An Algebraic Approach for Reasoning About Information Flow
Arthur Am\'erico, M\'ario S. Alvim, Annabelle McIver
TL;DR
This paper introduces an algebraic framework for analyzing information leaks in security systems, enabling simplified specifications and improved computation of leakage bounds, demonstrated through the Crowds Protocol.
Contribution
It presents a novel algebraic approach with operators for reasoning about information flow, enhancing analysis and verification of security protocols.
Findings
Algebraic operators match typical system interactions.
Simplifies large system specifications for leakage analysis.
Justifies a new algorithm for leakage bound computation.
Abstract
This paper concerns the analysis of information leaks in security systems. We address the problem of specifying and analyzing large systems in the (standard) channel model used in quantitative information flow (QIF). We propose several operators which match typical interactions between system components. We explore their algebraic properties with respect to the security-preserving refinement relation defined by Alvim et al. and McIver et al. We show how the algebra can be used to simplify large system specifications in order to facilitate the computation of information leakage bounds. We demonstrate our results on the specification and analysis of the Crowds Protocol. Finally, we use the algebra to justify a new algorithm to compute leakage bounds for this protocol.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.