%0 Book Section
%A Boreale, Michele
%A Pampaloni, Francesca
%A Paolini, Michela
%B Computer Security – ESORICS 2011
%D 2011
%E Atluri, Vijay
%E Diaz, Claudia
%F eprints:1244
%I Springer
%K Quantitative information flow; statistical attacks; anonymity; privacy; information theory 
%N 6879
%P 588-606
%S Lecture Notes in Computer Science
%T Quantitative information flow, with a view
%U http://eprints.imtlucca.it/1244/
%V 6879
%X We put forward a general model intended for assessment of system security against passive eavesdroppers, both quantitatively ( how much information is leaked) and qualitatively ( what properties are leaked). To this purpose, we extend information hiding systems ( ihs ), a model where the secret-observable relation is represented as a noisy channel, with views : basically, partitions of the state-space. Given a view W and n independent observations of the system, one is interested in the probability that a Bayesian adversary wrongly predicts the class of W the underlying secret belongs to. We offer results that allow one to easily characterise the behaviour of this error probability as a function of the number of observations, in terms of the channel matrices defining the ihs and the view W . In particular, we provide expressions for the limit value as n → ∞, show by tight bounds that convergence is exponential, and also characterise the rate of convergence to predefined error thresholds. We then show a few instances of statistical attacks that can be assessed by a direct application of our model: attacks against modular exponentiation that exploit timing leaks, against anonymity in mix-nets and against privacy in sparse datasets.
%Z Proceedings of the 16th European Symposium on Research in Computer Security, Leuven, Belgium, September 12-14,2011