Quantitative information flow as network flow capacity

We present a new technique for determining how much information about a program's secret inputs is revealed by its public outputs. In contrast to previous techniques based on reachability from secret inputs (tainting), it achieves a more precise quantitative result by computing a maximum flow of information between the inputs and outputs. The technique uses static control-flow regions to soundly account for implicit flows via branches and pointer operations, but operates dynamically by observing one or more program executions and giving numeric flow bounds specific to them (e.g., "17 bits"). The maximum flow in a network also gives a minimum cut (a set of edges that separate the secret input from the output), which can be used to efficiently check that the same policy is satisfied on future executions. We performed case studies on 5 real C, C++, and Objective C programs, 3 of which had more than 250K lines of code. The tool checked multiple security policies, including one that was violated by a previously unknown bug.

• Publication year

  2008

• Venue

  ACM-SIGPLAN Symposium on Programming Language Design and Implementation

• Publication date

  2008-06-07

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1145/1375581.1375606
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Quantitative information-flow tracking for real systems

  2008cited by this paper
• A Virtual Machine Based Information Flow Control System for Policy Enforcement

  2008cited by this paper
• Influence: A Quantitative Approach for Data Integrity (CMU-CyLab-08-005)

  2008cited by this paper
• Fine-Grained Information Flow Analysis and Enforcement in a Java Virtual Machine

  2007cited by this paper
• A simulation-based proof technique for dynamic information flow

  2007influential reference
• Labels and event processes in the Asbestos operating system

  2007cited by this paper
• Dytan: a generic dynamic taint analysis framework

  2007influential reference
• Flayer: Exposing Application Internals

  2007cited by this paper
• Valgrind: a framework for heavyweight dynamic binary instrumentation

  2007cited by this paper
• Interstatement must aliases for data dependence analysis of heap locations

  2007cited by this paper
• Assessing security threats of looping constructs

  2007cited by this paper
• Probabilistic calling context

  2007cited by this paper
• TightLip: Keeping Applications from Spilling the Beans

  2007cited by this paper
• LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks

  2006cited by this paper
• Making information flow explicit in HiStar

  2006cited by this paper
• Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks

  2006cited by this paper
• Quantitative Information-Flow Tracking for C and Related Languages

  2006cited by this paper
• Refactoring programs to secure information flows

  2006influential reference
• Encoding information flow in Haskell

  2006cited by this paper
• From Languages to Systems: Understanding Practical Application Development in Security-typed Languages

  2006cited by this paper
• Practical , Dynamic Information-flow for Virtual Machines

  2005cited by this paper
• Purity and Side Effect Analysis for Java Programs

  2005cited by this paper
• Using Valgrind to Detect Undefined Value Errors with Bit-Precision

  2005cited by this paper
• Automatically Hardening Web Applications Using Precise Tainting

  2005cited by this paper
• Quantified Interference for a While Language

  2005cited by this paper
• Elements of Information Theory

  2005cited by this paper
• Labels and event processes in the asbestos operating system

  2005cited by this paper
• Security-Typed Languages for Implementation of Cryptographic Protocols: A Case Study

  2005cited by this paper
• Detecting and debugging insecure information flows

  2004cited by this paper
• RIFLE: An Architectural Framework for User-Centric Information-Flow Security

  2004cited by this paper
• Secure program execution via dynamic information flow tracking

  2004cited by this paper
• Understanding data lifetime via whole system simulation

  2004influential reference
• AGD : A Library of Algorithms for Graph Drawing

  2003cited by this paper
• Flow Caml in a Nutshell

  2003influential reference
• Dynamic native optimization of interpreters

  2003cited by this paper
• Redux: A Dynamic Dataflow Tracer

  2003influential reference
• Quantifying information flow

  2002cited by this paper
• CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs

  2002cited by this paper
• Secure Execution via Program Shepherding

  2002cited by this paper
• Network information flow

  2000cited by this paper
• BitValue Inference: Detecting and Exploiting Narrow Bitwidth Computations

  2000influential reference
• JFlow: practical mostly-static information flow control

  1999influential reference
• Characterizing Multiterminal Flow Networks and Computing Flows in Networks of Small Treewidth

  1998cited by this paper
• Level Planarity Testing in Linear Time

  1998cited by this paper
• Computing Mimicking Networks

  1998cited by this paper
• A decentralized model for information flow control

  1997cited by this paper
• Providing flexibility in information flow control for object oriented systems

  1997cited by this paper
• A sound type system for secure flow analysis

  1996cited by this paper
• Introduction to algorithms

  1996cited by this paper
• Efficient flow-sensitive interprocedural computation of pointer-induced aliases and side effects

