SlideShare a Scribd company logo
Computing Information Flow Using
Symbolic Model-Checking
10 avril 2018
Introduction
Literature review
Background
Leakage in non-probabilistic programs
Demo
Experimental results
Conclusion and future work
Introduction
Literature review
Background
Leakage in non-probabilistic programs
Demo
Experimental results
Conclusion and future work
Introduction
Information Leakage :
I Information about the secret inputs using publicly observable
outputs
I Outputs independent of inputs =⇒ No leakage
I Unique input corresponding to given output =⇒ Full leakage
The quantitative information flow bounding problem and the
quantitative information flow comparison problem for Boolean
programs are PSPACE-complete .
Introduction
Literature review
Background
Leakage in non-probabilistic programs
Demo
Experimental results
Conclusion and future work
Literature review
I .[M. Backes , al] - S&P 2009 . DisQuant :
Automatic discovery and quantification of information leaks
I .[Heusser , al] - ACSAC 2010 . selfcomp :
Quantifying Information Leaks in Software
I .[Quoc-Sang Phan , al ] - ACM SIGSOFT 2012. jpf-qif :
Symbolic Quantitative Information Flow
I .[Quoc-Sang Phan , al ] - ASIACCS 2014. sqifc :
Abstract model counting : a novel approach for quantification
of information leaks.
I .[Rohit Chadha , al] - FSTTCS 2014. Moped-QLeak :
Computing Information Flow Using Symbolic Model-Checking
Introduction
Literature review
Background
Leakage in non-probabilistic programs
Demo
Experimental results
Conclusion and future work
Symbolic Model-Checking
Model Checking :
I Exhaustive search of the state space of the system .
I Disadvantage : State Explosion Problem
Symbolic Model Checking :
I uses boolean encoding for state machine and sets of states.
I BDDs used to represent boolean functions .
Boolean programs
I Global variables G : Input and output
I Local variables : Internal calculations
I Program statements : transform global and local variables
I For Program P, Fp : 2G 7−→ 2G ∪ {⊥}
I Fp( ¯
g0) = ⊥ : P does not terminate ¯
g0
Binary decision diagrams (BDDs)
I Set of variables V = {x, y, z} with the order x < y < z
I f (x, y, z) = x → (y ↔ z)
I BDDs are data structures for storing elements : 2G −→ {0, 1}
Unreduced decision diagram (left) and corresponding BDD (right)
Algebraic Decision Diagrams (ADDs)
I Set of variables V
I ADD : 2G −→ M (M = R)
I BDDs + real values on the terminal nodes
I BDDs as 0/1-ADDs
ADD (right) and its reduced form (left)
Fixed-point
Consider the complete lattice (2G , ⊆)
Consider a function f : 2S 7−→ 2S
X ∈ 2S is fixed point of f ⇐⇒ f (X) = X
X is least fixed point of f if for every fixed point Y , X ⊆ Y
Theorem (Tarski-knaster)
Consider a function f : 2S 7−→ 2S that is monotonic
X ⊆ Y then f (X) ⊆ f (Y )
Consider the sequence :
X0 = ∅
X1 = f (X0)
X2 = f (X1)... This eventually converge to the least fixed point
Information leakage in programs
1. Min-entropy leakage measures vulnerability of the secret
inputs to being guessed correctly in a single attempt of the
adversary
MEU(P) = log
P
o∈O maxs∈S µ(S = s|O = o)
2. Shannon entropy leakage measures expected number of
guesses required to correctly guess the secret input
SEU(P) = log|S| − 1
|S|
P
o∈O |P−1(o)|log(|P−1(o)|)
Introduction
Literature review
Background
Leakage in non-probabilistic programs
Demo
Experimental results
Conclusion and future work
Definition (Summary of a Program)
Let P be a program with G = {x1, ..., xn} as the set of global
variables. Let G0 = {x0
1, ..., x0
n} and G ∩ G0 = ∅.
The summary of P , denoted TP , is a function
TP : 2(G∪G0) → {0, 1}
such that for every z1, ..., zn, z0
1, ..., z0
n ∈ {true, false}, we have
TP(z1, ..., zn, z0
1, ..., z0
n) = 1 ⇐⇒ P(z1, ..., zn) = (z0
1, ..., z0
n).
Example : Boolean program Pex with global variables : s1, s2, o1
and o2.
o1 = false ; o2 = false ;
while s1 ;
o1 = false ; o2 = s2 ;
s1 = false ; s2 = false ;
Assuming the order s1 < s0
1 < s2 < s0
2 < o1 < o0
1 < o2 < o0
2 :
Pex is shown as a 0/1-ADD :
Leakage measured using min-entropy
Let post(2G ) = { ¯
g0 ∈ 2G |∃ḡ ∈ 2G .P(ḡ) = ¯
g0}.
If P terminates on all inputs then the min-entropy leakage : is
log(|post(2G )|) .
otherwise it is log(|post(2G )| + 1)
Lemma
Let Tout,P = orAbstract(G, TP) ∧ Tterm,P = orAbstract(G0, TP).
1. |post(2G )| = val(abstract(+, G0, Tout,P)).
2. P terminates on every input iff
isConst(Tterm,P) and val(Tterm,P) = 1.
Leakage measured using min-entropy
The ADD representing Tout,P : the set of all possible outputs of P
.
Algorithm : Symbolic computation of min-entropy leakage
Leakage measured using Shannon entropy
Two possible outputs =⇒ We need to compute :
P
¯
g0∈2G0 |P−1( ¯
g0)|log|P−1( ¯
g0)| + |P−1(⊥)|log|P−1(⊥)|
.
The ADD Teq−size,P : The ADD Tnon−term,P :
Algorithm :Symbolic computation of Shannon-entropy
leakage
Introduction
Literature review
Background
Leakage in non-probabilistic programs
Demo
Experimental results
Conclusion and future work
Example : Sum Query
Input language : Remopla
Instructions for running
Introduction
Literature review
Background
Leakage in non-probabilistic programs
Demo
Experimental results
Conclusion and future work
Examples used for evaluation
Introduction
Literature review
Background
Leakage in non-probabilistic programs
Demo
Experimental results
Conclusion and future work
Conclusion and future work
I Symbolic algorithms for measuring information leakage
I Integrable in any BDD based reachability analysis tool
I Summary calculation is the overhead - BDD size (algebraic
operations) and variable orderings
I future work :
I ProPed :Support recursive programs
I Other symbolic verification approaches : CEGAR
(Counterexample Guided Abstraction Refinement )
References
R. Chadha, U. Mathur, S. Schwoon
Computing Information Flow Using Symbolic Model Checking
Foundations of Software Technology and Theoretical
Computer Science (FSTTCS), 2014
.
Moped QLeak : https://sites.google.com/site/mopedqleak
Presented By : LOTFI LARBAOUI

