What's the Over/Under? Probabilistic Bounds on Information Leakage. Ian Sweet, José Manuel Calderón Trilla, Chad Scherrer, Michael Hicks, and Stephen Magill, November 2017.

Quantitative information flow (QIF) is concerned with measuring how much of a secret is leaked to an adversary who observes the result of a computation that uses it. Prior work has shown that QIF techniques based on abstract interpretation with probabilistic polyhedra can be used to analyze the worst-case leakage of a query, on-line, to determine whether that query can be safely answered. While this approach can provide precise estimates, it does not scale well. This paper shows how to solve the scalability problem by augmenting the baseline technique with sampling and symbolic execution. We prove that our approach never underestimates a query's leakage (it is sound), and detailed experimental results show that we can match the precision of the baseline technique but with orders of magnitude better performance.

[ .pdf ]

  TITLE = {What's the Over/Under? Probabilistic Bounds on Information Leakage},
  AUTHOR = {Ian Sweet and Jos\'e Manuel Calder\'on Trilla and
  Chad Scherrer and Michael Hicks and Stephen Magill},
  SUBMITTED = {yes},
  YEAR = 2017


This file has been generated by bibtex2html 1.69