Traditional approaches to Quantitative Information Flow (QIF)
represent the adversary's prior knowledge of possible secret values
as a single probability distribution.
This representation may miss important
structure.
For instance, representing prior knowledge about
passwords of a system's users in this way
overlooks the fact that many users generate passwords using
some *strategy*. Knowledge of such strategies can
help the adversary in guessing a secret, so ignoring them may
underestimate the secret's vulnerability.
In this paper we explicitly model strategies as
distributions on secrets, and generalize the representation of
the adversary's prior knowledge from a distribution on secrets
to an *environment*, which is a distribution on strategies
(and, thus, a distribution on distributions on secrets,
called a *hyper-distribution*).
By applying information-theoretic techniques to environments
we derive several meaningful generalizations of the traditional
approach to QIF.
In particular, we disentangle the
*vulnerability of a secret* from the *vulnerability of the strategies*
that generate secrets, and thereby distinguish
*security by aggregation*---which relies on the uncertainty over
strategies---from *security by strategy*---which relies on the
intrinsic uncertainty within a strategy.
We also demonstrate that, in a precise way, no further generalization
of prior knowledge
(e.g., by using distributions of even higher order)
is needed to soundly quantify the vulnerability of the secret.

[ http ]

@inproceedings{alvim17strat, author = {M\'{a}rio S. Alvim and Piotr Mardziel and Michael Hicks}, title = {Quantifying vulnerability of secret generation using hyper-distributions}, booktitle = {Proceedings of the Symposium on Principles of Security and Trust (POST)}, year = 2017, month = apr, note = {Extended version of short paper that appeared at FCS 2016: \url{http://www.cs.umd.edu/~mwh/papers/stratquant.pdf}} }

*This file was generated by
bibtex2html 1.99.*