Skip to main content Accessibility help
×
Home
Hostname: page-component-79b67bcb76-b5nxq Total loading time: 0.205 Render date: 2021-05-15T21:50:20.924Z Has data issue: true Feature Flags: { "shouldUseShareProductTool": true, "shouldUseHypothesis": true, "isUnsiloEnabled": true, "metricsAbstractViews": false, "figures": false, "newCiteModal": false, "newCitedByModal": true, "newEcommerce": true }

Preface to the special issue on quantitative information flow

Published online by Cambridge University Press:  10 November 2014

MIGUEL E. ANDRÉS
Affiliation:
LIX, École Polytechnique, Palaiseau, France Email: mandres@lix.polytechnique.fr
CATUSCIA PALAMIDESSI
Affiliation:
INRIA Saclay and LIX, Palaiseau, France Email: catuscia@lix.polytechnique.fr
GEOFFREY SMITH
Affiliation:
School of Computing and Information Sciences, Florida International University, Miami, Florida, U.S.A. Email: smithg@cis.fiu.edu
Rights & Permissions[Opens in a new window]

Extract

A long-standing and fundamental issue in computer security is to control the flow of information, whether to prevent confidential information from being leaked, or to prevent trusted information from being tainted. While there have been many efforts aimed at preventing improper flows completely (see for example, the survey by Sabelfeld and Myers (2003)), it has long been recognized that perfection is often impossible in practice. A basic example is a login program – whenever it rejects an incorrect password, it unavoidably reveals that the secret password differs from the one that was entered. More subtly, systems may be vulnerable to side channel attacks, because observable characteristics like running time and power consumption may depend, at least partially, on sensitive information.

Type
Editorial Preface
Copyright
Copyright © Cambridge University Press 2014 

References

Alvim, M. S., Chatzikokolakis, K., Palamidessi, C. and Smith, G. (2012) Measuring information leakage using generalized gain functions. In: Proceedings 25th IEEE Computer Security Foundations Symposium 265–279.CrossRefGoogle Scholar
Andrés, M. E., Palamidessi, C., van Rossum, P. and Smith, G. (2010) Computing the leakage of information-hiding systems. In: Esparza, J. and Majumdar, R. (eds.) Tools and Algorithms for the Construction and Analysis of Systems. Lecture Notes in Computer Science 6015 373389.CrossRefGoogle Scholar
Backes, M., Köpf, B. and Rybalchenko, A. (2009) Automatic discovery and quantification of information leaks. In: Proceedings 30th IEEE Symposium on Security and Privacy 141–153.Google Scholar
Barthe, G. and Köpf, B. (2011) Information-theoretic bounds for differentially private mechanisms. In: Proceedings 24th IEEE Computer Security Foundations Symposium 191–204.CrossRefGoogle Scholar
Chatzikokolakis, K., Chothia, T. and Guha, A. (2010) Statistical measurement of information leakage. In: Esparza, J. and Majumdar, R. (eds.) Tools and Algorithms for the Construction and Analysis of Systems. Lecture Notes in Computer Science 6015 390404.CrossRefGoogle Scholar
Clark, D., Hunt, S. and Malacaria, P. (2001) Quantitative analysis of the leakage of confidential data. In: Proceedings Workshop on Quantitative Aspects of Programming Languages. Electronic Notes in Theoretical Computer Science 59 (3)238251.CrossRefGoogle Scholar
Clark, D., Hunt, S. and Malacaria, P. (2007) A static analysis for quantifying information flow in a simple imperative language. Journal of Computer Security 15 321371.CrossRefGoogle Scholar
Clarkson, M., Myers, A. and Schneider, F. (2005) Belief in information flow. In: Proceedings 18th IEEE Computer Security Foundations Workshop 31–45.CrossRefGoogle Scholar
Chatzikokolakis, K., Palamidessi, C. and Panangaden, P. (2008) On the Bayes risk in information-hiding protocols. Journal of Computer Security 16 (5)531571.CrossRefGoogle Scholar
Denning, D. (1983) Cryptography and Data Security, Addison-Wesley.Google Scholar
Gray, J. W. III (1991) Toward a mathematical foundation for information flow security. In: IEEE Symposium on Security and Privacy 21–35.Google Scholar
Heusser, J. and Malacaria, P. (2010) Quantifying information leaks in software. In: Proceedings of the Annual Computer Security Applications Conference 261–269.Google Scholar
Köpf, B. and Basin, D. (2007) An information-theoretic model for adaptive side-channel attacks. In: Proceedings of the 14th ACM Conference on Computer and Communications Security 286–296.Google Scholar
Köpf, B., Mauborgne, L. and Ochoa, M. (2012) Automatic quantification of cache side-channels. In: Proceedings of the 24th International Conference on Computer-Aided Verification 564–580.Google Scholar
Köpf, B. and Rybalchenko, A. (2010) Approximation and randomization for quantitative information-flow analysis. In: Proceedings of the 23nd IEEE Computer Security Foundations Symposium 3–14.Google Scholar
Köpf, B. and Smith, G. (2010) Vulnerability bounds and leakage resilience of blinded cryptography under timing attacks. In: Proceedings of the 23nd IEEE Computer Security Foundations Symposium 44–56.Google Scholar
Malacaria, P. (2007) Assessing security threats of looping constructs. In: Proceedings of the 34th Symposium on Principles of Programming Languages 225–235.Google Scholar
McLean, J. (1990) Security models and information flow. In: IEEE Symposium on Security and Privacy 180–189.Google Scholar
Millen, J. K. (1987) Covert channel capacity. In: IEEE Symposium on Security and Privacy 60–66.Google Scholar
McIver, A., Meinicke, L. and Morgan, C. (2010) Compositional closure for Bayes risk in probabilistic noninterference. In: Proceedings of the International Colloquium on Automata, Languages and Programming 223–235.CrossRefGoogle Scholar
Newsome, J., McCamant, S. and Song, D. (2009) Measuring channel capacity to distinguish undue influence. In: Proceedings of the Fourth Workshop on Programming Languages and Analysis for Security 73–85.Google Scholar
Sabelfeld, A. and Myers, A. C. (2003) Language-based information flow security. IEEE Journal on Selected Areas in Communications 21 (1)519.CrossRefGoogle Scholar
Smith, G. (2009) On the foundations of quantitative information flow. In: de Alfaro, L. (ed.) Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures. Lecture Notes in Computer Science 5504 288302.CrossRefGoogle Scholar
Yasuoka, H. and Terauchi, T. (2010) Quantitative information flow—verification hardness and possibilities. In: Proceedings of the 23nd IEEE Computer Security Foundations Symposium 15–27.CrossRefGoogle Scholar
You have Access

Send article to Kindle

To send this article to your Kindle, first ensure no-reply@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about sending to your Kindle. Find out more about sending to your Kindle.

Note you can select to send to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be sent to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Preface to the special issue on quantitative information flow
Available formats
×

Send article to Dropbox

To send this article to your Dropbox account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Dropbox.

Preface to the special issue on quantitative information flow
Available formats
×

Send article to Google Drive

To send this article to your Google Drive account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Google Drive.

Preface to the special issue on quantitative information flow
Available formats
×
×

Reply to: Submit a response


Your details


Conflicting interests

Do you have any conflicting interests? *