What's the Over/Under? Probabilistic Bounds on Information Leakage. Ian Sweet, José Manuel Calderón Trilla, Chad Scherrer, Michael Hicks, and Stephen Magill, February 2017.

Quantitative information flow (QIF) is concerned with measuring the knowledge about secret data that is gained by observing the result of a computation over that data. QIF has important applications in the domain of privacy, as an increase in attacker knowledge corresponds to a decrease in the privacy of a user's data. In this paper, we consider techniques for computing the Bayes Vulnerability of secret data due to answering a query. Our approach augments a baseline probabilistic abstract interpretation with both sampling and symbolic execution. The approach first computes a sound but imprecise upper bound on the vulnerability and then refines it. We prove this approach retains the soundness of the abstract interpretation. We also present detailed experimental results that quantify the precision and performance improvements of our techniques. We find augmenting imprecise abstract interpretation with our techniques can match the precision of precise abstract interpretation but with with orders of magnitude better performance.

[ .pdf ]

  TITLE = {What's the Over/Under? Probabilistic Bounds on Information Leakage},
  AUTHOR = {Ian Sweet and Jos\'e Manuel Calder\'on Trilla and
  Chad Scherrer and Michael Hicks and Stephen Magill},
  SUBMITTED = {yes},
  YEAR = 2017


This file has been generated by bibtex2html 1.69