Skip to main content
Springer Nature Link
Log in

Quantifying Information Leakage in Process Calculi

  • Conference paper
Automata, Languages and Programming (ICALP 2006)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4052))

Included in the following conference series:

Abstract

We study two quantitative models of information leakage in the pi-calculus. The first model presupposes an attacker with an essentially unlimited computational power. The resulting notion of absolute leakage, measured in bits, is in agreement with secrecy as defined by Abadi and Gordon: a process has an absolute leakage of zero precisely when it satisfies secrecy. The second model assumes a restricted observation scenario, inspired by the testing equivalence framework, where the attacker can only conduct repeated success-or-failure experiments on processes. Moreover, each experiment has a cost in terms of communication actions. The resulting notion of leakage rate, measured in bits per action, is in agreement with the first model: the maximum information that can be extracted by repeated experiments coincides with the absolute leakage A of the process. Moreover, the overall extraction cost is at least A/ R, where R is the rate of the process. Strategies to effectively estimate both absolute leakage and rate are also discussed.

Work partially supported by the eu within the fet-gc2 initiative, project sensoria.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Abadi, M., Gordon, A.: A calculus for cryptographic protocols: The Spi-calculus. Information and Computation 148(1), 1–70 (1999)

    Article  MATH  MathSciNet  Google Scholar 

  2. Boreale, M., De Nicola, R.: Testing equivalence for mobile processes. Information and Computation 120(2), 279–303 (1995)

    Article  MATH  MathSciNet  Google Scholar 

  3. Boreale, M., De Nicola, R.: A symbolic semantics for the pi-calculus. Information and Computation 126(1), 34–52 (1996)

    Article  MATH  MathSciNet  Google Scholar 

  4. De Nicola, R., Hennessy, M.C.B.: Testing equivalences for processes. Theoretical Computer Science 34, 83–133 (1984)

    Article  MATH  MathSciNet  Google Scholar 

  5. Focardi, R., Gorrieri, R.: A classification of security properties. Journal of Computer Security 3(1), 5–34 (1995)

    Google Scholar 

  6. Gray III., J.W.: Towards a mathematical foundation for information flow security. In: Proc. of 1991 IEEE Symposium on Research in Computer Security and Privacy (1991)

    Google Scholar 

  7. Hennessy, M.C.B., Lin, H.: Symbolic bisimulations. Theoretical Computer Science 138(2), 353–389 (1995)

    Article  MATH  MathSciNet  Google Scholar 

  8. Harremoës, P., Topsøe, F.: Inequalities between entropy and index of coincidence derived from information diagrams. IEEE Transactions on Information Theory 47(7), 2944–2960 (2001)

    Article  MATH  Google Scholar 

  9. Kocher, P.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)

    Google Scholar 

  10. Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Google Scholar 

  11. Lowe, G.: Defining information flow quantity. Journal of Computer Security 12(3-4), 619–653 (2004)

    Google Scholar 

  12. Clark, D., Hunt, S., Malacaria, P.: Quantitative Analysis of the Leakage of Confidential Data. In: Electr. Notes Theor. Comput. Sci (2001)

    Google Scholar 

  13. Millen, J.: Covert channel capacity. In: Proc. of 1987 IEEE Symposium on Research in Computer Security and Privacy (1987)

    Google Scholar 

  14. Sangiorgi, D., Walker, D.: The pi-calculus: A Theory of Mobile Processes. Cambridge University Press, Cambridge (2001)

    MATH  Google Scholar 

  15. Topsøe, F.: Basic concepts, identities and inequalities – the Toolkit of Information Theory. Entropy 3, 162–190 (2001)Also available at http://www.math.ku.dk/~topsoe/toolkitfinal.pdf

    Article  MathSciNet  Google Scholar 

  16. Volpano, D., Smith, G.: Verifying Secrets and Relative Secrecy. In: POPL 2000, pp. 268–276 (2000)

    Google Scholar 

  17. Wittbold, J.T., Johnson, D.: Information flow in nondeterministic systems. In: Proc. of 1990 IEEE Symposium on Research in Computer Security and Privacy (1990)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Sistemi e Informatica, Università di Firenze, Viale Morgagni 65, I–50134, Firenze, Italy

    Michele Boreale

Authors
  1. Michele Boreale
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università Ca’ Foscari, Venice,  

    Michele Bugliesi

  2. Interdisciplinary Institute for BroadBand Technology (IBBT), Belgium

    Bart Preneel

  3. ECS, University of Southampton, UK

    Vladimiro Sassone

  4. FB Informatik, LS2, Univ. Dortmund, 44221, Dortmund, Germany

    Ingo Wegener

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Boreale, M. (2006). Quantifying Information Leakage in Process Calculi. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds) Automata, Languages and Programming. ICALP 2006. Lecture Notes in Computer Science, vol 4052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11787006_11

Download citation

  • DOI: https://doi.org/10.1007/11787006_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-35907-4

  • Online ISBN: 978-3-540-35908-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics