SlideShare a Scribd company logo

Quantifying Information Leaks using Reliability Analysis

Quoc-Sang Phan
Quoc-Sang Phan

Presentation at the International SPIN Symposium on Model Checking of Software 2014. Full paper is here: http://dl.acm.org/citation.cfm?id=2632367

Science
1 of 24
Download to read offline
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Quantifying Information Leaks using Reliability Analysis Q. Sang Phan∗, Pasquale Malacaria∗, Corina S. P˘as˘areanu†, and Marcelo d’Amorim‡ ∗Queen Mary University of London, UK †Carnegie Mellon Silicon Valley and NASA Ames, USA ‡Federal University of Pernambuco, Brazil July 23, 2014 1 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Information Flow Quantitative Information Flow Information Flow Secret input (H) Public input (L) Program P Public Output (O) Non-interference Public input (L) Program P Secret input (H) Information leaked Public Output (O) √ ? 2 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Information Flow Quantitative Information Flow Information Flow What violates non-interference? Information flow from variable H to variable O Direct flow (explicit flow) O = H - 10; Indirect flow (implicit flow) if (H > 3) O = 3; else O = 100; 3 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Information Flow Quantitative Information Flow Information Flow What violates non-interference? Information flow from variable H to variable O Direct flow (explicit flow) O = H - 10; Indirect flow (implicit flow) if (H > 3) O = 3; else O = 100; Approaches to non-interference: Type systems: suffer from false positives, e.g. O = H - H; Taint analysis: suffer from false positives and false negatives. Self-composition: precise (but more expensive). 3 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Information Flow Quantitative Information Flow Information Flow Non-interference is often unachievable. 4 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Information Flow Quantitative Information Flow Information Flow Non-interference is often unachievable. int check(int H, int L){ int O; if (L == H) O = ACCEPT; else O = REJECT; return O; } password check Secret input (H) Public input (L) Program P Public Output (O) Non-interference Public input (L) Program P Secret input (H) Information leaked Public Output (O) √ ? 4 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Information Flow Quantitative Information Flow Information Flow Non-interference is often unachievable. int check(int H, int L){ int O; if (L == H) O = ACCEPT; else O = REJECT; return O; } password check Secret input (H) Public input (L) Program P Public Output (O) Non-interference Public input (L) Program P Secret input (H) Information leaked Public Output (O) √ ? Non-interference: Does it leak information? Quantitative Information Flow: “How much” does it leak? 4 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Information Flow Quantitative Information Flow Quantitative Information Flow Adversary tries to infer H from L and O H L O f Leaks = Secrecy before observing - Secrecy after observing 5 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Information Flow Quantitative Information Flow Quantitative Information Flow Adversary tries to infer H from L and O H L O f Leaks = Secrecy before observing - Secrecy after observing Formal definition XH, XL, XO: distributions of H, L, O. E (entropy): function measuring secrecy. ∆E (XH) = E(XH) − E(XH|XL = l, XO) 5 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Information Flow Quantitative Information Flow Quantitative Information Flow ∆E (XH) = E(XH) − E(XH|XL = l, XO) Theorem of Channel Capacity ∆E (XH) ≤ log2(|O|) has been proved in the case: E is Shannon entropy (Malacaria and Chen 2008) E is R´enyi’s min-entropy (Smith 2009) holds for all possible distributions of XH. is basis of state-of-the-art techniques for Quantitative Information Flow analysis. 6 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation State of the art What can’t be avoided: Input: program P, inputs classified as H and L (Output: P leaks maximum k bits) What users have to do? (Heusser and Malacaria 2010): write a driver following a template. (Meng and Smith 2011), (Meng and Smith 2013): manually transform the program into bit vector predicates. (Klebanov 2012): provide hypothesis, loop invariants etc for the interactive theorem prover. . . . This work: automated. 7 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation QILURA Program Symbolic PathFinder Labeling Procedure Z3 Omega Quantifying Procedure Latte Input labels k bits 8 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation Preliminaries P = (Σ, I, F, T) A symbolic path ρ of P: ρ = σ0σ1..σn σ0 ∈ I; σn ∈ F, σi , σi+1 ∈ T for all i ∈ {0, . . . , n − 1} Semantics of P: the set R of all symbolic paths ρi Define the functions: init(ρ) = σ0; fin(ρ) = σn #in(ρ): the number of inputs that go to path ρ. #out(ρ): the number of outputs that go out from the path ρ. Denote by X|y the value of the variable X at the symbolic state y (i.e. y : X → X|y ) 9 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation Symbolic PathFinder Take symbols as inputs instead of concrete data. Build path condition pci ≡ ci (α, β) for each symbolic path ρi . Execute program P with H = α and L = β O =    f1(α, β) if c1(α, β) f2(α, β) if c2(α, β) . . . . . . fm(α, β) if cm(α, β)    For the symbolic path ρi with final state σi ∈ F O|σi = fi (α, β) Define a function: path(ρi ) = ci (α, β) 10 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation Illustrative Example int sanityCheck(int H){ int base = 8, O; if (H < 16) O = base + H; else O = base; return O; } Sanity check Running Symbolic Execution on the program with H = α, there are two symbolic paths: ρ1 : O|fin(ρ1) = α + 8, and c1(α) = α < 16 ρ2 : O|fin(ρ2) = 8, and c2(α) = ¬(α < 16) 11 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation Labeling Procedure Self-composition P : copy of P with all variable renamed: H, L, O → H , L , O The following Hoare triple guarantees non-interference {L = L }P; P {O = O } 12 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation Labeling Procedure Self-composition P : copy of P with all variable renamed: H, L, O → H , L , O The following Hoare triple guarantees non-interference {L = L }P; P {O = O } Suppose we run Symbolic Execution on P; P with H = α; H = α1; L = L = β The symbolic semantics of P and P is R and R Fine-grained Self-composition by Symbolic Execution ∀ρ ∈ R, ρ ∈ R .path(ρ) ∧ path(ρ ) → O|fin(ρ) = O |fin(ρ ) 12 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation Illustrative Example ρ1 : O|fin(ρ1) = α + 8, and c1(α) = α < 16 ρ2 : O|fin(ρ2) = 8, and c2(α) = ¬(α < 16) Program P also has two symbolic path ρ1, ρ2. There are 3 possible combinations: ρ1, ρ1 (α < 16 ∧ α1 < 16 → α + 8 = α1 + 8) : INVALID ρ2, ρ2 (¬(α < 16) ∧ ¬(α1 < 16) → 8 = 8) : VALID ρ1, ρ2 (α < 16 ∧ ¬(α1 < 16)) → α + 8 = 8 : INVALID ⇒ ρ1 is direct flow, ρ2 is in indirect flow. 13 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation Quantifying Procedure CC(P) ≤ log2(Σ#out(ρc) + Σ#out(ρi ) + Σ#out(ρd )) Σ#out(ρc) = 1. Σ#out(ρi ) is the number of indirect paths ρi . Only Σ#out(ρd ) needs to be computed. 14 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation Quantifying Procedure CC(P) ≤ log2(Σ#out(ρc) + Σ#out(ρi ) + Σ#out(ρd )) Σ#out(ρc) = 1. Σ#out(ρi ) is the number of indirect paths ρi . Only Σ#out(ρd ) needs to be computed. Reliability Analysis in Symbolic PathFinder. Filieri, P˘as˘areanu and Visser. ICSE 2013. Compute #in(ρ) for each ρ Program as a function: #out(ρd ) ≤ #in(ρd ) 14 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation Illustrative Example Direct flow ρ1 : O|fin(ρ1) = α + 8, and c1(α) = α < 16 Indirect flow ρ2 : O|fin(ρ2) = 8, and c2(α) = ¬(α < 16) Σ#out(ρi ) = 1. Σ#out(ρd ) ≤ Σ#in(ρd ) Reliability Analysis engine: Σ#in(ρd ) = 16 ⇒ CC(P) ≤ log2(17) = 4.09 15 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation Preliminary Evaluation Case Study jpf-qif QILURA BitPattern Capacity Time Bound Time Bound Time No Flow 0 2.304 0 0.790 - - Sanity check 1 4 45.324 4.09 1.066 4 0.036 Sanity check 2 4 35.346 4.09 1.049 4.59 0.203 Implicit Flow 2.81 0.897 3 0.796 3 0.011 Electronic Purse 2 1.169 2.32 0.854 2 0.157 Ten random outputs 3.32 1.050 3.32 0.814 18.645 0.224 16 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Conclusions QILURA: a fully automated tool to quantify leaks in Java bytecode. Two-steps analysis: Fine-grained self-composition to label paths. Reliability analysis engine to quantify inputs in each path. Download: https://github.com/qif/jpf-qilura 17 / 18
INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION THANK YOU FOR YOUR ATTENTION! 18 / 18

Recommended

Quantifying Information Leaks using Reliability Analysis
Quantifying Information Leaks using Reliability AnalysisQuantifying Information Leaks using Reliability Analysis
Quantifying Information Leaks using Reliability AnalysisQuoc-Sang Phan
 
Programming in C Lab
Programming in C LabProgramming in C Lab
Programming in C LabNeil Mathew
 
All-Solution Satisfiability Modulo Theories: applications, algorithms and ben...
All-Solution Satisfiability Modulo Theories: applications, algorithms and ben...All-Solution Satisfiability Modulo Theories: applications, algorithms and ben...
All-Solution Satisfiability Modulo Theories: applications, algorithms and ben...Quoc-Sang Phan
 
LL(1) parsing
LL(1) parsingLL(1) parsing
LL(1) parsingKHYATI PATEL
 
All important c programby makhan kumbhkar
All important c programby makhan kumbhkarAll important c programby makhan kumbhkar
All important c programby makhan kumbhkarsandeep kumbhkar
 
Simple c program
Simple c programSimple c program
Simple c programRavi Singh
 
Unit2 C
Unit2 CUnit2 C
Unit2 Carnold 7490
 
Lecture 15 16
Lecture 15 16Lecture 15 16
Lecture 15 16Najmul Hassan
 

Recommended

Quantifying Information Leaks using Reliability Analysis
Quantifying Information Leaks using Reliability AnalysisQuantifying Information Leaks using Reliability Analysis
Quantifying Information Leaks using Reliability AnalysisQuoc-Sang Phan
 
Programming in C Lab
Programming in C LabProgramming in C Lab
Programming in C LabNeil Mathew
 
All-Solution Satisfiability Modulo Theories: applications, algorithms and ben...
All-Solution Satisfiability Modulo Theories: applications, algorithms and ben...All-Solution Satisfiability Modulo Theories: applications, algorithms and ben...
All-Solution Satisfiability Modulo Theories: applications, algorithms and ben...Quoc-Sang Phan
 
