Abstract
Protecting information has become very important due to the safety-critical nature of many computer-based applications. Information flow analysis plays a very important role in quantifying information-related properties under external attacks. Traditionally, information flow analysis is performed using paper-and-pencil based proofs or computer simulations but due to their inherent nature, these methods are prone to errors and thus cannot guarantee accurate analysis. As an accurate alternative, we propose to conduct the information flow analysis within the sound core of a higher-order-logic theorem prover. For this purpose, some of the most commonly used information flow measures, including Shanon entropy, mutual information, min-entropy, belief min-entropy, have been formalized. In this paper, we use the Shannon entropy and mutual information formalizations to formally verify the Data Processing and Jensen’s inequalities. Moreover, we extend the security model for the case of the partial guess scenario to formalize the gain min-entropy. These formalizations allow us to reason about the information flow of a wide range of systems within a theorem prover. For illustration purposes, we perform a formal comparison between the min-entropy leakage and the gain leakage.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
HOL4, hol.sourceforge.net (2017)
Alvim, M.S., Chatzikokolakis, K., Palamidessi, C., Smith, G.: Measuring information leakage using generalized gain functions. In: IEEE Symposium on Computer Security Foundations, pp. 265–279 (2012)
Andrea, S.: Possibilistic information theory: a coding theoretic approach. Fuzzy Sets Syst. 132(1), 11–32 (2002)
Beaudry, N.J., Renner, R.: An intuitive proof of the data processing inequality. Quantum Inform. Comput. 12(5–6), 432–441 (2012)
Chung, K.L.: Markov Chains with Stationary Transition Probabilities (1967)
Clarke, I., Sandberg, O., Wiley, B., Hong, T.W.: Freenet: a distributed anonymous information storage and retrieval system. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 46–66. Springer, Heidelberg (2001). doi:10.1007/3-540-44702-4_4
Clarkson, M.R., Chong, S., Myers, A.C.: Civitas: toward a secure voting system. In: IEEE Symposium on Security and Privacy, pp. 354–368. IEEE Computer Society (2008)
Coble, A.R.: Anonymity, Information, and Machine-Assisted Proof. Ph.D. thesis, King’s College, University of Cambridge, UK (2010)
Cover, T.M., Thomas, J.: Entropy, relative entropy and mutual information. In: Elements of Information Theory. Wiley-Interscience (1991)
Dubois, D., Nguyen, H.T., Prade, H.: Possibility theory, probability and fuzzy sets: misunderstandings, bridges and gaps. In: Dubois, D., Prade, H. (eds.) Fundamentals of Fuzzy Sets. The Handbooks of Fuzzy Sets Series, pp. 343–438. Kluwer, Boston (2000)
Halpern, J., O’Neill, K.: Anonymity and information hiding in multiagent systems. J. Comput. Secur. 13(3), 483–514 (2005)
Hasan, O., Tahar, S.: Formal verification methods. In: Encyclopedia of Information Science and Technology, pp. 7162–7170. IGI Global Pub. (2015)
Helali, G., Dunchev, C., Hasan, O., Tahar, S.: Towards The Quantitative Analysis of Information Flow in HOL, HOL4 code (2017). http://hvg.ece.concordia.ca/projects/prob-it/gainMinEntropy.php
Helali, G., Hasan, O., Tahar, S.: Formal analysis of information flow using min-entropy and belief min-entropy. In: Iyoda, J., de Moura, J. (eds.) SBMF 2013. LNCS, vol. 8195, pp. 131–146. Springer, Heidelberg (2013). doi:10.1007/978-3-642-41071-0_10
Hölzl, J.: Construction and Stochastic Applications of Measure Spaces in Higher-Order Logic. Ph.D. thesis, Institut für Informatik, Technische Universität München, Germany (2012)
