We present a novel method for Quantitative Information Flow analysis. We show how the problem of computing information leakage can be viewed as an extension of the Satisfiability Modulo Theories (SMT) problem. This view enables us to develop a framework for QIF analysis based on the framework DPLL(T) used in SMT solvers. We then show that the methodology of Symbolic Execution (SE) also fits our framework. Based on these ideas, we build two QIF analysis tools: the first one employs CBMC, a bounded model checker for ANSI C, and the second one is built on top of Symbolic PathFinder, a Symbolic Executor for Java. We use these tools to quantify leaks in industrial code such as C programs from the Linux kernel, a Java tax program from the Europea...
Information-flow analysis is a powerful technique for rea-soning about the sensitive information exp...
A confidential program should not allow any information about its secret inputs to be inferred from ...
Quantitative program analysis is an emerging area with applications to software testing and security...
We present a novel method for Quantitative Information Flow analysis. We show how the problem of com...
acmid: 2590328 keywords: model checking, quantitative information flow, satisfiability modulo theori...
Quantitative Information Flow (QIF) is a powerful approach to quantify leaks of confidential informa...
acmid: 2382791 issue_date: November 2012 keywords: algorithms, security, verification numpages: 5acm...
We report on our work-in-progress into the use of reliabil-ity analysis to quantify information leak...
acmid: 2632367 keywords: Model Counting, Quantitative Information Flow, Reliability Analysis, Symbol...
This thesis contributes to the field of language-based information flow analysis with a focus on det...
PhD finalThis thesis is concerned with the quantitative assessment of security in software. More sp...
International audienceSeveral measures have been proposed in literature for quantifying the informat...
Quantitative information flow measurement techniques have been proven to be successful in detecting ...
A crucial problem in software security is the detection of side-channels. Information gained by obse...
In recent work we have proposed a software reliability analy-sis technique that uses symbolic execut...
Information-flow analysis is a powerful technique for rea-soning about the sensitive information exp...
A confidential program should not allow any information about its secret inputs to be inferred from ...
Quantitative program analysis is an emerging area with applications to software testing and security...
We present a novel method for Quantitative Information Flow analysis. We show how the problem of com...
acmid: 2590328 keywords: model checking, quantitative information flow, satisfiability modulo theori...
Quantitative Information Flow (QIF) is a powerful approach to quantify leaks of confidential informa...
acmid: 2382791 issue_date: November 2012 keywords: algorithms, security, verification numpages: 5acm...
We report on our work-in-progress into the use of reliabil-ity analysis to quantify information leak...
acmid: 2632367 keywords: Model Counting, Quantitative Information Flow, Reliability Analysis, Symbol...
This thesis contributes to the field of language-based information flow analysis with a focus on det...
PhD finalThis thesis is concerned with the quantitative assessment of security in software. More sp...
International audienceSeveral measures have been proposed in literature for quantifying the informat...
Quantitative information flow measurement techniques have been proven to be successful in detecting ...
A crucial problem in software security is the detection of side-channels. Information gained by obse...
In recent work we have proposed a software reliability analy-sis technique that uses symbolic execut...
Information-flow analysis is a powerful technique for rea-soning about the sensitive information exp...
A confidential program should not allow any information about its secret inputs to be inferred from ...
Quantitative program analysis is an emerging area with applications to software testing and security...