LL(1) parsing
LL(1) parsingLL(1) parsing
LL(1) parsingKHYATI PATEL
 
All important c programby makhan kumbhkar
All important c programby makhan kumbhkarAll important c programby makhan kumbhkar
All important c programby makhan kumbhkarsandeep kumbhkar
 
Simple c program
Simple c programSimple c program
Simple c programRavi Singh
 
Unit2 C
Unit2 CUnit2 C
Unit2 Carnold 7490
 
Lecture 15 16
Lecture 15 16Lecture 15 16
Lecture 15 16Najmul Hassan
 
Demand-Driven Context-Sensitive Alias Analysis for Java
Demand-Driven Context-Sensitive Alias Analysis for JavaDemand-Driven Context-Sensitive Alias Analysis for Java
Demand-Driven Context-Sensitive Alias Analysis for JavaDacong (Tony) Yan
 
Compiler design lab programs
Compiler design lab programs Compiler design lab programs
Compiler design lab programs Guru Janbheshver University, Hisar
 
Ll(1) Parser in Compilers
Ll(1) Parser in CompilersLl(1) Parser in Compilers
Ll(1) Parser in CompilersMahbubur Rahman
 
C-Language Unit-2
C-Language Unit-2C-Language Unit-2
C-Language Unit-2kasaragadda srinivasrao
 
C Building Blocks
C Building Blocks C Building Blocks
C Building Blocks imtiazalijoono
 
Brief introduction to Algorithm analysis
Brief introduction to Algorithm analysis Brief introduction to Algorithm analysis
Brief introduction to Algorithm analysis Anantha Ramu
 
(Www.entrance exam.net)-tcs placement sample paper 2
(Www.entrance exam.net)-tcs placement sample paper 2(Www.entrance exam.net)-tcs placement sample paper 2
(Www.entrance exam.net)-tcs placement sample paper 2Pamidimukkala Sivani
 
07 top-down-parsing
07 top-down-parsing07 top-down-parsing
07 top-down-parsingHarish Khodke
 
PAS 2012
PAS 2012PAS 2012
PAS 2012Abhik Roychoudhury
 
Pas oct12
Pas oct12Pas oct12
Pas oct12Abhik Roychoudhury
 
Parsing LL(1), SLR, LR(1)
Parsing LL(1), SLR, LR(1)Parsing LL(1), SLR, LR(1)
Parsing LL(1), SLR, LR(1)Nitin Mohan Sharma
 
Cd practical file (1) start se
Cd practical file (1) start seCd practical file (1) start se
Cd practical file (1) start sedalipkumar64
 
Chapter Five(2)
Chapter Five(2)Chapter Five(2)
Chapter Five(2)bolovv
 
Topdown parsing
Topdown parsingTopdown parsing
Topdown parsingRoyalzig Luxury Furniture
 
First and follow set
First and follow setFirst and follow set
First and follow setDawood Faheem Abbasi
 
Chapter 4 : Balagurusamy Programming ANSI in C
Chapter 4 : Balagurusamy Programming ANSI in CChapter 4 : Balagurusamy Programming ANSI in C
Chapter 4 : Balagurusamy Programming ANSI in CBUBT
 
Data analysis-with-spss-reliability-anil barik
Data analysis-with-spss-reliability-anil barikData analysis-with-spss-reliability-anil barik
Data analysis-with-spss-reliability-anil barikanilbarik
 
Difficulty Index, Discrimination Index, Reliability and Rasch Measurement Ana...
Difficulty Index, Discrimination Index, Reliability and Rasch Measurement Ana...Difficulty Index, Discrimination Index, Reliability and Rasch Measurement Ana...
Difficulty Index, Discrimination Index, Reliability and Rasch Measurement Ana...Azmi Mohd Tamil
 
Reliability engineering chapter-2 reliability of systems
Reliability engineering chapter-2 reliability of systemsReliability engineering chapter-2 reliability of systems
Reliability engineering chapter-2 reliability of systemsCharlton Inao
 
basic concepts of reliability
basic concepts of reliabilitybasic concepts of reliability
basic concepts of reliabilitydennis gookyi
 
Fundamentals of reliability engineering and applications part1of3
Fundamentals of reliability engineering and applications part1of3Fundamentals of reliability engineering and applications part1of3
Fundamentals of reliability engineering and applications part1of3ASQ Reliability Division
 
An introduction to reliability and maintainability engineering, charles e. eb...
An introduction to reliability and maintainability engineering, charles e. eb...An introduction to reliability and maintainability engineering, charles e. eb...
An introduction to reliability and maintainability engineering, charles e. eb...Khoiri Nurrahmani
 

More Related Content

What's hot

Demand-Driven Context-Sensitive Alias Analysis for Java
Demand-Driven Context-Sensitive Alias Analysis for JavaDemand-Driven Context-Sensitive Alias Analysis for Java
Demand-Driven Context-Sensitive Alias Analysis for JavaDacong (Tony) Yan
 
Ll(1) Parser in Compilers
Ll(1) Parser in CompilersLl(1) Parser in Compilers
Ll(1) Parser in CompilersMahbubur Rahman
 
Brief introduction to Algorithm analysis
Brief introduction to Algorithm analysis Brief introduction to Algorithm analysis
Brief introduction to Algorithm analysis Anantha Ramu
 
