Abstract
Quantitative information flow is a rigorous approach for evaluating the security of a system. It is used to quantify the amount of secret information leaked to the public outputs. In this paper, we propose an automated approach for quantitative information flow analysis of concurrent programs. Markovian processes are used to model the behavior of these programs. To this end, we assume that the attacker is capable of observing the internal behavior of the program and propose an equivalence relation, back-bisimulation, to capture the attacker’s view of the program behavior. A partition refinement algorithm is developed to construct the back-bisimulation quotient of the program model and then a quantification method is proposed for computing the information leakage using the quotient. Finally, an anonymous protocol, dining cryptographers, is analyzed as a case study to show applicability and scalability of the proposed approach.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
A rather general notion of schedulers is to let them use the full history of execution to make decisions. Here, this general definition is not needed and only makes the program model unnecessarily complex.
- 2.
Only elements with a positive probability are shown.
- 3.
The proofs of the theorems have been omitted due to meet the page limit.
References
Alvim, M.S., Andrés, M.E., Chatzikokolakis, K., Palamidessi, C.: Quantitative information flow and applications to differential privacy. In: Aldini, A., Gorrieri, R. (eds.) FOSAD 2011. LNCS, vol. 6858, pp. 211–230. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23082-0_8
Amir-Mohammadian, S.: A semantic framework for direct information flows in hybrid-dynamic systems. In: Proceedings of the 7th ACM Cyber-Physical System Security Workshop (CPSS 2021), pp. 5–15. Association for Computing Machinery, June 2021
Baier, C., Katoen, J.P.: Principles of Model Checking. MIT Press, Cambridge (2008)
Barthe, G., D’Argenio, P.R., Rezk, T.: Secure information flow by self-composition. In: Proceedings of the 17th IEEE Workshop on Computer Security Foundations, CSFW 2004, pp. 100–114. IEEE Computer Society (2004)
Beckert, B., Hähnle, R., Schmitt, P.H.: Verification of Object-Oriented Software. The KeY Approach. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-69061-0
Biondi, F.: Markovian processes for quantitative information leakage. Ph.D. thesis, IT University of Copenhagen (2014)
Biondi, F., Legay, A., Malacaria, P., Wasowski, A.: Quantifying information leakage of randomized protocols. Theor. Comput. Sci. 597, 62–87 (2015)
Biondi, F., Legay, A., Nielsen, B.F., Wasowski, A.: Maximizing entropy over Markov processes. J. Log. Algebraic Methods Program. 83(5), 384–399 (2014)
Cardelli, L., Tribastone, M., Tschaikowski, M., Vandin, A.: Forward and backward bisimulations for chemical reaction networks. arXiv preprint arXiv:1507.00163 (2015)
Chadha, R., Mathur, U., Schwoon, S.: Computing information flow using symbolic model-checking. In: Raman, V., Suresh, S.P. (eds.) 34th International Conference on Foundation of Software Technology and Theoretical Computer Science (FSTTCS 2014). Leibniz International Proceedings in Informatics (LIPIcs), vol. 29, pp. 505–516. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany (2014)
Chaum, D.: The dining cryptographers problem: Unconditional sender and recipient untraceability. J. Cryptol. 1(1), 65–75 (1988). https://doi.org/10.1007/BF00206326
Chen, H., Malacaria, P.: The optimum leakage principle for analyzing multi-threaded programs. In: Kurosawa, K. (ed.) ICITS 2009. LNCS, vol. 5973, pp. 177–193. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14496-7_15
Chen, H., Malacaria, P.: Quantifying maximal loss of anonymity in protocols. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 206–217. ACM (2009)
Chothia, T., Kawamoto, Y., Novakovic, C.: LeakWatch: estimating information leakage from Java programs. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 219–236. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_13
De Nicola, R., Vaandrager, F.: Three logics for branching bisimulation. J. ACM (JACM) 42(2), 458–487 (1995)
Esparza, J., Kiefer, S., Schwoon, S.: Abstraction refinement with Craig interpolation and symbolic pushdown systems. J. Satisfiability Boolean Model. Comput. 5, 27–56 (2008)
Högberg, J., Maletti, A., May, J.: Backward and forward bisimulation minimization of tree automata. Theor. Comput. Sci. 410(37), 3539–3552 (2009)
