Quantitative Information Flow (QIF) is a powerful approach to quantify leaks of confidential information in a software system. Here we present a novel method that precisely quan-tifies information leaks. In order to mitigate the state-space explosion problem, we propose a symbolic representation of data, and a general SMT-based framework to explore sys-tematically the state space. Symbolic Execution fits well with our framework, so we implement a method of QIF anal-ysis employing Symbolic Execution. We develop our method as a prototype tool that can per-form QIF analysis for a software system developed in Java. The tool is built on top of Java Pathfinder, an open source model checking platform, and it is the first tool in the field to suppo...
Quantitative program analysis is an emerging area with applications to software testing and security...
A crucial problem in software security is the detection of side-channels. Information gained by obse...
AbstractIn a batch program, information about confidential inputs may flow to insecure outputs. The ...
acmid: 2382791 issue_date: November 2012 keywords: algorithms, security, verification numpages: 5acm...
We present a novel method for Quantitative Information Flow analysis. We show how the problem of com...
acmid: 2590328 keywords: model checking, quantitative information flow, satisfiability modulo theori...
We report on our work-in-progress into the use of reliabil-ity analysis to quantify information leak...
This thesis contributes to the field of language-based information flow analysis with a focus on det...
acmid: 2632367 keywords: Model Counting, Quantitative Information Flow, Reliability Analysis, Symbol...
International audienceSeveral measures have been proposed in literature for quantifying the informat...
In recent work we have proposed a software reliability analy-sis technique that uses symbolic execut...
We introduce an abstract domain for information-flow analysis of software. The proposal combines var...
Information-flow analysis is a powerful technique for rea-soning about the sensitive information exp...
Abstract. A fundamental concern in computer security is to control information flow, whether to prot...
Abstract. Quantitative information-flow analysis (QIF) is an emerging tech-nique for establishing in...
Quantitative program analysis is an emerging area with applications to software testing and security...
A crucial problem in software security is the detection of side-channels. Information gained by obse...
AbstractIn a batch program, information about confidential inputs may flow to insecure outputs. The ...
acmid: 2382791 issue_date: November 2012 keywords: algorithms, security, verification numpages: 5acm...
We present a novel method for Quantitative Information Flow analysis. We show how the problem of com...
acmid: 2590328 keywords: model checking, quantitative information flow, satisfiability modulo theori...
We report on our work-in-progress into the use of reliabil-ity analysis to quantify information leak...
This thesis contributes to the field of language-based information flow analysis with a focus on det...
acmid: 2632367 keywords: Model Counting, Quantitative Information Flow, Reliability Analysis, Symbol...
International audienceSeveral measures have been proposed in literature for quantifying the informat...
In recent work we have proposed a software reliability analy-sis technique that uses symbolic execut...
We introduce an abstract domain for information-flow analysis of software. The proposal combines var...
Information-flow analysis is a powerful technique for rea-soning about the sensitive information exp...
Abstract. A fundamental concern in computer security is to control information flow, whether to prot...
Abstract. Quantitative information-flow analysis (QIF) is an emerging tech-nique for establishing in...
Quantitative program analysis is an emerging area with applications to software testing and security...
A crucial problem in software security is the detection of side-channels. Information gained by obse...
AbstractIn a batch program, information about confidential inputs may flow to insecure outputs. The ...