(Www.entrance exam.net)-tcs placement sample paper 2
(Www.entrance exam.net)-tcs placement sample paper 2(Www.entrance exam.net)-tcs placement sample paper 2
(Www.entrance exam.net)-tcs placement sample paper 2Pamidimukkala Sivani
 
Cd practical file (1) start se
Cd practical file (1) start seCd practical file (1) start se
Cd practical file (1) start sedalipkumar64
 
Chapter Five(2)
Chapter Five(2)Chapter Five(2)
Chapter Five(2)bolovv
 
Chapter 4 : Balagurusamy Programming ANSI in C
Chapter 4 : Balagurusamy Programming ANSI in CChapter 4 : Balagurusamy Programming ANSI in C
Chapter 4 : Balagurusamy Programming ANSI in CBUBT
 

What's hot (16)

Demand-Driven Context-Sensitive Alias Analysis for Java
Demand-Driven Context-Sensitive Alias Analysis for JavaDemand-Driven Context-Sensitive Alias Analysis for Java
Demand-Driven Context-Sensitive Alias Analysis for Java
 
Compiler design lab programs
Compiler design lab programs Compiler design lab programs
Compiler design lab programs
 
Ll(1) Parser in Compilers
Ll(1) Parser in CompilersLl(1) Parser in Compilers
Ll(1) Parser in Compilers
 
C-Language Unit-2
C-Language Unit-2C-Language Unit-2
C-Language Unit-2
 
C Building Blocks
C Building Blocks C Building Blocks
C Building Blocks
 
Brief introduction to Algorithm analysis
Brief introduction to Algorithm analysis Brief introduction to Algorithm analysis
Brief introduction to Algorithm analysis
 
(Www.entrance exam.net)-tcs placement sample paper 2
(Www.entrance exam.net)-tcs placement sample paper 2(Www.entrance exam.net)-tcs placement sample paper 2
(Www.entrance exam.net)-tcs placement sample paper 2
 
07 top-down-parsing
07 top-down-parsing07 top-down-parsing
07 top-down-parsing
 
PAS 2012
PAS 2012PAS 2012
PAS 2012
 
Pas oct12
Pas oct12Pas oct12
Pas oct12
 
Parsing LL(1), SLR, LR(1)
Parsing LL(1), SLR, LR(1)Parsing LL(1), SLR, LR(1)
Parsing LL(1), SLR, LR(1)
 
Cd practical file (1) start se
Cd practical file (1) start seCd practical file (1) start se
Cd practical file (1) start se
 
Chapter Five(2)
Chapter Five(2)Chapter Five(2)
Chapter Five(2)
 
Topdown parsing
Topdown parsingTopdown parsing
Topdown parsing
 
First and follow set
First and follow setFirst and follow set
First and follow set
 
Chapter 4 : Balagurusamy Programming ANSI in C
Chapter 4 : Balagurusamy Programming ANSI in CChapter 4 : Balagurusamy Programming ANSI in C
Chapter 4 : Balagurusamy Programming ANSI in C
 

Viewers also liked

Data analysis-with-spss-reliability-anil barik
Data analysis-with-spss-reliability-anil barikData analysis-with-spss-reliability-anil barik
Data analysis-with-spss-reliability-anil barikanilbarik
 
Difficulty Index, Discrimination Index, Reliability and Rasch Measurement Ana...
Difficulty Index, Discrimination Index, Reliability and Rasch Measurement Ana...Difficulty Index, Discrimination Index, Reliability and Rasch Measurement Ana...
Difficulty Index, Discrimination Index, Reliability and Rasch Measurement Ana...Azmi Mohd Tamil
 
Reliability engineering chapter-2 reliability of systems
Reliability engineering chapter-2 reliability of systemsReliability engineering chapter-2 reliability of systems
Reliability engineering chapter-2 reliability of systemsCharlton Inao
 
basic concepts of reliability
basic concepts of reliabilitybasic concepts of reliability
basic concepts of reliabilitydennis gookyi
 
Fundamentals of reliability engineering and applications part1of3
Fundamentals of reliability engineering and applications part1of3Fundamentals of reliability engineering and applications part1of3
Fundamentals of reliability engineering and applications part1of3ASQ Reliability Division
 
An introduction to reliability and maintainability engineering, charles e. eb...
An introduction to reliability and maintainability engineering, charles e. eb...An introduction to reliability and maintainability engineering, charles e. eb...
An introduction to reliability and maintainability engineering, charles e. eb...Khoiri Nurrahmani
 
Reliability Centered Maintenance Made Simple
Reliability Centered Maintenance Made SimpleReliability Centered Maintenance Made Simple
Reliability Centered Maintenance Made SimpleRicky Smith CMRP, CMRT
 
Validity & reliability an interesting powerpoint slide i created
Validity & reliability an interesting powerpoint slide i createdValidity & reliability an interesting powerpoint slide i created
Validity & reliability an interesting powerpoint slide i createdSze Kai
 
Fmea Handbook V4.1[1][1]
Fmea Handbook V4.1[1][1]Fmea Handbook V4.1[1][1]
Fmea Handbook V4.1[1][1]ExerciseLeanLLC
 
Presentation Validity & Reliability
Presentation Validity & ReliabilityPresentation Validity & Reliability
Presentation Validity & Reliabilitysongoten77
 