  1993cited by this paper
• A linear time algorithm for finding tree-decompositions of small treewidth

  1993cited by this paper
• Programming Perl

  1991cited by this paper
• Toward a Mathematical Foundation for Information Flow Security

  1991cited by this paper
• Memoryless execution: A programmer's viewpoint

  1976cited by this paper
• A lattice model of secure information flow

  1976cited by this paper
• Secure information flow in computer systems

  1975cited by this paper
• Proceedings of the fifth annual ACM symposium on Theory of computing

  1973cited by this paper

• Fipa: Fine-Grained Information-Flow-Driven Program Partitioning

  2026cites this paper
• Attacker Control and Bug Prioritization

  2025cites this paper
• A theory of fine-grained lineage for functions on structured objects

  2025cites this paper
• PolySys: an Algebraic Leakage Attack Engine

  2025cites this paper
• Dynamic Taint Tracking for Modern Java Virtual Machines

  2025cites this paper
• Octopus: Scaling Value-Flow Analysis via Parallel Collection of Realizable Path Conditions

  2024cites this paper
• Dynamic Possible Source Count Analysis for Data Leakage Prevention

  2024cites this paper
• Dynamic Controllability Analysis for Preventing Injection Attacks

  2024cites this paper
• Quantitative Input Usage Static Analysis

  2024cites this paper
• Obtaining Information Leakage Bounds via Approximate Model Counting

  2023cites this paper
• Abacus: Precise Side-Channel Analysis

  2021cites this paper
• Upper Bound Computation of Information Leakages for Unbounded Recursion

  2021cites this paper
• TRACE: Enterprise-Wide Provenance Tracking for Real-Time APT Detection

  2021cites this paper
• A Practical Approach for Dynamic Taint Tracking with Control-flow Relationships

  2021influential citation
• Tracking and Analysis of Causality at Enterprise Level (TRACE)

  2020cites this paper
• Probabilistic Abstract Interpretation: Sound Inference and Application to Privacy

  2020cites this paper
• Program-mandering: Quantitative Privilege Separation

  2019influential citation
• Fine Grained Dataflow Tracking with Proximal Gradients

  2019cites this paper
• Safer Program Behavior Sharing Through Trace Wringing

  2019cites this paper
• One Engine To Serve 'em All: Inferring Taint Rules Without Architectural Semantics

  2019cites this paper
• Privacy-Preserving Multi-Party Directory Services

  2019cites this paper
• Quantifying Dynamic Leakage: Complexity Analysis and Model Counting-based Calculation

  2019cites this paper
• Lprov: Practical Library-aware Provenance Tracing

  2018cites this paper
• Quantitative Analysis of Timing Channel Security in Cryptographic Hardware Design

  2018cites this paper
• Information Leakage in Arbiter Protocols

  2018cites this paper
• Hybrid statistical estimation of mutual information and its application to information flow

  2018cites this paper
• Practical dynamic information flow control

  2018influential citation
• Privacy in the Smart City—Applications, Technologies, Challenges, and Solutions

  2018cites this paper
• Secure and Efficient Multi-Party Directory Publication for Privacy-Preserving Data Sharing

  2018cites this paper
• Scalable Approximation of Quantitative Information Flow in Programs

  2018cites this paper
• Symbolic Side-Channel Analysis for Probabilistic Programs

  2018cites this paper
• What's the Over/Under? Probabilistic Bounds on Information Leakage

  2018cites this paper
• Model Counting: A Novel Approach for Quantification of Information Leaks

  2018cites this paper
• Detection and Exploitation of Information Flow Leaks

  2017cites this paper
• Automata-based Model Counting String Constraint Solver for Vulnerability Analysis

  2017cites this paper
• Formal Analysis of the Information Leakage of the DC-Nets and Crowds Anonymity Protocols

  2017cites this paper
• Combining Static Code Analysis and Machine Learning for Automatic Detection of Security Vulnerabilities in Mobile Apps

  2017cites this paper
• What ’ s the Over / Under ? Probabilistic Bounds on Information Leakage

  2017cites this paper
• Combining Differential Privacy and Mutual Information for Analyzing Leakages in Workflows

  2017cites this paper
• Constraint normalization and parameterized caching for quantitative program analysis

  2017cites this paper
• On Risk in Access Control Enforcement

  2017cites this paper
• Tools for the Evaluation and Choice of Countermeasures against Side-Channel Attacks

  2016cites this paper
• String analysis for side channels with segmented oracles

  2016cites this paper
• DAPA: Degradation-Aware Privacy Analysis of Android Apps

  2016cites this paper
• Evolution of DPaaS Era in Cloud

  2016cites this paper
• ProTracer: Towards Practical Provenance Tracing by Alternating Between Logging and Tainting

