#### DMCA

## Quantifying probabilistic information flow in computational reactive systems (2005)

### Cached

### Download Links

- [www.infsec.cs.uni-sb.de]
- [www.infsec.cs.uni-saarland.de]
- [www.infsec.cs.uni-saarland.de]
- DBLP

### Other Repositories/Bibliography

Venue: | In ESORICS’05, volume 3679 of LNCS |

Citations: | 5 - 0 self |

### Citations

1948 | Distributed Algorithms - Lynch - 1996 |

949 |
Security policies and security models
- Goguen, Meseguer
- 1982
(Show Context)
Citation Context ...on flow was first investigated for secure operating systems by Lampson [17] and subsequently by Bell and LaPadula [4] and Denning [7]. Initiated by the work on non-interference of Goguen and Meseguer =-=[11,12]-=-, various definitions have subsequently been proposed that rigorously specify when information flow is considered to occur for possibilistic and non-deterministic systems [33,24,37, 26,30,10,22,23] an... |

704 | Secure computer system: Unified exposition and multics interpretation - Bell, LaPadula - 1976 |

687 | A lattice model of secure information flow
- Denning
- 1976
(Show Context)
Citation Context ...sing both privacy and integrity requirements. The concept of information flow was first investigated for secure operating systems by Lampson [17] and subsequently by Bell and LaPadula [4] and Denning =-=[7]-=-. Initiated by the work on non-interference of Goguen and Meseguer [11,12], various definitions have subsequently been proposed that rigorously specify when information flow is considered to occur for... |

600 | Cryptography and Data Security
- Denning
- 1982
(Show Context)
Citation Context ...ormation flow in an imperative language. Both works do not aim to deal with computational aspects. Early ideas of quantitative security based on Shannon’s information theory go back to Denning’s work =-=[6]-=-, which was subsequently used in [27,16] to measure the quantity of covert channels. The investigated settings, however, were simplistic in that the channels were memoryless, there was no input feedba... |

527 | A note on the confinement problem
- Lampson
- 1973
(Show Context)
Citation Context ...-interference have become powerful possibilities for expressing both privacy and integrity requirements. The concept of information flow was first investigated for secure operating systems by Lampson =-=[17]-=- and subsequently by Bell and LaPadula [4] and Denning [7]. Initiated by the work on non-interference of Goguen and Meseguer [11,12], various definitions have subsequently been proposed that rigorousl... |

182 |
Unwinding and inference control
- Goguen, Meseguer
- 1984
(Show Context)
Citation Context ...on flow was first investigated for secure operating systems by Lampson [17] and subsequently by Bell and LaPadula [4] and Denning [7]. Initiated by the work on non-interference of Goguen and Meseguer =-=[11,12]-=-, various definitions have subsequently been proposed that rigorously specify when information flow is considered to occur for possibilistic and non-deterministic systems [33,24,37, 26,30,10,22,23] an... |

112 |
Towards a mathematical foundation for information flow security
- Gray
- 1991
(Show Context)
Citation Context ...ubsequently been proposed that rigorously specify when information flow is considered to occur for possibilistic and non-deterministic systems [33,24,37, 26,30,10,22,23] and for probabilistic systems =-=[13,14,25,35,32]-=-. Whereas these lines of work concentrated on the absence of information flow in various settings, they were accompanied by work that gave quantitative measurements of the information that might flow ... |

104 | Approximate noninterference
- Pierro, Hankin, et al.
- 2002
(Show Context)
Citation Context ...companied by work that gave quantitative measurements of the information that might flow between certain users, motivated by use cases where some flow of information might be inevitable or acceptable =-=[27,16,20,5,8]-=-. Recently, interest has arisen in generalizing definitions of information flow so that they allow for reasoning about real cryptographic protocols in order to capture the variety of cryptographic tec... |

98 | Quantifying information flow
- Lowe
- 2002
(Show Context)
Citation Context ...companied by work that gave quantitative measurements of the information that might flow between certain users, motivated by use cases where some flow of information might be inevitable or acceptable =-=[27,16,20,5,8]-=-. Recently, interest has arisen in generalizing definitions of information flow so that they allow for reasoning about real cryptographic protocols in order to capture the variety of cryptographic tec... |

94 | The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties
- Focardi, Gorrieri
- 1997
(Show Context)
Citation Context ...r ideal counterparts, and we can hope that well-established techniques for enforcing the absence respectively measuring the 8 A 2squantity of information flow based on type checking techniques, e.g., =-=[36,9, 28, 35,31,32,39]-=-, can be applied to our setting. Moreover, a negligible amount of information is the best we can hope for in the presence of asymmetric cryptography because a negligible probability of error there alw... |