Jurado, M., Palamidessi, C., Smith, G.: A formal information-theoretic leakage analysis of order-revealing encryption. In: Proceedings of the 34th IEEE Workshop on Computer Security Foundations, CSFW 2021. IEEE Computer Society (2021)
Jurado, M., Smith, G.: Quantifying information leakage of deterministic encryption. In: Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop, pp. 129–139 (2019)
Kanellakis, P.C., Smolka, S.A.: CCS expressions, finite state processes, and three problems of equivalence. Inf. Comput. 86(1), 43–68 (1990)
Karimpour, J., Isazadeh, A., Noroozi, A.A.: Verifying observational determinism. In: Federrath, H., Gollmann, D. (eds.) SEC 2015. IAICT, vol. 455, pp. 82–93. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18467-8_6
Klebanov, V.: Precise quantitative information flow analysis - a symbolic approach. Theor. Comput. Sci. 538, 124–139 (2014)
Köpf, B., Basin, D.: An information-theoretic model for adaptive side-channel attacks. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 286–296. ACM (2007)
Köpf, B., Smith, G.: Vulnerability bounds and leakage resilience of blinded cryptography under timing attacks. In: Proceedings of 23rd IEEE Computer Security Foundations Symposium (CSF), pp. 44–56. IEEE (2010)
Noroozi, A.A., Karimpour, J., Isazadeh, A.: Information leakage of multi-threaded programs. Comput. Electr. Eng. 78, 400–419 (2019)
Noroozi, A.A., Salehi, K., Karimpour, J., Isazadeh, A.: Secure information flow analysis using the PRISM model checker. In: Garg, D., Kumar, N.V.N., Shyamasundar, R.K. (eds.) ICISS 2019. LNCS, vol. 11952, pp. 154–172. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36945-3_9
Phan, Q.S., Malacaria, P., Păsăreanu, C.S., d’Amorim, M.: Quantifying information leaks using reliability analysis. In: Proceedings of the 2014 International SPIN Symposium on Model Checking of Software, pp. 105–108. ACM (2014)
Puterman, M.L.: Markov Decision Processes: Discrete Stochastic Dynamic Programming. Wiley, Hoboken (1994)
Salehi, K., Karimpour, J., Izadkhah, H., Isazadeh, A.: Channel capacity of concurrent probabilistic programs. Entropy 21(9), 885 (2019)
Salehi, K., Noroozi, A.A., Amir-Mohammadian, S.: Quantifying information leakage of probabilistic programs using the PRISM model checker. In: Emerging Security Information, Systems and Technologies, pp. 47–52. IARIA (2021)
Smith, G.: On the foundations of quantitative information flow. In: de Alfaro, L. (ed.) FoSSaCS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00596-1_21
Sproston, J., Donatelli, S.: Backward bisimulation in Markov chain model checking. IEEE Trans. Softw. Eng. 32(8), 531–546 (2006)
Zdancewic, S., Myers, A.C.: Observational determinism for concurrent program security. In: Proceedings of the 16th IEEE Computer Security Foundations Workshop, CSFW 2003, pp. 29–43. IEEE Computer Society (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Case Study
In this section, we analyze a case study to show applicability and feasibility of the approach.
The Dining Cryptographers Protocol. We consider the dining cryptographers problem [11] to show how an attacker can deduce secret information through execution observations. The dining cryptographers problem was first proposed by David Chaum in 1988 as an example of anonymity and identity hiding [11]. In this problem, N cryptographers are sitting at a round table to have dinner at their favorite restaurant. The waiter informs them that the meal has been arranged to be paid by one of the cryptographers or their master. The cryptographers respect each other’s right to stay anonymous, but would like to know whether the master is paying or not. So, they decide to take part in the following two-stage protocol:
-
Stage 1: Each cryptographer tosses a coin and only informs the cryptographer on the right of the outcome.
-
Stage 2: Each cryptographer publicly announces whether the two coins that she can see are the same (‘agree’) or different (‘disagree’). However, if she actually paid for the dinner, then she lies, i.e., she announces ‘disagree’ when the coins are the same, and ‘agree’ when they are different.
Let the variable parity be exclusive-or (XOR) between all the announcements. If N is odd, then an odd number of ‘agree’s (parity = 1) implies that none of the cryptographers paid (the master paid), while an even number (parity = 0) implies that one of the cryptographers paid. The latter is reverse for an even N.
The payer can be either
-
i.
one of the cryptographers, i.e., \(Val_{payer} = \{ c_1,\ldots ,c_N \}\), or
-
ii.
the master (m, for short) or one of the cryptographers, i.e., \(Val_{payer} = \{ m,c_1,\ldots ,c_N \}\).
