Skip to main content

Static Evaluation of Noninterference Using Approximate Model Counting

Publication ,  Conference
Zhou, Z; Qian, Z; Reiter, MK; Zhang, Y
Published in: Proceedings - IEEE Symposium on Security and Privacy
July 23, 2018

Noninterference is a definition of security for secret values provided to a procedure, which informally is met when attacker-observable outputs are insensitive to the value of the secret inputs or, in other words, the secret inputs do not 'interfere' with those outputs. This paper describes a static analysis method to measure interference in software. In this approach, interference is assessed using the extent to which different secret inputs are consistent with different attacker-controlled inputs and attacker-observable outputs, which can be measured using a technique called model counting. Leveraging this insight, we develop a flexible interference assessment technique for which the assessment accuracy quantifiably grows with the computational effort invested in the analysis. This paper demonstrates the effectiveness of this technique through application to several case studies, including leakage of: search-engine queries through auto-complete response sizes; secrets subjected to compression together with attacker-controlled inputs; and TCP sequence numbers from shared counters.

Duke Scholars

Published In

Proceedings - IEEE Symposium on Security and Privacy

DOI

ISSN

1081-6011

Publication Date

July 23, 2018

Volume

2018-May

Start / End Page

514 / 528
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Zhou, Z., Qian, Z., Reiter, M. K., & Zhang, Y. (2018). Static Evaluation of Noninterference Using Approximate Model Counting. In Proceedings - IEEE Symposium on Security and Privacy (Vol. 2018-May, pp. 514–528). https://doi.org/10.1109/SP.2018.00052
Zhou, Z., Z. Qian, M. K. Reiter, and Y. Zhang. “Static Evaluation of Noninterference Using Approximate Model Counting.” In Proceedings - IEEE Symposium on Security and Privacy, 2018-May:514–28, 2018. https://doi.org/10.1109/SP.2018.00052.
Zhou Z, Qian Z, Reiter MK, Zhang Y. Static Evaluation of Noninterference Using Approximate Model Counting. In: Proceedings - IEEE Symposium on Security and Privacy. 2018. p. 514–28.
Zhou, Z., et al. “Static Evaluation of Noninterference Using Approximate Model Counting.” Proceedings - IEEE Symposium on Security and Privacy, vol. 2018-May, 2018, pp. 514–28. Scopus, doi:10.1109/SP.2018.00052.
Zhou Z, Qian Z, Reiter MK, Zhang Y. Static Evaluation of Noninterference Using Approximate Model Counting. Proceedings - IEEE Symposium on Security and Privacy. 2018. p. 514–528.

Published In

Proceedings - IEEE Symposium on Security and Privacy

DOI

ISSN

1081-6011

Publication Date

July 23, 2018

Volume

2018-May

Start / End Page

514 / 528