Validity and reliability of questionnaires
Validity and reliability of questionnairesValidity and reliability of questionnaires
Validity and reliability of questionnairesVenkitachalam R
 
Best Practices in Maintenance and Reliability
Best Practices in Maintenance and ReliabilityBest Practices in Maintenance and Reliability
Best Practices in Maintenance and ReliabilityRicky Smith CMRP, CMRT
 

Viewers also liked (13)

Data analysis-with-spss-reliability-anil barik
Data analysis-with-spss-reliability-anil barikData analysis-with-spss-reliability-anil barik
Data analysis-with-spss-reliability-anil barik
 
Difficulty Index, Discrimination Index, Reliability and Rasch Measurement Ana...
Difficulty Index, Discrimination Index, Reliability and Rasch Measurement Ana...Difficulty Index, Discrimination Index, Reliability and Rasch Measurement Ana...
Difficulty Index, Discrimination Index, Reliability and Rasch Measurement Ana...
 
Reliability engineering chapter-2 reliability of systems
Reliability engineering chapter-2 reliability of systemsReliability engineering chapter-2 reliability of systems
Reliability engineering chapter-2 reliability of systems
 
basic concepts of reliability
basic concepts of reliabilitybasic concepts of reliability
basic concepts of reliability
 
Fundamentals of reliability engineering and applications part1of3
Fundamentals of reliability engineering and applications part1of3Fundamentals of reliability engineering and applications part1of3
Fundamentals of reliability engineering and applications part1of3
 
An introduction to reliability and maintainability engineering, charles e. eb...
An introduction to reliability and maintainability engineering, charles e. eb...An introduction to reliability and maintainability engineering, charles e. eb...
An introduction to reliability and maintainability engineering, charles e. eb...
 
Reliability Centered Maintenance Made Simple
Reliability Centered Maintenance Made SimpleReliability Centered Maintenance Made Simple
Reliability Centered Maintenance Made Simple
 
Validity & reliability an interesting powerpoint slide i created
Validity & reliability an interesting powerpoint slide i createdValidity & reliability an interesting powerpoint slide i created
Validity & reliability an interesting powerpoint slide i created
 
Fmea Handbook V4.1[1][1]
Fmea Handbook V4.1[1][1]Fmea Handbook V4.1[1][1]
Fmea Handbook V4.1[1][1]
 
Presentation Validity & Reliability
Presentation Validity & ReliabilityPresentation Validity & Reliability
Presentation Validity & Reliability
 
Validity and reliability of questionnaires
Validity and reliability of questionnairesValidity and reliability of questionnaires
Validity and reliability of questionnaires
 
Reliability engineering ppt-Internship
Reliability engineering ppt-InternshipReliability engineering ppt-Internship
Reliability engineering ppt-Internship
 
Best Practices in Maintenance and Reliability
Best Practices in Maintenance and ReliabilityBest Practices in Maintenance and Reliability
Best Practices in Maintenance and Reliability
 

More from Quoc-Sang Phan

Model-counting Approaches For Nonlinear Numerical Constraints
Model-counting Approaches For Nonlinear Numerical ConstraintsModel-counting Approaches For Nonlinear Numerical Constraints
Model-counting Approaches For Nonlinear Numerical ConstraintsQuoc-Sang Phan
 
Quantifying Information Leaks via Model Counting Modulo Theories
Quantifying Information Leaks via Model Counting Modulo TheoriesQuantifying Information Leaks via Model Counting Modulo Theories
Quantifying Information Leaks via Model Counting Modulo TheoriesQuoc-Sang Phan
 
Concurrent Bounded Model Checking
Concurrent Bounded Model CheckingConcurrent Bounded Model Checking
Concurrent Bounded Model CheckingQuoc-Sang Phan
 
Symbolic Execution as DPLL Modulo Theories
Symbolic Execution as DPLL Modulo TheoriesSymbolic Execution as DPLL Modulo Theories
Symbolic Execution as DPLL Modulo TheoriesQuoc-Sang Phan
 
Towards an SMT-based approach for Quantitative Information Flow
Towards an SMT-based approach for Quantitative Information FlowTowards an SMT-based approach for Quantitative Information Flow
Towards an SMT-based approach for Quantitative Information FlowQuoc-Sang Phan
 
Self-composition by Symbolic Execution
Self-composition by Symbolic ExecutionSelf-composition by Symbolic Execution
Self-composition by Symbolic ExecutionQuoc-Sang Phan
 
Symbolic Quantitative Information Flow
Symbolic Quantitative Information FlowSymbolic Quantitative Information Flow
Symbolic Quantitative Information FlowQuoc-Sang Phan
 

More from Quoc-Sang Phan (7)

Model-counting Approaches For Nonlinear Numerical Constraints
Model-counting Approaches For Nonlinear Numerical ConstraintsModel-counting Approaches For Nonlinear Numerical Constraints
Model-counting Approaches For Nonlinear Numerical Constraints
 
Quantifying Information Leaks via Model Counting Modulo Theories
Quantifying Information Leaks via Model Counting Modulo TheoriesQuantifying Information Leaks via Model Counting Modulo Theories
Quantifying Information Leaks via Model Counting Modulo Theories
 
Concurrent Bounded Model Checking
Concurrent Bounded Model CheckingConcurrent Bounded Model Checking
Concurrent Bounded Model Checking
 
Symbolic Execution as DPLL Modulo Theories
Symbolic Execution as DPLL Modulo TheoriesSymbolic Execution as DPLL Modulo Theories
Symbolic Execution as DPLL Modulo Theories
 
