Michael Carl Tschantz, Amit Datta, Anupam Datta, Jeannette M. Wing
{"title":"信息流实验的方法论","authors":"Michael Carl Tschantz, Amit Datta, Anupam Datta, Jeannette M. Wing","doi":"10.1109/CSF.2015.40","DOIUrl":null,"url":null,"abstract":"Information flow analysis has largely focused on methods that require access to the program in question or total control over an analyzed system. We consider the case where the analyst has neither control over nor a white-box model of the analyzed system. We formalize such limited information flow analyses and study an instance of it: detecting the usage of data by websites. We reduce these problems to ones of causal inference by proving a connection between non-interference and causation. Leveraging this connection, we provide a systematic black-box methodology based on experimental science and statistical analysis. Our systematic study leads to practical advice for detecting web data usage, a previously normalized area. We illustrate these concepts with a series of experiments collecting data on the use of information by websites.","PeriodicalId":210917,"journal":{"name":"2015 IEEE 28th Computer Security Foundations Symposium","volume":"61 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"33","resultStr":"{\"title\":\"A Methodology for Information Flow Experiments\",\"authors\":\"Michael Carl Tschantz, Amit Datta, Anupam Datta, Jeannette M. Wing\",\"doi\":\"10.1109/CSF.2015.40\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Information flow analysis has largely focused on methods that require access to the program in question or total control over an analyzed system. We consider the case where the analyst has neither control over nor a white-box model of the analyzed system. We formalize such limited information flow analyses and study an instance of it: detecting the usage of data by websites. We reduce these problems to ones of causal inference by proving a connection between non-interference and causation. Leveraging this connection, we provide a systematic black-box methodology based on experimental science and statistical analysis. Our systematic study leads to practical advice for detecting web data usage, a previously normalized area. We illustrate these concepts with a series of experiments collecting data on the use of information by websites.\",\"PeriodicalId\":210917,\"journal\":{\"name\":\"2015 IEEE 28th Computer Security Foundations Symposium\",\"volume\":\"61 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-05-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"33\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 IEEE 28th Computer Security Foundations Symposium\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSF.2015.40\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE 28th Computer Security Foundations Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSF.2015.40","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Information flow analysis has largely focused on methods that require access to the program in question or total control over an analyzed system. We consider the case where the analyst has neither control over nor a white-box model of the analyzed system. We formalize such limited information flow analyses and study an instance of it: detecting the usage of data by websites. We reduce these problems to ones of causal inference by proving a connection between non-interference and causation. Leveraging this connection, we provide a systematic black-box methodology based on experimental science and statistical analysis. Our systematic study leads to practical advice for detecting web data usage, a previously normalized area. We illustrate these concepts with a series of experiments collecting data on the use of information by websites.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