More Related Content

What's hot

TMPA-2017: Generating Cost Aware Covering Arrays For Free
TMPA-2017: Generating Cost Aware Covering Arrays For Free TMPA-2017: Generating Cost Aware Covering Arrays For Free
TMPA-2017: Generating Cost Aware Covering Arrays For Free
Iosif Itkin
 
Algorithm And analysis Lecture 03& 04-time complexity.
 Algorithm And analysis Lecture 03& 04-time complexity. Algorithm And analysis Lecture 03& 04-time complexity.
Algorithm And analysis Lecture 03& 04-time complexity.
Tariq Khan
 
Complexity analysis in Algorithms
Complexity analysis in AlgorithmsComplexity analysis in Algorithms
Complexity analysis in Algorithms
Daffodil International University
 
Algorithm.ppt
Algorithm.pptAlgorithm.ppt
Algorithm.ppt
Tareq Hasan
 
digital signal-processing-lab-manual
digital signal-processing-lab-manualdigital signal-processing-lab-manual
digital signal-processing-lab-manual
Ahmed Alshomi
 
Complexity of Algorithm
Complexity of AlgorithmComplexity of Algorithm
Complexity of Algorithm
Muhammad Muzammal
 
Digital signal Processing all matlab code with Lab report
Digital signal Processing all matlab code with Lab report Digital signal Processing all matlab code with Lab report
Digital signal Processing all matlab code with Lab report
Alamgir Hossain
 
Circular convolution Using DFT Matlab Code
Circular convolution Using DFT Matlab CodeCircular convolution Using DFT Matlab Code
Circular convolution Using DFT Matlab Code
Bharti Airtel Ltd.
 
Algorithm Analyzing
Algorithm AnalyzingAlgorithm Analyzing
Algorithm Analyzing
Haluan Irsad
 
Dsp manual
Dsp manualDsp manual
Introduction to Algorithms
Introduction to AlgorithmsIntroduction to Algorithms
Introduction to Algorithms
Venkatesh Iyer
 
DFT and IDFT Matlab Code
DFT and IDFT Matlab CodeDFT and IDFT Matlab Code
DFT and IDFT Matlab Code
Bharti Airtel Ltd.
 