Towards an SMT-based approach for Quantitative Information Flow
Towards an SMT-based approach for Quantitative Information FlowTowards an SMT-based approach for Quantitative Information Flow
Towards an SMT-based approach for Quantitative Information Flow
 
Self-composition by Symbolic Execution
Self-composition by Symbolic ExecutionSelf-composition by Symbolic Execution
Self-composition by Symbolic Execution
 
Symbolic Quantitative Information Flow
Symbolic Quantitative Information FlowSymbolic Quantitative Information Flow
Symbolic Quantitative Information Flow
 

Recently uploaded

Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCRStunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCRDelhi Call girls
 
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral Analysis
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral AnalysisRaman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral Analysis
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral AnalysisDiwakar Mishra
 
Botany 4th semester file By Sumit Kumar yadav.pdf
Botany 4th semester file By Sumit Kumar yadav.pdfBotany 4th semester file By Sumit Kumar yadav.pdf
Botany 4th semester file By Sumit Kumar yadav.pdfSumit Kumar yadav
 
Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.aasikanpl
 
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSpermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSarthak Sekhar Mondal
 
Orientation, design and principles of polyhouse
Orientation, design and principles of polyhouseOrientation, design and principles of polyhouse
Orientation, design and principles of polyhousejana861314
 
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...Sérgio Sacani
 
Unlocking the Potential: Deep dive into ocean of Ceramic Magnets.pptx
Unlocking the Potential: Deep dive into ocean of Ceramic Magnets.pptxUnlocking the Potential: Deep dive into ocean of Ceramic Magnets.pptx
Unlocking the Potential: Deep dive into ocean of Ceramic Magnets.pptxanandsmhk
 
Cultivation of KODO MILLET . made by Ghanshyam pptx
Cultivation of KODO MILLET . made by Ghanshyam pptxCultivation of KODO MILLET . made by Ghanshyam pptx
Cultivation of KODO MILLET . made by Ghanshyam pptxpradhanghanshyam7136
 
Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...
Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...
Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...jana861314
 
Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...
Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...
Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...anilsa9823
 
Animal Communication- Auditory and Visual.pptx
Animal Communication- Auditory and Visual.pptxAnimal Communication- Auditory and Visual.pptx
Animal Communication- Auditory and Visual.pptxUmerFayaz5
 
Natural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsNatural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsAArockiyaNisha
 
Analytical Profile of Coleus Forskohlii | Forskolin .pdf
Analytical Profile of Coleus Forskohlii | Forskolin .pdfAnalytical Profile of Coleus Forskohlii | Forskolin .pdf
Analytical Profile of Coleus Forskohlii | Forskolin .pdfSwapnil Therkar
 
Types of different blotting techniques.pptx
Types of different blotting techniques.pptxTypes of different blotting techniques.pptx
Types of different blotting techniques.pptxkhadijarafiq2012
 
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡anilsa9823
 
Caco-2 cell permeability assay for drug absorption
Caco-2 cell permeability assay for drug absorptionCaco-2 cell permeability assay for drug absorption
Caco-2 cell permeability assay for drug absorptionPriyansha Singh
 
Presentation Vikram Lander by Vedansh Gupta.pptx
Presentation Vikram Lander by Vedansh Gupta.pptxPresentation Vikram Lander by Vedansh Gupta.pptx
Presentation Vikram Lander by Vedansh Gupta.pptxgindu3009
 

Recently uploaded (20)

Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCRStunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
 
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral Analysis
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral AnalysisRaman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral Analysis
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral Analysis
 
Botany 4th semester file By Sumit Kumar yadav.pdf
Botany 4th semester file By Sumit Kumar yadav.pdfBotany 4th semester file By Sumit Kumar yadav.pdf
Botany 4th semester file By Sumit Kumar yadav.pdf
 
Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
 
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSpermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
 
Orientation, design and principles of polyhouse
Orientation, design and principles of polyhouseOrientation, design and principles of polyhouse
Orientation, design and principles of polyhouse
 
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
 
Unlocking the Potential: Deep dive into ocean of Ceramic Magnets.pptx
Unlocking the Potential: Deep dive into ocean of Ceramic Magnets.pptxUnlocking the Potential: Deep dive into ocean of Ceramic Magnets.pptx
Unlocking the Potential: Deep dive into ocean of Ceramic Magnets.pptx
 
Cultivation of KODO MILLET . made by Ghanshyam pptx
Cultivation of KODO MILLET . made by Ghanshyam pptxCultivation of KODO MILLET . made by Ghanshyam pptx
Cultivation of KODO MILLET . made by Ghanshyam pptx
 
Engler and Prantl system of classification in plant taxonomy
Engler and Prantl system of classification in plant taxonomyEngler and Prantl system of classification in plant taxonomy
Engler and Prantl system of classification in plant taxonomy
 
Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...
Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...
Traditional Agroforestry System in India- Shifting Cultivation, Taungya, Home...
 
Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...
Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...
Lucknow 💋 Russian Call Girls Lucknow Finest Escorts Service 8923113531 Availa...
 
