Temporal logics for hyperproperties
MR Clarkson, B Finkbeiner, M Koleini… - … 2014, Held as Part of the …, 2014 - Springer
Two new logics for verification of hyperproperties are proposed. Hyperproperties
characterize security policies, such as noninterference, as a property of sets of computation …
characterize security policies, such as noninterference, as a property of sets of computation …
Declassification: Dimensions and principles
A Sabelfeld, D Sands - Journal of Computer Security, 2009 - content.iospress.com
Computing systems often deliberately release (or declassify) sensitive information. A
principal security concern for systems permitting information release is whether this release …
principal security concern for systems permitting information release is whether this release …
Anonymity protocols as noisy channels
K Chatzikokolakis, C Palamidessi… - Information and …, 2008 - Elsevier
We consider a framework in which anonymity protocols are interpreted as noisy channels in
the information-theoretic sense, and we explore the idea of using the notion of capacity as a …
the information-theoretic sense, and we explore the idea of using the notion of capacity as a …
A static analysis for quantifying information flow in a simple imperative language
We propose an approach to quantify interference in a simple imperative language that
includes a looping construct. In this paper we focus on a particular case of this definition of …
includes a looping construct. In this paper we focus on a particular case of this definition of …
Quantitative information flow as network flow capacity
S McCamant, MD Ernst - Proceedings of the 29th ACM SIGPLAN …, 2008 - dl.acm.org
We present a new technique for determining how much information about a program's secret
inputs is revealed by its public outputs. In contrast to previous techniques based on …
inputs is revealed by its public outputs. In contrast to previous techniques based on …
Assessing security threats of looping constructs
P Malacaria - Proceedings of the 34th annual ACM SIGPLAN …, 2007 - dl.acm.org
There is a clear intuitive connection between the notion of leakage of information in a
program and concepts from information theory. This intuition has not been satisfactorily …
program and concepts from information theory. This intuition has not been satisfactorily …
Quantitative information flow, relations and polymorphic types
This paper uses Shannon's information theory to give a quantitative definition of information
flow in systems that transform inputs to outputs. For deterministic systems, the definition is …
flow in systems that transform inputs to outputs. For deterministic systems, the definition is …
Belief in information flow
MR Clarkson, AC Myers… - 18th IEEE Computer …, 2005 - ieeexplore.ieee.org
Information leakage traditionally has been defined to occur when uncertainty about secret
data is reduced. This uncertainty-based approach is inadequate for measuring information …
data is reduced. This uncertainty-based approach is inadequate for measuring information …
Model checking quantitative hyperproperties
Hyperproperties are properties of sets of computation traces. In this paper, we study
quantitative hyperproperties, which we define as hyperproperties that express a bound on …
quantitative hyperproperties, which we define as hyperproperties that express a bound on …
Synthesis from hyperproperties
We study the reactive synthesis problem for hyperproperties given as formulas of the
temporal logic HyperLTL. Hyperproperties generalize trace properties, ie, sets of traces, to …
temporal logic HyperLTL. Hyperproperties generalize trace properties, ie, sets of traces, to …