An Algebraic Approach for Reasoning About Information Flow

  title={An Algebraic Approach for Reasoning About Information Flow},
  author={Arthur Am{\'e}rico and M{\'a}rio S. Alvim and Annabelle McIver},
This paper concerns the analysis of information leaks in security systems. We address the problem of specifying and analyzing large systems in the (standard) channel model used in quantitative information flow (QIF). We propose several operators which match typical interactions between system components. We explore their algebraic properties with respect to the security-preserving refinement relation defined by Alvim et al. and McIver et al. We show how the algebra can be used to simplify… 


Axioms for Information Leakage
This paper studies information leakage axiomatically, showing important dependencies among different axioms and establishing a completeness result about the g-leakage family, showing that any leakage measure satisfying certain intuitively-reasonable properties can be expressed as a g-Leakage.
Computing the Leakage of Information-Hiding Systems
We address the problem of computing the information leakage of a system in an efficient way. We propose two methods: one based on reducing the problem to reachability, and the other based on
On the Compositionality of Quantitative Information Flow
This paper studies the case in which the channel associated to the system can be decomposed into simpler channels, which typically happens when the observables consist of multiple components, and derivation of bounds on the (multiplicative version of) $g$-leakage of the whole system in terms of the $g-leaks of its components.
On the Foundations of Quantitative Information Flow
This paper argues that the consensus definitions of Shannon entropy actually fail to give good security guarantees, and explores an alternative foundation based on a concept of vulnerability and which measures uncertainty using Renyi's min-entropy , rather than Shannon entropy.
Quantitative information flow under generic leakage functions and adaptive adversaries
A model of action-based randomization mechanisms to analyse quantitative information flow (QIF) under generic leakage functions, and under possibly adaptive adversaries, which subsumes many of the QIF models proposed so far.
Leakage and Protocol Composition in a Game-Theoretic Perspective
This work considers operators for modeling visible and invisible choice in protocol composition, and studies their algebraic properties, and formalizes the interplay between defender and adversary in a game-theoretic framework adapted to the specific issues of QIF, where the payoff is information leakage.
A Better Composition Operator for Quantitative Information Flow Analyses
It is shown that the new operator enjoys various convenient algebraic properties and that it is well-behaved under composition refinement, and it is proved that it generalises existing composition operators.
Quantitative Information Flow, Relations and Polymorphic Types
With this presentation, it is shown how relational parametricity can be used to derive upper and lower bounds on information flows through families of functions defined in the second-order lambda calculus.
Additive and Multiplicative Notions of Leakage, and Their Capacities
This work proposes a theory of channel capacity, generalising the Shannon capacity of information theory, that can apply both to additive- and to multiplicative forms of a recently-proposed measure known as g-leakage, and explores the computational aspects of calculating these (new) capacities.
On the Bayes risk in information-hiding protocols
A constructive characterization of a convex base of the probability of error is presented, which allows us to compute its maximum value (over all possible input distributions), and to identify upper bounds for it in terms of simple functions.