Models and Games for Quantifying Vulnerability of Secret Information

Presented as part of the 2015 HCSS conference.

Abstract:

Quantitative information flow (QIF) is concerned with measuring the amount of secret information that leaks through a system's observable behavior during its execution. The system takes secret (high) input and produces (low) output that can be observed by an adversary. Before the system is run, the adversary is assumed to have some a priori information about the secret. As the system executes, the adversary's observations are combined with knowledge about how the system works, resulting in some a posteriori information about the secret. A general principle of QIF states that the leakage of information by the execution is defined as the increase in the adversary's information. Past work has studied how to precisely instantiate this principle, considering various notions of information and how they relate to each other, and increasingly powerful adversaries. For example, active adversaries may be allowed to provide (low) inputs to the system, to manipulate it to leak more data, and adaptive adversaries may choose these inputs based on the observable behavior of the system. Most approaches to QIF are limited in three regards: 1) assumption of static (unchanging) secrets, 2) focus only on the goals of the adversary (as opposed to the defender or secret holder), and 3) consideration of only passive defenders. This talk will summarize our recent works that begin to address these short-comings.

Biography:

Piotr recently completed his PhD studies at the University of Maryland, College Park. He remains there as a post-doc within the Programming Languages group and is working on various problems related to the quantification of information security. Previously he earned his BS and MS from Worcester Polytechnic Institute in Massachusetts where he enjoyed being part of a robotics team. He likes dogs.