Axioms for Information Leakage Mrio S Alvim Carroll
- Slides: 26
Axioms for Information Leakage Mário S. Alvim Carroll Morgan Federal University of Minas Gerais Univ. of New South Wales, and Data 61 Konstantinos Chatzikokolakis Catuscia Palamidessi Annabelle Mc. Iver Geoffrey Smith CNRS, Inria Macquarie University CNRS, Inria Florida International University 29 th IEEE Computer Security Foundations Symposium – CSF’ 16 June 27 -July 1, 2016 - Lisbon, Portugal
This talk in a nutshell • Quantitative information flow (QIF): assessing and controlling the leakage of sensitive information by computer systems. Motivation • no single leakage measure is appropriate in all operational scenarios; • various leakage measures have been proposed, with many different properties. Axioms for Information Leakage - IEEE CSF'16 2
Background: secrets and priors • A secret is something whose value we want to keep secret. • A user’s password or location; • an RSA key; • An adversary possesses some probabilistic information about the secret, captured by a probability distribution, called the prior. • The prior can come from: • knowledge about how secrets are generated; • knowledge about the population the secret comes from. The probability of choosing a certain password. A young person is likely to be located at a popular bar on Saturday night. Axioms for Information Leakage - IEEE CSF'16 3
Background: information measures • An information-theoretic measure gauges the “amount of secrecy” in priors. Information measure Shannonentropy Guessingentropy Bayesvulnerability Operational scenario Mathematical definition Adversary performs a binary search on secrets. Measure: expected number of questions needed. Adversary performs a linear search on secrets. Measure: expected number of questions needed. Adversary has one try to guess the secret. Measure: probability of guessing the secret correctly. Axioms for Information Leakage - IEEE CSF'16 4
Background: operational scenarios • Some bits of an RSA key. Location within 100 m of error. Is the user male or female? ATM swallows a card after 3 wrong guesses for a pin-code. Breaking into the wrong door makes an alarm go off. Axioms for Information Leakage - IEEE CSF'16 5
• Obs: an equally expressive alternative is to define entropy measures in terms of minimization of a lossfunction. Axioms for Information Leakage - IEEE CSF'16 6
Background: channels and hypers • Axioms for Information Leakage - IEEE CSF'16 7
Background: leakage • Axioms for Information Leakage - IEEE CSF'16 8
Axiomatization • • Average case? • Worst-case? • Additively? • Multiplicatively? Axioms for Information Leakage - IEEE CSF'16 9
Axiomatization of prior vulnerabilities • Axioms for Information Leakage - IEEE CSF'16 10
Axiomatization of prior vulnerabilities • Axioms for Information Leakage - IEEE CSF'16 11
Axiomatization of prior vulnerabilities • Axioms for Information Leakage - IEEE CSF'16 12
Axiomatization of prior vulnerabilities • Axioms for Information Leakage - IEEE CSF'16 13
Axiomatization of prior vulnerabilities • Axioms for Information Leakage - IEEE CSF'16 14
Axiomatization of posterior vulnerabilities • Axioms for Information Leakage - IEEE CSF'16 15
Axiomatization of posterior vulnerabilities • Axioms for Information Leakage - IEEE CSF'16 16
Axiomatization of posterior vulnerabilities • Axioms for Information Leakage - IEEE CSF'16 17
Posterior vulnerability as expectation • Axioms for Information Leakage - IEEE CSF'16 18
Posterior vulnerability as expectation CVX AVG MONO Axioms for Information Leakage - IEEE CSF'16 NI DPI 19
Posterior vulnerability as maximum • Axioms for Information Leakage - IEEE CSF'16 20
Posterior vulnerability as expectation Q-CVX MAX MONO Axioms for Information Leakage - IEEE CSF'16 NI DPI 21
Other definitions of posterior vulnerabilities • Axioms for Information Leakage - IEEE CSF'16 22
Discussion: analysis of “nonconvenient” information measures • Axioms for Information Leakage - IEEE CSF'16 23
Discussion: verifying composition refinement • Axioms for Information Leakage - IEEE CSF'16 24
Conclusion CVX and QCVX are natural consequences of more fundamental properties. • Axioms for Information Leakage - IEEE CSF'16 25
Thank you! Mário S. Alvim (Federal University of Minas Gerais) Carroll Morgan (University of New South Wales, and Data 61) Konstantinos Chatzikokolakis (CNRS and Inria, École Polytechnique) Catuscia Palamidessi Annabelle Mc. Iver (Macquaire University) Geoffrey Smith (CNRS and Inria, École Polytechnique) (Florida International University) Axioms for Information Leakage - IEEE CSF'16 26
- Crash jerry spinelli movie
- Board game
- Incidence axioms
- Complex numbers definition
- Five axioms of urban economics
- Paul watzlawick 5 axioms of communication
- What is reflexive property
- Axioms of interpersonal communication
- Object oriented design axioms
- Axiomatic structure
- Peano axioms
- Compliance motivation and health behaviors of the learner
- Modular arithmetic
- Axioms of probability theory
- Physiological effects of electricity
- "gulf coast college" -casino -events -jobs
- Spectral leakage
- Definition of elcb
- Pericatheter leak meaning
- Dcm305e
- Claims leakage control
- Why must air tanks be drained
- Schottky barrier lowering
- The air leakage rate for a combination vehicle
- Iec 60601 leakage current limits
- Leakage point
- Cmos leakage current