Skip to main content
    • Aa
    • Aa

Algebraic foundations for quantitative information flow


Several mathematical ideas have been investigated for quantitative information flow. Information theory, probability, guessability are the main ideas in most proposals. They aim to quantify how much information is leaked, how likely is to guess the secret and how long does it take to guess the secret respectively. In this work, we investigate the relationship between these ideas in the context of the quantitative analysis of deterministic systems. We propose the lattice of information as a valuable foundation for these approaches; not only it provides an elegant algebraic framework for the ideas, but also to investigate their relationship. In particular, we will use this lattice to prove some results establishing order relation correspondences between the different quantitative approaches. The implications of these results w.r.t. recent work in the community is also investigated. While this work concentrates on the foundational importance of the lattice of information its practical relevance has been recently proven, notably with the quantitative analysis of Linux kernel vulnerabilities. Overall, we believe these works set the case for establishing the lattice of information as one of the main reference structure for quantitative information flow.

Linked references
Hide All

This list contains references from the content that can be linked to their source. For a full set of references and notes please see the PDF or HTML where available.

K. Chatzikokolakis , C. Palamidessi and P. Panangaden (2008) Anonymity protocols as noisy channels. Information and Computation 206 (2–4) 378401.

D. Clark , S. Hunt and P. Malacaria (2002) Quantitative analysis of the leakage of confidential data. In: QAPL'01, Quantitative Aspects of Programming Languages. Electronic Notes in Theoretical Computer Science 59 (3) 238251.

D. Clark , S. Hunt and P. Malacaria (2007) A static analysis for quantifying information flow in a simple imperative language. Journal of Computer Security 15 (3) 321371.

E. Clarke , D. Kroening and F. Lerda (2004) A tool for checking ANSI-C programs. Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2004) Springer988168176.

M. Clarkson , A. Myers and F. Schneider (2009) Quantifying information flow with beliefs. Journal of Computer and Security 17 (5) 655701.

T. Cover and J. Thomas (1991) Elements of Information Theory, John Wiley.

D. Denning (1976) A lattice model of secure information flow. Communication of the ACM 19 (5) 236243 ACM, New York, NY, USA.

R. Giacobazzi and I. Mastroeni (2004) Abstract non-interference: Parameterizing non-interference by abstract interpretation. In: 31st Annual Symposium on Principles of Programming Languages (POPL'04), ACM, Venice, Italy186197.

G. Lowe (2002) Quantifying information flow. In: 15th IEEE Computer Security Foundations Workshop (CSFW 2002), Nova Scotia Canada, IEEE Computer Society1831.

P. Malacaria (2010) Risk assessment of security threats for looping constructs. Journal Of Computer Security 18 (2) 191228.

P. Malacaria and J. Heusser (2010) Information theory and security: Quantitative information flow. In: 10th International School on Formal Methods for the Design of Computer, Communication and Software Systems, SFM 2010. Springer Lecture Notes in Computer Science Bertinoro 6154 87134.

A. McIver and C. Morgan (2003) A probabilistic approach to information hiding. Programming Methodology, Springer, New York, NY, USA441460.

C. C. Morgan (2009) The shadow knows: Refinement of ignorance in sequential programs. Science of Computer Programming Elsevier 74 (8) 629653.

Y. Nakamura (1970) Entropy and semivaluations on semilattices. Kodai Mathematical Seminar Reports 22 443468.

C. Shannon (1948) A mathematical theory of communication. Bell Systems Technical Journal 27 (3) 379423.

G. Smith (2009) On the foundations of quantitative information flow. In: Proceeding of the FOSSACS 2009: 12th International Conference on Foundations of Software Science and Computation Structures. Lecture Notes in Computer Science 5504288302York, UK.

T. Terauchi and A. Aiken (2005) Secure information flow as a safety problem. In: SAS. Lecture Notes in Computer Science 3672 352367.

Recommend this journal

Email your librarian or administrator to recommend adding this journal to your organisation's collection.

Mathematical Structures in Computer Science
  • ISSN: 0960-1295
  • EISSN: 1469-8072
  • URL: /core/journals/mathematical-structures-in-computer-science
Please enter your name
Please enter a valid email address
Who would you like to send this to? *


Full text views

Total number of HTML views: 0
Total number of PDF views: 25 *
Loading metrics...

Abstract views

Total abstract views: 171 *
Loading metrics...

* Views captured on Cambridge Core between September 2016 - 21st September 2017. This data will be updated every 24 hours.