We present a new technique for determining how much information abouta program's secret inputs is revealed by its public outputs. Incontrast to previous techniques based on reachability from secretinputs (tainting), it achieves a more precise quantitative result bycomputing a maximum flow of information between the inputs andoutputs. The technique uses static control-flow regions to soundlyaccount for implicit flows via branches and pointer operations, butoperates dynamically by observing one or more program executions andgiving numeric flow bounds specific to them (e.g., "17 bits"). Themaximum flow in a network also gives a minimum cut (a set of edgesthat separate the secret input from the output), which can be used toefficiently check tha...
This thesis contributes to the field of language-based information flow analysis with a focus on det...
Classical quantitative information flow analysis often considers a system as an information-theoreti...
Quantitative program analysis involves computing numerical quantities about individual or col-lectio...
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer...
A common attack point in a program is the input exposed to the user. The adversary crafts a maliciou...
We present a new approach for tracking programs' use of data througharbitrary calculations, to deter...
Despite the variety of tools and techniques deployed in order to protect sensitive data, ranging fro...
We present a new approach for tracking programs ’ use of data through arbitrary calculations, to det...
Quantitative information flow measurement techniques have been proven to be successful in detecting ...
International audienceQualitative information flow aims at detecting information leaks, whereas the ...
Information-flow analysis is a powerful technique for rea-soning about the sensitive information exp...
In today's information-based society, guaranteeing information security plays an important role in a...
Protecting confidential information from improper disclosure is a fundamental security goal. While e...
This thesis contributes to the field of language-based information flow analysis with a focus on det...
Classical quantitative information flow analysis often considers a system as an information-theoreti...
Quantitative program analysis involves computing numerical quantities about individual or col-lectio...
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer...
A common attack point in a program is the input exposed to the user. The adversary crafts a maliciou...
We present a new approach for tracking programs' use of data througharbitrary calculations, to deter...
Despite the variety of tools and techniques deployed in order to protect sensitive data, ranging fro...
We present a new approach for tracking programs ’ use of data through arbitrary calculations, to det...
Quantitative information flow measurement techniques have been proven to be successful in detecting ...
International audienceQualitative information flow aims at detecting information leaks, whereas the ...
Information-flow analysis is a powerful technique for rea-soning about the sensitive information exp...
In today's information-based society, guaranteeing information security plays an important role in a...
Protecting confidential information from improper disclosure is a fundamental security goal. While e...
This thesis contributes to the field of language-based information flow analysis with a focus on det...
Classical quantitative information flow analysis often considers a system as an information-theoreti...
Quantitative program analysis involves computing numerical quantities about individual or col-lectio...