Hölzl, J., Heller, A.: Three chapters of measure theory in Isabelle/HOL. In: van Eekelen, M., Geuvers, H., Schmaltz, J., Wiedijk, F. (eds.) ITP 2011. LNCS, vol. 6898, pp. 135–151. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22863-6_12
Hua, J., Jing, Y.: On-line payment and security of e-commerce. In: International Conference on Computer Engineering and Applications, pp. 545–550. CEA, WSEAS (2007)
Jebara, T., Pentland, A.: On Reversing Jensen’s Inequality. In: Advances in Neural Information Processing Systems 13. MIT Press (2000)
Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: Anonymity protocols as noisy channels. Inf. Comput. 206(2–4), 378–401 (2008)
Liu, L.: Formalization of Discrete-time Markov Chains in HOL. Ph.D. thesis, Dept. of Electrical and Computer Engineering, Concordia University, Canada (2013)
Mhamdi, T.: Information-Theoretic Analysis using Theorem Proving. Ph.D. thesis, Dept. of Electrical and Computer Engineering, Concordia University, Canada (2012)
Mhamdi, T., Hasan, O., Tahar, S.: Formalization of entropy measures in HOL. In: Eekelen, M., Geuvers, H., Schmaltz, J., Wiedijk, F. (eds.) ITP 2011. LNCS, vol. 6898, pp. 233–248. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22863-6_18
Mhamdi, T., Hasan, O., Tahar, S.: Quantitative analysis of information flow using theorem proving. In: Aoki, T., Taguchi, K. (eds.) ICFEM 2012. LNCS, vol. 7635, pp. 119–134. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34281-3_11
Mhamdi, T., Hasan, O., Tahar, S.: Formalization of measure theory and lebesgue integration for probabilistic analysis in HOL. ACM Trans. Embedded Comput. Syst. 12(1) (2013)
Reiter, M.K., Rubin, A.D.: Crowds: anonymity for web transactions. ACM Trans. Inform. Syst. Secur. 1(1), 66–92 (1998)
Rényi, A.: On measures of entropy and information. In: Berkeley Symposium on Mathematics, Statistics and Probability, pp. 547–561 (1961)
Sassone, V., ElSalamouny, E., Hamadou, S.: Trust in crowds: probabilistic behaviour in anonymity protocols. In: Wirsing, M., Hofmann, M., Rauschmayer, A. (eds.) TGC 2010. LNCS, vol. 6084, pp. 88–102. Springer, Heidelberg (2010). doi:10.1007/978-3-642-15640-3_7
Schneider, S., Sidiropoulos, A.: CSP and anonymity. In: Bertino, E., Kurth, H., Martella, G., Montolivo, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 198–218. Springer, Heidelberg (1996). doi:10.1007/3-540-61770-1_38
Smith, G.: On the foundations of quantitative information flow. In: Alfaro, L. (ed.) FoSSaCS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009). doi:10.1007/978-3-642-00596-1_21
Smith, G.: Quantifying information flow using min-entropy. In: IEEE International Conference on Quantitative Evaluation of Systems, pp. 159–167 (2011)
Syverson, P., Goldschlag, D., Reed, M.: Anonymous connections and onion routing. In: IEEE Symposium on Security and Privacy, Oackland, California, pp. 44–54 (1997)
Trevathan, J.: Privacy and Security in Online Auctions. Ph.D. thesis, School of Mathematics, Physics and Information Technology, James Cook University, Australia (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Helali, G., Tahar, S., Hasan, O., Dunchev, T. (2017). Formal Analysis of Information Flow in HOL. In: Larsen, K., Sokolsky, O., Wang, J. (eds) Dependable Software Engineering. Theories, Tools, and Applications. SETTA 2017. Lecture Notes in Computer Science(), vol 10606. Springer, Cham. https://doi.org/10.1007/978-3-319-69483-2_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-69483-2_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69482-5
Online ISBN: 978-3-319-69483-2
eBook Packages: Computer ScienceComputer Science (R0)