{"title":"海报:关于定量信息流指标","authors":"Ji Zhu, M. Srivatsa","doi":"10.1145/2046707.2093516","DOIUrl":null,"url":null,"abstract":"Information flow analysis is a powerful technique for reasoning about sensitive information that may be exposed during program execution. One promising approach is to adopt a program as a communication channel model and leverage information theoretic metrics to quantify such information flows. However, recent research has shown discrepancies in such metrics: for example, Smith et. al. [5] showed examples wherein using the classical Shannon entropy measure for quantifying information flows may be counter-intuitive. Smith et. al. [5] proposed a vulnerability measure in an attempt to resolve this problem, and this measure was subsequently enhanced by Hamadou et. al. [2] into a beliefvulnerability metric. However, as pointed out by Smith et. al., the vulnerability metric fails to distinguish between certain classes of programs (such as the password checker and the binary search program). In this paper, we propose a simple and intuitive approach to quantify program information leakage as a probability distribution over the residual uncertainty of the high input whose mean, variance and worst case measures offer insights into program vulnerability.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Poster: on quantitative information flow metrics\",\"authors\":\"Ji Zhu, M. Srivatsa\",\"doi\":\"10.1145/2046707.2093516\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Information flow analysis is a powerful technique for reasoning about sensitive information that may be exposed during program execution. One promising approach is to adopt a program as a communication channel model and leverage information theoretic metrics to quantify such information flows. However, recent research has shown discrepancies in such metrics: for example, Smith et. al. [5] showed examples wherein using the classical Shannon entropy measure for quantifying information flows may be counter-intuitive. Smith et. al. [5] proposed a vulnerability measure in an attempt to resolve this problem, and this measure was subsequently enhanced by Hamadou et. al. [2] into a beliefvulnerability metric. However, as pointed out by Smith et. al., the vulnerability metric fails to distinguish between certain classes of programs (such as the password checker and the binary search program). In this paper, we propose a simple and intuitive approach to quantify program information leakage as a probability distribution over the residual uncertainty of the high input whose mean, variance and worst case measures offer insights into program vulnerability.\",\"PeriodicalId\":72687,\"journal\":{\"name\":\"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-10-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2046707.2093516\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2046707.2093516","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Information flow analysis is a powerful technique for reasoning about sensitive information that may be exposed during program execution. One promising approach is to adopt a program as a communication channel model and leverage information theoretic metrics to quantify such information flows. However, recent research has shown discrepancies in such metrics: for example, Smith et. al. [5] showed examples wherein using the classical Shannon entropy measure for quantifying information flows may be counter-intuitive. Smith et. al. [5] proposed a vulnerability measure in an attempt to resolve this problem, and this measure was subsequently enhanced by Hamadou et. al. [2] into a beliefvulnerability metric. However, as pointed out by Smith et. al., the vulnerability metric fails to distinguish between certain classes of programs (such as the password checker and the binary search program). In this paper, we propose a simple and intuitive approach to quantify program information leakage as a probability distribution over the residual uncertainty of the high input whose mean, variance and worst case measures offer insights into program vulnerability.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
