A Formal Model and Practical Technique for Quantifying Information Leakage in Software
Abstract:
Information leakage occurs when something about a system’s secret data can be deduced from observing its public outputs. In this talk, I will present a new formal model of information leakage, based on discrete-time Markov chains, that models the information leaked about some secret data to an attacker with access to a program’s source code and public outputs. I will also present and demonstrate a practical implementation of this model that estimates (rather than precisely
computes) information leakage in Java software, and will show that this implementation gives fast and accurate approximations of the true leakage that occurs in a program.
Bio:
Chris is a PhD student in the Security and Privacy Group in the School of Computer Science at the University of Birmingham. His research focuses primarily on information flow analysis; his other research interests include peer-to-peer network monitoring, black-box malware analysis, and software automation.
Home page: https://www.cs.bham.ac.uk/~cxn626
Contact:
The speaker will be at Imperial for the whole day. Contact Sergio Maffeis if you would like to arrange a meeting.