Assume an attacker who tries to find out the payer’s identity. The attacker is external, i.e., none of the cryptographers. This attacker can observe the parity and also the announcements of the cryptographers. All observable variables are concatenated to form a single public variable. The program model is an MC\(_\mathfrak {n}\) and we employ the proposed algorithms to compute the leakage.
The experimental results for the cases in which the coin probability is 0.5 are shown in Table 1. In this table, N denotes the number of cryptographers. \(\mathcal {M}^{\texttt {DC}_N}_{uni}\) and \(\mathcal {M}^{\texttt {DC}_N}_{uni} /\sim _b\) denote the MC of the program run with a uniform scheduler and the back-bisimulation quotient, respectively. Symbols \(\#st\) and \(\#tr\) denote the number of states and transitions, respectively.
Similar results for the coin probability of 0 or 1 are shown in Table 2. As shown in Tables 1 and 2, back-bisimulation results in impressive reductions of the state space. For example, when the coin probability is 0.5 (Table 1) reductions vary between \( 92\% \) and \( 99.5\% \).
Consider the last three cases of Table 1, where the coin probability is 0.5 and the payer is one of the cryptographers (\(Val_{payer} = \{ c_1,\ldots ,c_N \}\)). In these cases, the program leakage is 0. This shows that the attacker cannot identify the payer. This is why the dining cryptographers protocol is said to be secure in the context of anonymity.
The analysis results in Table 2 show that when the probability of the coin is 0 or 1, no matter whoever the payer is, the leakage is \(\log _2 |Val_{payer}|\), proving that the secret gets completely leaked and thus the attacker learns the identity of the payer.
B Related Work
The notion of back-simulation is similar to the notion of backward strong bisimulation considered by De Nicola and Vaandrager [15]. They use a different notion than our definition, as they only allow to move back from a state along the path representing the history that brought one into that state. Högberg et al. [17] defined and considered backward bisimulation minimization on tree automata, Sproston and Donatelli [32] considered a probabilistic version of backward bisimulation and studied the logical properties it preserves, and Cardelli et al. [9] who considered backward bisimulation in the stochastic setting of chemical reaction networks. None of these works use backward bisimulation in quantitative information flow.
Chen and Malacaria [12] model multi-threaded programs as state transition systems. They use Bellman’s optimality principle to determine the leakage bounds, i.e., minimal and maximal leakage occurred during possible program executions.
Phan et al. [27] propose to use symbolic execution, a verification technique which bounds runtime behavior of the program, thus mitigating state-space explosion problem. In state-space explosion problem, the amount of state-space of the program model gets too huge to store in the memory, thus making the analysis difficult. Phan et al. run symbolic execution to extract all symbolic paths of the program. Then, paths with a direct information flow are labeled. Finally, they use a model counting technique to count the number of inputs that follow direct-labeled paths, to compute channel capacity, which is an upper bound of the leakage over all possible distributions of the secret input.
Biondi et al. [8] use interval Markov chains to compute the channel capacity of deterministic processes. They reduce the channel capacity computation to entropy maximization, a well-known problem in Bayesian statistics.
Chothia et al. [14] have developed LeakWatch to approximate leakage of Java programs. LeakWatch is based on probabilistic point-to-point information leakage, in which the leakage between any given two points in the program from secret to public variables is computed.
Chadha et al. [10] employ symbolic algorithms to quantify the precise leakage from public to secret variables. They use Binary Decision Diagrams (BDDs) to model the relation between the inputs and outputs of the program. To do so, Moped [16], a symbolic model checker, is exploited to construct BDDs. Chadha et al. have implemented their method into a tool called Moped-QLeak.
Klebanov [22] uses symbolic execution in combination with deductive verification [5] and self-composition [4] to measure residual Shannon entropy and min-entropy of the secret input. Exploitation of deductive verification makes the analysis immune to the state-space explosion problem, but also makes it semi-automatic, as user-supplied invariants are needed for the analysis to proceed.
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Salehi, K., Noroozi, A.A., Amir-Mohammadian, S., Mohagheghi, M. (2022). An Automated Quantitative Information Flow Analysis for Concurrent Programs. In: Ábrahám, E., Paolieri, M. (eds) Quantitative Evaluation of Systems. QEST 2022. Lecture Notes in Computer Science, vol 13479. Springer, Cham. https://doi.org/10.1007/978-3-031-16336-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-16336-4_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-16335-7
Online ISBN: 978-3-031-16336-4
eBook Packages: Computer ScienceComputer Science (R0)