We propose an approach to quantify interference in a simple imperative language that includes a looping construct. In this paper we focus on a particular case of this definition of interference: leakage of information from private variables to public ones via a Trojan Horse attack. We quantify leakage in terms of Shannon's information theory and we motivate our definition by proving a result relating this definition of leakage and the classical notion of programming language interference. The major contribution of the paper is a quantitative static analysis based on this definition for such a language. The analysis uses some non-trivial information theory results like Fano's inequality and L1 inequalities to provide reasonable bounds for co...
Part 1: Full PapersInternational audienceConstant-time programming is a countermeasure to prevent ca...
Despite the variety of tools and techniques deployed in order to protect sensitive data, ranging fro...
International audienceWe show how static analysis for secure information flow can be expressed and p...
We show how information theory can be used to give a quantitative definition of interference between...
AbstractWe show how information theory can be used to give a quantitative definition of interference...
AbstractBasic information theory is used to analyse the amount of confidential information which may...
In this paper we present a model for analysing information release (or leakage) in programs written ...
A common attack point in a program is the input exposed to the user. The adversary crafts a maliciou...
This thesis contributes to the field of language-based information flow analysis with a focus on det...
In the context of systems security, information flows play a central role. Unhandled information flo...
Basic information theory is used to analyse the amount of confidential information which may be leak...
Noninterference, a strong security property for a computation process, informally says that the proc...
Classical quantitative information flow analysis often considers a system as an information-theoreti...
In this paper, we provide an inductive proof system for a notion of abstractnon-interference which f...
In this paper we introduce the notion of abstract non-interference as a general theory for reasoning...
Part 1: Full PapersInternational audienceConstant-time programming is a countermeasure to prevent ca...
Despite the variety of tools and techniques deployed in order to protect sensitive data, ranging fro...
International audienceWe show how static analysis for secure information flow can be expressed and p...
We show how information theory can be used to give a quantitative definition of interference between...
AbstractWe show how information theory can be used to give a quantitative definition of interference...
AbstractBasic information theory is used to analyse the amount of confidential information which may...
In this paper we present a model for analysing information release (or leakage) in programs written ...
A common attack point in a program is the input exposed to the user. The adversary crafts a maliciou...
This thesis contributes to the field of language-based information flow analysis with a focus on det...
In the context of systems security, information flows play a central role. Unhandled information flo...
Basic information theory is used to analyse the amount of confidential information which may be leak...
Noninterference, a strong security property for a computation process, informally says that the proc...
Classical quantitative information flow analysis often considers a system as an information-theoreti...
In this paper, we provide an inductive proof system for a notion of abstractnon-interference which f...
In this paper we introduce the notion of abstract non-interference as a general theory for reasoning...
Part 1: Full PapersInternational audienceConstant-time programming is a countermeasure to prevent ca...
Despite the variety of tools and techniques deployed in order to protect sensitive data, ranging fro...
International audienceWe show how static analysis for secure information flow can be expressed and p...