Algebraic Foundations for Information Theoretical, Probabilistic and Guessability measures of Information Flow

TL;DR

This paper demonstrates how the Lattice of Information provides a unified algebraic foundation for various measures of information flow, linking theoretical concepts with practical applications like Linux kernel vulnerability analysis.

Contribution

It establishes the Lattice of Information as a central framework connecting different quantitative measures of information flow and their relationships.

Findings

Proves order relation correspondences between information flow measures

Shows the practical relevance through Linux kernel vulnerability analysis

Supports the Lattice of Information as a key reference in the field

Abstract

Several mathematical ideas have been investigated for Quantitative Information Flow. Information theory, probability, guessability are the main ideas in most proposals. They aim to quantify how much information is leaked, how likely is to guess the secret and how long does it take to guess the secret respectively. In this paper, we show how the Lattice of Information provides a valuable foundation for all these approaches; not only it provides an elegant algebraic framework for the ideas, but also to investigate their relationship. In particular we will use this lattice to prove some results establishing order relation correspondences between the different quantitative approaches. The implications of these results w.r.t. recent work in the community is also investigated. While this work concentrates on the foundational importance of the Lattice of Information its practical relevance has been recently proven, notably with the quantitative analysis of Linux kernel vulnerabilities. Overall we believe these works set the case for establishing the Lattice of Information as one of the main reference structure for Quantitative Information Flow.