Quantificando Vazamento de Informação sobre Estratégias

Mário S. Alvim; Piotr Mardziel; Michael Hicks

doi:10.5753/etc.2016.9840

Mário S. Alvim UFMG
Piotr Mardziel University of Maryland
Michael Hicks University of Maryland

DOI: https://doi.org/10.5753/etc.2016.9840

Abstract

The field of quantitative information flow concerns the rigorous mathematical assessment of the amount of secret information leaked by computational systems. We report first steps towards a formal model for strategic leakage. We generalize the representation of prior adversarial knowledge from a distribution on secrets to a distribution on strategies for generating secrets, which we call an environment. Applying information-theoretic techniques to environments allows us to disentangle information leakage about a secret from leakage about how users generate secrets, i.e., their strategy.

References

Alvim, M. S., Chatzikokolakis, K., Palamidessi, C., and Smith, G. (2012). Measuring information leakage using generalized gain functions. In Proceedings of the IEEE Computer Security Foundations Symposium (CSF).

Chiasson, S. and van Oorschot, P. C. (2015). Quantifying the security advantage of password expiration policies. Journal of Designs, Codes, and Cryptography, 77(2-3):401–408.

Mardziel, P., Alvim, M. S., Hicks, M., and Clarkson, M. (2014). Quantifying information flow for dynamic secrets. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland).

McIver, A., Meinicke, L., and Morgan, C. (2014). Compositional closure for Bayes risk in probabilistic noninterference. In Proc. ICALP’10.

Zhang, Y., Monrose, F., and Reiter, M. K. (2010). The security of modern password expiration: an algorithmic framework and empirical analysis. In Proceedings of the ACM Conference on Computer and Communications Security (CCS).