Logo eprints

Quantitative models of information flow: tuning the power of the adversary

Pampaloni, Francesca (2014) Quantitative models of information flow: tuning the power of the adversary. Advisor: Boreale, Prof. Michele. Coadvisor: Tiezzi, Dott. Francesco . pp. 144. [IMT PhD Thesis]

[img]
Preview
Text
Pampaloni_phdthesis.pdf - Published Version
Available under License Creative Commons Attribution No Derivatives.

Download (1MB) | Preview

Abstract

Despite the variety of tools and techniques deployed in order to protect sensitive data, ranging from security types in programming languages to anonymity protocols, data sanitisation, cryptographic algorithms, . . . , real-world systems tend to disclose part of the information they are meant to protect. This happens either by design - when the output of the system is public (e.g. a password checker) - or for reasons depending on their actual deployment and implementation (e.g. side-channel attacks against cryptographic devices). Our work aims to study methods for analysing from a quantitative point of view the behaviour of information flow in computing systems, that is, the leakage of sensible information via public outputs. In general, we are interested in studying systems with a probabilistic behaviour, in situations where the attacker is allowed to run these systems several times, while the secret is kept fixed. We analyse quantitative information flow in various scenarios characterised by an increasing power of the adversary. We start from the case of a single, passive attacker, attempting to break the system solely based upon observed data. Then we examine more complex settings, where we are faced with adversaries that collect sequential observations, up to considering active adversaries, capable of directly interacting with the system. In all cases, we consider one-try re-execution attacks, where the adversary can make a single guess after observing a certain number of independent executions of the system. In particular, we define suitable security metrics and study their asymptotic behaviour as the number of observations increases, as well as their rate of convergence. We also consider a number of applications of our analysis techniques.

Item Type: IMT PhD Thesis
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
PhD Course: Computer Science and Engineering
Identification Number: https://doi.org/10.6092/imtlucca/e-theses/133
NBN Number: urn:nbn:it:imtlucca-27164
Date Deposited: 14 Apr 2014 12:44
URI: http://e-theses.imtlucca.it/id/eprint/133

Actions (login required, only for staff repository)

View Item View Item