@incollection{eprints1244, volume = {6879}, number = {6879}, pages = {588--606}, series = {Lecture Notes in Computer Science}, title = {Quantitative information flow, with a view}, year = {2011}, note = {Proceedings of the 16th European Symposium on Research in Computer Security, Leuven, Belgium, September 12-14,2011}, publisher = {Springer}, author = {Michele Boreale and Francesca Pampaloni and Michela Paolini}, editor = {Vijay Atluri and Claudia Diaz}, booktitle = {Computer Security ? ESORICS 2011}, url = {http://eprints.imtlucca.it/1244/}, abstract = {We put forward a general model intended for assessment of system security against passive eavesdroppers, both quantitatively ( how much information is leaked) and qualitatively ( what properties are leaked). To this purpose, we extend information hiding systems ( ihs ), a model where the secret-observable relation is represented as a noisy channel, with views : basically, partitions of the state-space. Given a view W and n independent observations of the system, one is interested in the probability that a Bayesian adversary wrongly predicts the class of W the underlying secret belongs to. We offer results that allow one to easily characterise the behaviour of this error probability as a function of the number of observations, in terms of the channel matrices defining the ihs and the view W . In particular, we provide expressions for the limit value as n {$\rightarrow$} ?, show by tight bounds that convergence is exponential, and also characterise the rate of convergence to predefined error thresholds. We then show a few instances of statistical attacks that can be assessed by a direct application of our model: attacks against modular exponentiation that exploit timing leaks, against anonymity in mix-nets and against privacy in sparse datasets.}, keywords = {Quantitative information flow; statistical attacks; anonymity; privacy; information theory } }