Abstract
This paper presents a framework for calculating measures of data integrity for programs in a small imperative language. We develop a Markov chain semantics for our language which calculates Clarkson and Schneider’s definitions of data contamination and suppression. These definitions are based on conditional mutual information and entropy; we present a result relating them to mutual information, which can be calculated by a number of existing tools. We extend a quantitative information flow tool (CH-IMP) to calculate these measures of integrity and demonstrate this tool with examples based on error correcting codes, the Dining Cryptographers protocol and the attempts by a number of banks to influence the Libor rate.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
For simplicity, we write secret and observe as commands in the language but, as they have no effect on the state or control flow of a program, they may more accurately be considered annotations.
- 2.
We only consider terminating programs in this paper; however, simpler methods than the ones we presented in [6] could be used to extend our definitions to non-terminating programs.
References
BBC: Libor scandal: Seven banks face us questioning. BBC News, 16 August 2012
Biondi, F., Legay, A., Traonouez, L.-M., Wasowski, A.: QUAIL: a quantitative security analyzer for imperative code. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 702–707. Springer, Heidelberg (2013)
Birgisson, A., Russo, A., Sabelfeld, A.: Unifying facets of information integrity. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 48–65. Springer, Heidelberg (2010)
Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. J. Cryptology 1, 65–75 (1988)
Chothia, T., Kawamoto, Y., Novakovic, C.: LeakWatch: estimating information leakage from java programs. In: Kutyłowski, M., Vaidya, J. (eds.) ICAIS 2014, Part II. LNCS, vol. 8713, pp. 219–236. Springer, Heidelberg (2014)
Chothia, T., Kawamoto, Y., Novakovic, C., Parker, D.: Probabilistic point-to-point information leakage. In: Proceedings of the 26th IEEE Computer Security Foundations Symposium (CSF 2013), pp. 193–205. IEEE Computer Society, June 2013
Clark, D., Hunt, S., Malacaria, P.: Quantified interference for a while language. Electron. Notes Theor. Comput. Sci. 112, 149–166 (2005)
Clarkson, M.R., Schneider, F.B.: Quantification of integrity. In: 2010 23rd IEEE Computer Security Foundations Symposium (CSF), pp. 28–43. IEEE (2010)
Clarkson, M.R., Schneider, F.B.: Quantification of integrity. Math. Struct. Comput. Sci. 25, 207–258 (2014)
Cover, T.M., Thomas, J.A.: Elements of information theory. Wiley, New York (2012)
Mollenkamp, C., Whitehouse, M.: Study casts doubt on key rate. Wall Street J., 29 May 2008
Mu, C., Clark, D.: A tool: quantitative analyser for programs. In: Proceedings of the 8th Conference on Quantitative Evaluation of Systems (QEST) (2011)
Smith, G.: On the foundations of quantitative information flow. In: de Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009)
University of Birmingham: \({\sf CH-IMP-IQ}\). http://www.cs.bham.ac.uk/research/projects/infotools/chimp/iq
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Chothia, T., Novakovic, C., Singh, R.R. (2015). Automatically Calculating Quantitative Integrity Measures for Imperative Programs. In: Garcia-Alfaro, J., et al. Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance. DPM QASA SETOP 2014 2014 2014. Lecture Notes in Computer Science(), vol 8872. Springer, Cham. https://doi.org/10.1007/978-3-319-17016-9_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-17016-9_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17015-2
Online ISBN: 978-3-319-17016-9
eBook Packages: Computer ScienceComputer Science (R0)