Quantifying Information Leakage in Finite Order Deterministic Programs
Ji Zhu, Mudhakar Srivatsa
TL;DR
This paper addresses conflicts in information leakage metrics for deterministic programs by proposing solutions for consistent comparison, improving the reliability of information flow analysis.
Contribution
It introduces methods to resolve conflicts among various information-theoretic leakage measures for finite order deterministic programs.
Findings
Identifies conflicts among existing leakage metrics.
Proposes solutions for conflict-free leakage comparison.
Enhances reliability of information flow analysis.
Abstract
Information flow analysis is a powerful technique for reasoning about the sensitive information exposed by a program during its execution. While past work has proposed information theoretic metrics (e.g., Shannon entropy, min-entropy, guessing entropy, etc.) to quantify such information leakage, we argue that some of these measures not only result in counter-intuitive measures of leakage, but also are inherently prone to conflicts when comparing two programs P1 and P2 -- say Shannon entropy predicts higher leakage for program P1, while guessing entropy predicts higher leakage for program P2. This paper presents the first attempt towards addressing such conflicts and derives solutions for conflict-free comparison of finite order deterministic programs.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Advanced Malware Detection Techniques · Network Security and Intrusion Detection