Animal Communication- Auditory and Visual.pptx
Animal Communication- Auditory and Visual.pptxAnimal Communication- Auditory and Visual.pptx
Animal Communication- Auditory and Visual.pptx
 
Natural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsNatural Polymer Based Nanomaterials
Natural Polymer Based Nanomaterials
 
Analytical Profile of Coleus Forskohlii | Forskolin .pdf
Analytical Profile of Coleus Forskohlii | Forskolin .pdfAnalytical Profile of Coleus Forskohlii | Forskolin .pdf
Analytical Profile of Coleus Forskohlii | Forskolin .pdf
 
Types of different blotting techniques.pptx
Types of different blotting techniques.pptxTypes of different blotting techniques.pptx
Types of different blotting techniques.pptx
 
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
CALL ON ➥8923113531 🔝Call Girls Kesar Bagh Lucknow best Night Fun service 🪡
 
9953056974 Young Call Girls In Mahavir enclave Indian Quality Escort service
9953056974 Young Call Girls In Mahavir enclave Indian Quality Escort service9953056974 Young Call Girls In Mahavir enclave Indian Quality Escort service
9953056974 Young Call Girls In Mahavir enclave Indian Quality Escort service
 
Caco-2 cell permeability assay for drug absorption
Caco-2 cell permeability assay for drug absorptionCaco-2 cell permeability assay for drug absorption
Caco-2 cell permeability assay for drug absorption
 
Presentation Vikram Lander by Vedansh Gupta.pptx
Presentation Vikram Lander by Vedansh Gupta.pptxPresentation Vikram Lander by Vedansh Gupta.pptx
Presentation Vikram Lander by Vedansh Gupta.pptx
 

