Refining a Quantitative Information Flow Metric

TL;DR

This paper proposes a refined approach to quantitative information flow metrics that aligns leakage bounds with program secret sizes, enhancing interpretability and practical relevance.

Contribution

It introduces a subtle refinement to existing QIF metrics that links flow results with the effort to uncover secrets, without altering the original theoretical foundations.

Findings

Refinement validates the perspective of bounding leakage by secret size.

Enhances the interpretability of QIF metrics in practical scenarios.

Demonstrates the importance of the refined metric for future QIF design.

Abstract

We introduce a new perspective into the field of quantitative information flow (QIF) analysis that invites the community to bound the leakage, reported by QIF quantifiers, by a range consistent with the size of a program's secret input instead of by a mathematically sound (but counter-intuitive) upper bound of that leakage. To substantiate our position, we present a refinement of a recent QIF metric that appears in the literature. Our refinement is based on slight changes we bring into the design of that metric. These changes do not affect the theoretical premises onto which the original metric is laid. However, they enable the natural association between flow results and the exhaustive search effort needed to uncover a program's secret information (or the residual secret part of that information) to be clearly established. The refinement we discuss in this paper validates our perspective and demonstrates its importance in the future design of QIF quantifiers.