eprintid: 1542 rev_number: 8 eprint_status: archive userid: 6 dir: disk0/00/00/15/42 datestamp: 2013-04-12 13:32:30 lastmod: 2013-04-12 13:32:30 status_changed: 2013-04-12 13:32:30 type: book_section metadata_visibility: show creators_name: Boreale, Michele creators_name: Pampaloni, Francesca creators_id: creators_id: francesca.pampaloni@imtlucca.it title: Quantitative Multirun Security under Active Adversaries ispublished: pub subjects: QA75 divisions: CSA full_text_status: none keywords: IEEE Terms: Contex; Credit cards; Probabilistic logic; Probability distribution; Security; Terminology; Vectors note: Quantitative Evaluation of Systems (QEST), London, 17-20 September 2012 abstract: We study the security of probabilistic programsunder the assumption that an active adversary controls part ofthe program's inputs, and the program can be run several times. The adversary's target are the high, confidential inputs to theprogram. We model the program behaviour as an information-theoretic channel and define a notion of quantitative multi-runleakage. We characterize in a simple way both the asymptoticmulti-run leakage and its exponential growth rate, depending onthe number of runs, the characterization is given in terms ofthe program's channel matrix. We then study the case where adeclassification policy is specified: we define a measure of thedegree of violation of the policy and characterize its asymptoticmulti-run behaviour, thus allowing for a combined analysis ofwhat and how much information is leaked. We finally study thecase where a user is faced with the task of assessing the undueinfluence of an active adversary on a deployed program or system, of which only a (black-box) specification is available. date: 2012 publisher: IEEE pagerange: 158-167 pages: 158 event_title: Quantitative Evaluation of Systems (QEST), 2012 Ninth International Conference on id_number: 10.1109/QEST.2012.31 refereed: TRUE isbn: 978-0-7695-4781-7 book_title: Proceedings of the Ninth International Conference on Quantitative Evaluation of Systems (QEST), 2012 official_url: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6354644&isnumber=6354626 projects: Work partially supported by the EU project ASCENS under the FET open initiative in FP7. citation: Boreale, Michele and Pampaloni, Francesca Quantitative Multirun Security under Active Adversaries. In: Proceedings of the Ninth International Conference on Quantitative Evaluation of Systems (QEST), 2012. IEEE, pp. 158-167. ISBN 978-0-7695-4781-7 (2012)