1 / 12

Quantitative Analysis of Information Leakage in Probabilistic and Nondeterministic Systems

Quantitative Analysis of Information Leakage in Probabilistic and Nondeterministic Systems. Miguel E. Andrés. Quantitative Analysis of. Information Leakage. in Probabilistic and Nondeterministic Systems. What is information leakage ?

zahina
Download Presentation

Quantitative Analysis of Information Leakage in Probabilistic and Nondeterministic Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Quantitative Analysis ofInformation Leakagein Probabilistic and NondeterministicSystems Miguel E. Andrés

  2. Quantitative Analysisof Information Leakage in Probabilistic and NondeterministicSystems Whatisinformation leakage? An incident where the confidentiality of information has been compromised. Examples • [2010] Gmail accounts of Chinese dissidents and human rights activists were hacked. • [2011] Passwords of U.S. White House officials, Chinesepoliticalactivists, officials in severalAsian countries, and otherswerehacked. Result: After cross acusationwith the Chinesegovermentbecause the source of the cyber attacks, Google moved all its servers out of China.

  3. Quantitative Analysisof Information Leakage in Probabilistic and NondeterministicSystems Whatisinformation leakage? An incident where the confidentiality of information has been compromised. Examples International non-profit organization that publishes submissions of private secret and classified media from anonymous news sources • Released 92 000 US confidential documents about war in Afghanistan • Released 260 000 US diplomatic cables • Released 400 000 US confidential documents about the war in Irak Result: one of the biggestdiplomaticcrisis in the history of the U.S.

  4. Quantitative Analysisof Information Leakage in Probabilistic and NondeterministicSystems Whatisinformation leakage? An incident where the confidentiality of information has been compromised. Examples Online multiplayer gaming and media service for use with the PS 3 • [April 2011] The service was hacked and led to information leakage of 100 million users. The information leaked includes users’ name, home address, email, birthday, passwords, credit card information and more confidential data Result: Reputation damage + millionaire economic losses (due to the shut down of the service and multiple sues for negligence)

  5. Quantitative Analysisof Information Leakage in Probabilistic and NondeterministicSystems Whatis information leakage? An incident where the confidentiality of information has been compromised. What kind of incident? • Human ``negligence’’ (phishing scams, infected computer, etc) • Acts of sabotage (for example from an insider) • Bugs in the system (either intended or unintended)

  6. Quantitative Analysisof Information Leakage in Probabilistic and NondeterministicSystems • Quantitative Analysis In practice all systemsleaksomeinformation. The challenge is to determinehow much. • Probab & NondetermSystems Mathematicalmodelsrequired for the formalanalysis of complexsystems.

  7. Information Leakageexample: Anonymity Whatisanonymity? The termanonymityisoftenused to express the factthat the identity of an individualisunkown. Internet > Mr burnssucks > Mr Burns sucks! > Mr Burns sucks! Crowds | Tor | Anonymizer <Mr. Burns sucks> 200.68.91.93 <Mr. Burns sucks> 204.45.119.130

  8. Contributions Internet • Specification & Verification Develop techniques that help specifyingand verifyinganonymityproperties Does??? Crowds | Tor | Anonymizer StrongAnonymity Probable Innocence … provide Anonymity satisfy

  9. Contributions Internet (2) MeasuringLeakage How much information is the system leaking??? Crowds | Tor | Anonymizer Tor Crowds ?

  10. Contributions Internet (3) Debugging Somethingwentwrong Whatwasit??? Crowds | Tor | Anonymizer

  11. Summary of Contributions SPECIFICATION & VERIFICATION Chapter II [TACAS 08] ConditionalProbabilities over probabilistic and nondeterministicsystems MEASURING LEAKAGE Chapter III [TACAS 10] Computingthe Leakage of Information HidingSystems Chapter IV [QEST 10 & Journal TCS] Information hiding in concurrent systems SPECIFICATION & VERIFICATION DEBUGGING Chapter V [HVC 08] Significantdiagnostic counterexamplegeneration Chapter VI [CONCUR 10 & LICS 10 & TCS 10 & Journal Computer Security] Extensions (overview)

  12. The end… Thankyou for your attention!!!

More Related