Quantitative Security Analysis for Multi-threaded Programs
Tri Minh Ngo (University of Twente), Marieke Huisman (University of, Twente)
TL;DR
This paper introduces a new quantitative analysis model for multi-threaded programs that accounts for intermediate state observables and scheduler effects, addressing limitations of classical information flow theories.
Contribution
It proposes a novel leakage measure for multi-threaded programs that considers intermediate states and scheduler influences, extending existing information flow analysis methods.
Findings
The model effectively captures leakage in multi-threaded programs.
It accounts for the impact of scheduler policies on information flow.
The approach aligns with and extends classical information-theoretic methods.
Abstract
Quantitative theories of information flow give us an approach to relax the absolute confidentiality properties that are difficult to satisfy for many practical programs. The classical information-theoretic approaches for sequential programs, where the program is modeled as a communication channel with only input and output, and the measure of leakage is based on the notions of initial uncertainty and remaining uncertainty after observing the final outcomes, are not suitable to multi-threaded programs. Besides, the information-theoretic approaches have been also shown to conflict with each other when comparing programs. Reasoning about the exposed information flow of multi-threaded programs is more complicated, since the outcomes of such programs depend on the scheduler policy, and the leakages in intermediate states also contribute to the overall leakage of the program. This paper…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.