eprintid: 1244
rev_number: 9
eprint_status: archive
userid: 6
dir: disk0/00/00/12/44
datestamp: 2012-03-27 09:53:56
lastmod: 2014-07-28 12:21:38
status_changed: 2012-03-27 09:53:56
type: book_section
metadata_visibility: show
creators_name: Boreale, Michele
creators_name: Pampaloni, Francesca
creators_name: Paolini, Michela
creators_id: 
creators_id: francesca.pampaloni@imtlucca.it
creators_id: michela.paolini@alumni.imtlucca.it
title: Quantitative information flow, with a view
ispublished: pub
subjects: QA75
divisions: CSA
full_text_status: public
keywords: Quantitative information flow; statistical attacks; anonymity; privacy; information theory 
note: Proceedings of the 16th European Symposium on Research in Computer Security, Leuven, Belgium, September 12-14,2011
abstract: We put forward a general model intended for assessment of system security against passive eavesdroppers, both quantitatively ( how much information is leaked) and qualitatively ( what properties are leaked). To this purpose, we extend information hiding systems ( ihs ), a model where the secret-observable relation is represented as a noisy channel, with views : basically, partitions of the state-space. Given a view W and n independent observations of the system, one is interested in the probability that a Bayesian adversary wrongly predicts the class of W the underlying secret belongs to. We offer results that allow one to easily characterise the behaviour of this error probability as a function of the number of observations, in terms of the channel matrices defining the ihs and the view W . In particular, we provide expressions for the limit value as n → ∞, show by tight bounds that convergence is exponential, and also characterise the rate of convergence to predefined error thresholds. We then show a few instances of statistical attacks that can be assessed by a direct application of our model: attacks against modular exponentiation that exploit timing leaks, against anonymity in mix-nets and against privacy in sparse datasets.
date: 2011
series: Lecture Notes in Computer Science
volume: 6879
number: 6879
publisher: Springer
pagerange: 588-606
id_number: 10.1007/978-3-642-23822-2_32
refereed: TRUE
isbn: 978-3-642-23821-5
book_title: Computer Security – ESORICS 2011
editors_name: Atluri, Vijay
editors_name: Diaz, Claudia
official_url: http://dx.doi.org/10.1007/978-3-642-23822-2_32
funders: Work partially supported by the EU funded project Ascens
citation:   Boreale, Michele and Pampaloni, Francesca and Paolini, Michela  Quantitative information flow, with a view.   In:  Computer Security – ESORICS 2011.   Lecture Notes in Computer Science, 6879  (6879).  Springer, pp. 588-606.  ISBN 978-3-642-23821-5      (2011)  
document_url: http://eprints.imtlucca.it/1244/1/Pampaloni_Paolini_LNCS_2011b.pdf