S. (2013). Formal Analysis of Information Flow Using Min-Entropy and Belief Min-Entropy. In: Iyoda, J., de Moura, L. (eds) Formal Methods: Foundations and Applications. SBMF 2013. Lecture Notes in Computer Science, vol 8195. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41071-0_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-41071-0_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41070-3
Online ISBN: 978-3-642-41071-0
eBook Packages: Computer ScienceComputer Science (R0)