73 | Semantics and program analysis of computationally secure information flow
- Laud
- 2001
(Show Context)
Citation Context ... this subject that we intend to pursue. Recent research has also investigated non-interference properties involving real cryptographic primitives, but without investigating quantitative aspects. Laud =-=[18,19]-=- presented a sequential language for which he expressed real computational secrecy. The definition is non-reactive and specific to encryption as the only cryptographic primitive. Volpano [34] investig... |

64 | Quantitative analysis of the leakage of confidential data
- Clark, Hunt, et al.
(Show Context)
Citation Context ...companied by work that gave quantitative measurements of the information that might flow between certain users, motivated by use cases where some flow of information might be inevitable or acceptable =-=[27,16,20,5,8]-=-. Recently, interest has arisen in generalizing definitions of information flow so that they allow for reasoning about real cryptographic protocols in order to capture the variety of cryptographic tec... |

57 | Symmetric encryption in automatic analyses for confidentiality against active adversaries
- Laud
- 2004
(Show Context)
Citation Context ... this subject that we intend to pursue. Recent research has also investigated non-interference properties involving real cryptographic primitives, but without investigating quantitative aspects. Laud =-=[18,19]-=- presented a sequential language for which he expressed real computational secrecy. The definition is non-reactive and specific to encryption as the only cryptographic primitive. Volpano [34] investig... |

50 |
Probabilistic interference
- Gray, W
(Show Context)
Citation Context ...ubsequently been proposed that rigorously specify when information flow is considered to occur for possibilistic and non-deterministic systems [33,24,37, 26,30,10,22,23] and for probabilistic systems =-=[13,14,25,35,32]-=-. Whereas these lines of work concentrated on the absence of information flow in various settings, they were accompanied by work that gave quantitative measurements of the information that might flow ... |

49 | A Uniform Approach for the Definition of Security Properties
- Focardi, Martinelli
- 1999
(Show Context)
Citation Context ...f Goguen and Meseguer [11,12], various definitions have subsequently been proposed that rigorously specify when information flow is considered to occur for possibilistic and non-deterministic systems =-=[33,24,37, 26,30,10,22,23]-=- and for probabilistic systems [13,14,25,35,32]. Whereas these lines of work concentrated on the absence of information flow in various settings, they were accompanied by work that gave quantitative m... |

42 | 2000): Unwinding Possibilistic Security Properties
- Mantel
(Show Context)
Citation Context ...f Goguen and Meseguer [11,12], various definitions have subsequently been proposed that rigorously specify when information flow is considered to occur for possibilistic and non-deterministic systems =-=[33,24,37, 26,30,10,22,23]-=- and for probabilistic systems [13,14,25,35,32]. Whereas these lines of work concentrated on the absence of information flow in various settings, they were accompanied by work that gave quantitative m... |

31 | Lee."A network version of the Pump
- Kang, Moskowitz, et al.
- 1995
(Show Context)
Citation Context |

26 | Computational Probabilistic Non-interference
- Backes, P¯tzmann
- 2002
(Show Context)
Citation Context ... to capture a reactive environment, i.e., continuous interaction between users, an adversary, and the system. These problems recently led to the notion of computational probabilistic non-interference =-=[1,2]-=-, which was the first definition that allowed for reasoning about information flow in a reactive setting and the presence of cryptography. However, quantitative measurements of information flow in rea... |

18 | Intransitive non-interference for cryptographic purpose
- Backes, Pfitzmann
- 2003
(Show Context)
Citation Context ..., conf 1 ,conf 2∈Conf( ˆM,S,Γ) such that conf l is of the form conf l := ( ˆ M,S,Ul, A) with Ul = {H (l) H , HL, X} ∪ {Hi | i ∈ I \ {H, L}} for an arbitrary adversary A and arbitrary users H (1) H , H=-=(2)-=- H , HL, and Hi for i ∈ I \ {H, L}. The polynomial-time worst-case infor(H, L) is defined similarly by taking the maximum mation quantity QP ||·,·|| ( ˆM,S,Γ) over Confpoly( ˆ M,S, Γ). ✸ Several exten... |

18 |
Secure asynchronous reactive systems. IACR Cryptology ePrint Archive 2004/082
- Backes, Pfitzmann, et al.
- 2004
(Show Context)
Citation Context ...formation flow that reside in a reactive scenario and that allow for complexity-theoretic reasoning have been presented by Backes and Pfitzmann in [1, 2] based on the model of reactive simulatability =-=[29,3]-=-; quantitative aspects of information flow are, however, not considered there. The work that comes closest to ours in terms of quantifying information flow is the one on approximate non-interference o... |