Abstract
This paper studies the security of multi-threaded programs and presents a tool for analyzing quantitative information flow (QIF) for multi-threaded programs written in a core imperative language. The aim of the tool is to measure the leakage of secret data in case a program leaks secret information. The tool is based on a method of the quantitative analysis where an attacker is able to select a scheduling policy to attack the program. The scheduling policy is used to construct the execution model of the program. We outline the workings of the tool and summarize results derived from running the tool on a range of case studies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This model can be generalized in an obvious way, i.e., security levels can be viewed as a lattice
- 2.
We leave out the elements that have probability 0.
- 3.
The quantity of uncertainty is always non-negative, which is different from the quantity of information flow.
References
Alvim, M.S., Andrés, M.E., Chatzikokolakis, K., Palamidessi, C.: Foundations of security analysis and design vi. In: Quantitative Information Flow and Applications to Differential Privacy, pp. 211–230. Springer (2011)
Chen, H., Malacaria, P.: The optimum leakage principle for analyzing multi-threaded programs. In: Proceedings of the 4th International Conference on Information Theoretic Security, ICITS’09, pp. 177–193. Springer (2010)
Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)
Malacaria, P.: Risk assessment of security threats for looping constructs. J. Comput. Secur. 18, 191–228 (2010)
Malacaria, P., Chen, H.: Lagrange multipliers and maximum information leakage in different observational models. In: Proceedings of the Third ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, PLAS ’08, pp. 135–146. ACM (2008)
Ngo, T.M., Huisman, M.: Complexity and information flow analysis for multi-threaded programs. Eur. Phys. J. Spec. Top. 226(10), 2375–2392 (2017)
Smith, G.: On the foundations of quantitative information flow. In: Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures, FOSSACS’09, pp. 288–302. Springer (2009)
Zhu, Y., Bettati, R.: Anonymity vs. information leakage in anonymity systems. In: Proceedings of the 25th IEEE International Conference on Distributed Computing Systems, ICDCS’05, pp. 514–524. IEEE Computer Society (2005)
Acknowledgements
This research is funded by Funds for Science and Technology Development of the University of Danang under grant number B2016-DN02-13.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this chapter
Cite this chapter
Ngo, T.M., Duong, Q.T. (2018). A Tool to Compute the Leakage of Multi-threaded Programs. In: Sieminski, A., Kozierkiewicz, A., Nunez, M., Ha, Q. (eds) Modern Approaches for Intelligent Information and Database Systems. Studies in Computational Intelligence, vol 769. Springer, Cham. https://doi.org/10.1007/978-3-319-76081-0_45
Download citation
DOI: https://doi.org/10.1007/978-3-319-76081-0_45
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-76080-3
Online ISBN: 978-3-319-76081-0
eBook Packages: EngineeringEngineering (R0)