Quantitative Information Flow as Network Flow Capacity
Author(s)
McCamant, Stephen; Ernst, Michael D.
DownloadMIT-CSAIL-TR-2007-057.pdf (1010.Kb)
Additional downloads
Other Contributors
Program Analysis
Advisor
Michael Ernst
Metadata
Show full item recordAbstract
We present a new technique for determining how much information abouta program's secret inputs is revealed by its public outputs. Incontrast to previous techniques based on reachability from secretinputs (tainting), it achieves a more precise quantitative result bycomputing a maximum flow of information between the inputs andoutputs. The technique uses static control-flow regions to soundlyaccount for implicit flows via branches and pointer operations, butoperates dynamically by observing one or more program executions andgiving numeric flow bounds specific to them (e.g., "17 bits"). Themaximum flow in a network also gives a minimum cut (a set of edgesthat separate the secret input from the output), which can be used toefficiently check that the same policy is satisfied on futureexecutions. We performed case studies on 5 real C, C++, and ObjectiveC programs, 3 of which had more than 250K lines of code. The toolchecked multiple security policies, including one that was violated bya previously unknown bug.
Date issued
2007-12-10Other identifiers
MIT-CSAIL-TR-2007-057
Keywords
Confidentiality, Privacy, Information disclosure, Tainting, Implicit flows, Valgrind, Memcheck