Feb 18, 2014: Minh Tri Ngo: Quantitative Security Analysis for Programs with Low Input and Noisy Output

February 18, 2014Quantitative Security Analysis for Programs with Low Input and Noisy Output
Room: HalB 2FMinh Tri Ngo

Classical quantitative information flow analysis often considers a system as an information-theoretic channel, where private data are the only inputs and public data are the outputs. However, for systems where an attacker is able to influence the initial values of public data, these should also be considered as inputs of the channel. This paper adapts the classical view of information-theoretic channels in order to quantify information flow of programs that contain both private and public inputs.

Additionally, we show that our measure also can be used to reason about the case where a system operator on purpose adds noise to the output, instead of always producing the correct output.  The noisy outcome is used to reduce the correlation between the output and the input, and thus to increase the remaining uncertainty. However, even though adding noise to the output enhances the security, it reduces the reliability of the program. We show how given a certain noisy output policy, the increase in security and the decrease in reliability can be quantified.