Quantifying Information Leaks using Reliability Analysis

  • 1. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Quantifying Information Leaks using Reliability Analysis Q. Sang Phan∗, Pasquale Malacaria∗, Corina S. P˘as˘areanu†, and Marcelo d’Amorim‡ ∗Queen Mary University of London, UK †Carnegie Mellon Silicon Valley and NASA Ames, USA ‡Federal University of Pernambuco, Brazil July 23, 2014 1 / 18
  • 2. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Information Flow Quantitative Information Flow Information Flow Secret input (H) Public input (L) Program P Public Output (O) Non-interference Public input (L) Program P Secret input (H) Information leaked Public Output (O) √ ? 2 / 18
  • 3. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Information Flow Quantitative Information Flow Information Flow What violates non-interference? Information flow from variable H to variable O Direct flow (explicit flow) O = H - 10; Indirect flow (implicit flow) if (H > 3) O = 3; else O = 100; 3 / 18
  • 4. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Information Flow Quantitative Information Flow Information Flow What violates non-interference? Information flow from variable H to variable O Direct flow (explicit flow) O = H - 10; Indirect flow (implicit flow) if (H > 3) O = 3; else O = 100; Approaches to non-interference: Type systems: suffer from false positives, e.g. O = H - H; Taint analysis: suffer from false positives and false negatives. Self-composition: precise (but more expensive). 3 / 18
  • 5. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Information Flow Quantitative Information Flow Information Flow Non-interference is often unachievable. 4 / 18
  • 6. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Information Flow Quantitative Information Flow Information Flow Non-interference is often unachievable. int check(int H, int L){ int O; if (L == H) O = ACCEPT; else O = REJECT; return O; } password check Secret input (H) Public input (L) Program P Public Output (O) Non-interference Public input (L) Program P Secret input (H) Information leaked Public Output (O) √ ? 4 / 18
  • 7. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Information Flow Quantitative Information Flow Information Flow Non-interference is often unachievable. int check(int H, int L){ int O; if (L == H) O = ACCEPT; else O = REJECT; return O; } password check Secret input (H) Public input (L) Program P Public Output (O) Non-interference Public input (L) Program P Secret input (H) Information leaked Public Output (O) √ ? Non-interference: Does it leak information? Quantitative Information Flow: “How much” does it leak? 4 / 18
  • 8. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Information Flow Quantitative Information Flow Quantitative Information Flow Adversary tries to infer H from L and O H L O f Leaks = Secrecy before observing - Secrecy after observing 5 / 18
  • 9. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Information Flow Quantitative Information Flow Quantitative Information Flow Adversary tries to infer H from L and O H L O f Leaks = Secrecy before observing - Secrecy after observing Formal definition XH, XL, XO: distributions of H, L, O. E (entropy): function measuring secrecy. ∆E (XH) = E(XH) − E(XH|XL = l, XO) 5 / 18
  • 10. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Information Flow Quantitative Information Flow Quantitative Information Flow ∆E (XH) = E(XH) − E(XH|XL = l, XO) Theorem of Channel Capacity ∆E (XH) ≤ log2(|O|) has been proved in the case: E is Shannon entropy (Malacaria and Chen 2008) E is R´enyi’s min-entropy (Smith 2009) holds for all possible distributions of XH. is basis of state-of-the-art techniques for Quantitative Information Flow analysis. 6 / 18
  • 11. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation State of the art What can’t be avoided: Input: program P, inputs classified as H and L (Output: P leaks maximum k bits) What users have to do? (Heusser and Malacaria 2010): write a driver following a template. (Meng and Smith 2011), (Meng and Smith 2013): manually transform the program into bit vector predicates. (Klebanov 2012): provide hypothesis, loop invariants etc for the interactive theorem prover. . . . This work: automated. 7 / 18
  • 12. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation QILURA Program Symbolic PathFinder Labeling Procedure Z3 Omega Quantifying Procedure Latte Input labels k bits 8 / 18
  • 13. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation Preliminaries P = (Σ, I, F, T) A symbolic path ρ of P: ρ = σ0σ1..σn σ0 ∈ I; σn ∈ F, σi , σi+1 ∈ T for all i ∈ {0, . . . , n − 1} Semantics of P: the set R of all symbolic paths ρi Define the functions: init(ρ) = σ0; fin(ρ) = σn #in(ρ): the number of inputs that go to path ρ. #out(ρ): the number of outputs that go out from the path ρ. Denote by X|y the value of the variable X at the symbolic state y (i.e. y : X → X|y ) 9 / 18
  • 14. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation Symbolic PathFinder Take symbols as inputs instead of concrete data. Build path condition pci ≡ ci (α, β) for each symbolic path ρi . Execute program P with H = α and L = β O =    f1(α, β) if c1(α, β) f2(α, β) if c2(α, β) . . . . . . fm(α, β) if cm(α, β)    For the symbolic path ρi with final state σi ∈ F O|σi = fi (α, β) Define a function: path(ρi ) = ci (α, β) 10 / 18
  • 15. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation Illustrative Example int sanityCheck(int H){ int base = 8, O; if (H < 16) O = base + H; else O = base; return O; } Sanity check Running Symbolic Execution on the program with H = α, there are two symbolic paths: ρ1 : O|fin(ρ1) = α + 8, and c1(α) = α < 16 ρ2 : O|fin(ρ2) = 8, and c2(α) = ¬(α < 16) 11 / 18
  • 16. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation Labeling Procedure Self-composition P : copy of P with all variable renamed: H, L, O → H , L , O The following Hoare triple guarantees non-interference {L = L }P; P {O = O } 12 / 18
  • 17. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation Labeling Procedure Self-composition P : copy of P with all variable renamed: H, L, O → H , L , O The following Hoare triple guarantees non-interference {L = L }P; P {O = O } Suppose we run Symbolic Execution on P; P with H = α; H = α1; L = L = β The symbolic semantics of P and P is R and R Fine-grained Self-composition by Symbolic Execution ∀ρ ∈ R, ρ ∈ R .path(ρ) ∧ path(ρ ) → O|fin(ρ) = O |fin(ρ ) 12 / 18
  • 18. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation Illustrative Example ρ1 : O|fin(ρ1) = α + 8, and c1(α) = α < 16 ρ2 : O|fin(ρ2) = 8, and c2(α) = ¬(α < 16) Program P also has two symbolic path ρ1, ρ2. There are 3 possible combinations: ρ1, ρ1 (α < 16 ∧ α1 < 16 → α + 8 = α1 + 8) : INVALID ρ2, ρ2 (¬(α < 16) ∧ ¬(α1 < 16) → 8 = 8) : VALID ρ1, ρ2 (α < 16 ∧ ¬(α1 < 16)) → α + 8 = 8 : INVALID ⇒ ρ1 is direct flow, ρ2 is in indirect flow. 13 / 18
  • 19. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation Quantifying Procedure CC(P) ≤ log2(Σ#out(ρc) + Σ#out(ρi ) + Σ#out(ρd )) Σ#out(ρc) = 1. Σ#out(ρi ) is the number of indirect paths ρi . Only Σ#out(ρd ) needs to be computed. 14 / 18
  • 20. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation Quantifying Procedure CC(P) ≤ log2(Σ#out(ρc) + Σ#out(ρi ) + Σ#out(ρd )) Σ#out(ρc) = 1. Σ#out(ρi ) is the number of indirect paths ρi . Only Σ#out(ρd ) needs to be computed. Reliability Analysis in Symbolic PathFinder. Filieri, P˘as˘areanu and Visser. ICSE 2013. Compute #in(ρ) for each ρ Program as a function: #out(ρd ) ≤ #in(ρd ) 14 / 18
  • 21. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation Illustrative Example Direct flow ρ1 : O|fin(ρ1) = α + 8, and c1(α) = α < 16 Indirect flow ρ2 : O|fin(ρ2) = 8, and c2(α) = ¬(α < 16) Σ#out(ρi ) = 1. Σ#out(ρd ) ≤ Σ#in(ρd ) Reliability Analysis engine: Σ#in(ρd ) = 16 ⇒ CC(P) ≤ log2(17) = 4.09 15 / 18
  • 22. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Symbolic PathFinder Labeling Procedure Quantifying Procedure Preliminary Evaluation Preliminary Evaluation Case Study jpf-qif QILURA BitPattern Capacity Time Bound Time Bound Time No Flow 0 2.304 0 0.790 - - Sanity check 1 4 45.324 4.09 1.066 4 0.036 Sanity check 2 4 35.346 4.09 1.049 4.59 0.203 Implicit Flow 2.81 0.897 3 0.796 3 0.011 Electronic Purse 2 1.169 2.32 0.854 2 0.157 Ten random outputs 3.32 1.050 3.32 0.814 18.645 0.224 16 / 18
  • 23. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION Conclusions QILURA: a fully automated tool to quantify leaks in Java bytecode. Two-steps analysis: Fine-grained self-composition to label paths. Reliability analysis engine to quantify inputs in each path. Download: https://github.com/qif/jpf-qilura 17 / 18
  • 24. INFORMATION-LOW LEAKS QUANTIFYING LEAKS USING RELIABILITY ANALYSIS CONCLUSION THANK YOU FOR YOUR ATTENTION! 18 / 18