  2016cites this paper
• An Approach towards Data Protection as a Service Intended for Cloud Masses

  2016cites this paper
• Sampling a Two-way Finite Automaton 1

  2016cites this paper
• Information-Flow Tracking for Web Security

  2016cites this paper
• Short Paper: Dynamic leakage: A Need for a New Quantitative Information Flow Measure

  2016cites this paper
• Precisely quantifying software information flow

  2016cites this paper
• An approach to error correction in program code using dynamic optimization in a virtual execution environment

  2016cites this paper
• Hybrid Statistical Estimation of Mutual Information for Quantifying Information Flow

  2016cites this paper
• Information Flow Control with System Dependence Graphs - Improving Modularity, Scalability and Precision for Object Oriented Languages

  2016cites this paper
• LDX: Causality Inference by Lightweight Dual Execution

  2016influential citation
• Precisely Measuring Quantitative Information Flow: 10K Lines of Code and Beyond

  2016cites this paper
• Quantifying timing-based information flow in cryptographic hardware

  2015influential citation
• Cloud Data Protection for Masses

  2015cites this paper
• Privacy Analysis of Android Apps: Implicit Flows and Quantitative Analysis

  2015cites this paper
• Using Information Flow Methods to Secure Cyber-Physical Systems

  2015cites this paper
• Principles of Software Security Paper Summary : Privacy Analysis of Android Apps : Implicit Flows and Quantitative Analysis

  2015cites this paper
• Handling Uncertainty in Database: An Introduction and Brief Survey

  2015cites this paper
• Short Paper: The Meaning of Attack-Resistant Systems

  2015cites this paper
• Modeling, Quantifying, and Limiting Adversary Knowledge

  2015cites this paper
• DROIT: Dynamic Alternation of Dual-Level Tainting for Malware Analysis

  2015cites this paper
• Computing and estimating information leakage with a quantitative point-to-point information flow model

  2015cites this paper
• Sampling a Two-Way Finite Automaton

  2015cites this paper
• Model Counting Modulo Theories

  2015cites this paper
• Advanced Network Inference Techniques Based on Network Protocol Stack Information Leaks

  2015cites this paper
• MorphDroid: Fine-grained Privacy Verification

  2015cites this paper
• Datacentric Semantics for Verification of Privacy Policy Compliance by Mobile Applications

  2015influential citation
• Automata-Based Model Counting for String Constraints

  2015cites this paper
• On Efficiency and Accuracy of Data Flow Tracking Systems

  2015cites this paper
• The Meaning of Attack-Resistant Systems

  2015cites this paper
• A Bayesian Approach to Privacy Enforcement in Smartphones

  2014influential citation
• A Usage-Pattern Perspective for Privacy Ranking of Android Apps

  2014cites this paper
• Cross-Layer Data-Centric Usage Control

  2014influential citation
• Practical Dynamic Information-Flow Tracking on Mobile Devices

  2014influential citation
• Precise quantitative information flow analysis - a symbolic approach

  2014cites this paper
• Conservative Signed/Unsigned Type Inference for Binaries using Minimum Cut

  2014cites this paper
• Satisfiability modulo counting: a new approach for analyzing privacy properties

  2014cites this paper
• Safe Guarding Cloud Data For Multitudes

  2014cites this paper
• Markovian Processes for Quantitative Information Leakage

  2014cites this paper
• Practical Secure Two-Party Computation : Techniques , Tools , and Applications

  2014cites this paper
• A Cut Principle for Information Flow

  2014cites this paper
• SpanDex: Secure Password Tracking for Android

  2014cites this paper
• Reliable data processing enabled by program analysis

  2014cites this paper
• Quantifying information leaks using reliability analysis

  2014cites this paper
• A model counter for constraints over unbounded strings

  2014cites this paper
• Lightweight automated detection of unsafe information leakage via exceptions

  2014cites this paper
• On quantitative dynamic data flow tracking

  2014influential citation
• LeakWatch: Estimating Information Leakage from Java Programs

  2014cites this paper
• ALETHEIA: Improving the Usability of Static Security Analysis

  2014cites this paper
• Quantifying information flow in cryptographic systems

  2014cites this paper
• TaintDroid

  2014cites this paper
• Automation of Quantitative Information-Flow Analysis

  2013cites this paper
• Probabilistic Point-to-Point Information Leakage

  2013cites this paper
• Securing the mashed up web

  2013cites this paper
• SAT-Based Analysis and Quantification of Information Flow in Programs

  2013influential citation
• A Tool for Estimating Information Leakage

  2013cites this paper