Symbolic Execution as DPLL Modulo Theories
Symbolic Execution as DPLL Modulo TheoriesSymbolic Execution as DPLL Modulo Theories
Symbolic Execution as DPLL Modulo Theories
Quoc-Sang Phan
 
Digital Signal Processing Lab Manual
Digital Signal Processing Lab Manual Digital Signal Processing Lab Manual
Digital Signal Processing Lab Manual
Amairullah Khan Lodhi
 
Asymptotic Notation
Asymptotic NotationAsymptotic Notation
Asymptotic Notation
sohelranasweet
 
Introduction to Algorithms and Asymptotic Notation
Introduction to Algorithms and Asymptotic NotationIntroduction to Algorithms and Asymptotic Notation
Introduction to Algorithms and Asymptotic Notation
Amrinder Arora
 
Asymptotics 140510003721-phpapp02
Asymptotics 140510003721-phpapp02Asymptotics 140510003721-phpapp02
Asymptotics 140510003721-phpapp02
mansab MIRZA
 
Time and space complexity
Time and space complexityTime and space complexity
Time and space complexity
Ankit Katiyar
 
Dsp lab manual
Dsp lab manualDsp lab manual
Dsp lab manual
Mukul Mohal
 
Fundamentals of the Analysis of Algorithm Efficiency
Fundamentals of the Analysis of Algorithm EfficiencyFundamentals of the Analysis of Algorithm Efficiency
Fundamentals of the Analysis of Algorithm Efficiency
Saranya Natarajan
 

What's hot (20)

TMPA-2017: Generating Cost Aware Covering Arrays For Free
TMPA-2017: Generating Cost Aware Covering Arrays For Free TMPA-2017: Generating Cost Aware Covering Arrays For Free
TMPA-2017: Generating Cost Aware Covering Arrays For Free
 
Algorithm And analysis Lecture 03& 04-time complexity.
 Algorithm And analysis Lecture 03& 04-time complexity. Algorithm And analysis Lecture 03& 04-time complexity.
Algorithm And analysis Lecture 03& 04-time complexity.
 
Complexity analysis in Algorithms
Complexity analysis in AlgorithmsComplexity analysis in Algorithms
Complexity analysis in Algorithms
 
Algorithm.ppt
Algorithm.pptAlgorithm.ppt
Algorithm.ppt
 
digital signal-processing-lab-manual
digital signal-processing-lab-manualdigital signal-processing-lab-manual
digital signal-processing-lab-manual
 
Complexity of Algorithm
Complexity of AlgorithmComplexity of Algorithm
Complexity of Algorithm
 
Digital signal Processing all matlab code with Lab report
Digital signal Processing all matlab code with Lab report Digital signal Processing all matlab code with Lab report
Digital signal Processing all matlab code with Lab report
 
Circular convolution Using DFT Matlab Code
Circular convolution Using DFT Matlab CodeCircular convolution Using DFT Matlab Code
Circular convolution Using DFT Matlab Code
 
Algorithm Analyzing
Algorithm AnalyzingAlgorithm Analyzing
Algorithm Analyzing
 
Dsp manual
Dsp manualDsp manual
Dsp manual
 
Introduction to Algorithms
Introduction to AlgorithmsIntroduction to Algorithms
Introduction to Algorithms
 
DFT and IDFT Matlab Code
DFT and IDFT Matlab CodeDFT and IDFT Matlab Code
DFT and IDFT Matlab Code
 
Symbolic Execution as DPLL Modulo Theories
Symbolic Execution as DPLL Modulo TheoriesSymbolic Execution as DPLL Modulo Theories
Symbolic Execution as DPLL Modulo Theories
 
Digital Signal Processing Lab Manual
Digital Signal Processing Lab Manual Digital Signal Processing Lab Manual
Digital Signal Processing Lab Manual
 
Asymptotic Notation
Asymptotic NotationAsymptotic Notation
Asymptotic Notation
 
Introduction to Algorithms and Asymptotic Notation
Introduction to Algorithms and Asymptotic NotationIntroduction to Algorithms and Asymptotic Notation
Introduction to Algorithms and Asymptotic Notation
 
Asymptotics 140510003721-phpapp02
Asymptotics 140510003721-phpapp02Asymptotics 140510003721-phpapp02
Asymptotics 140510003721-phpapp02
 
Time and space complexity
Time and space complexityTime and space complexity
Time and space complexity
 
Dsp lab manual
Dsp lab manualDsp lab manual
Dsp lab manual
 
Fundamentals of the Analysis of Algorithm Efficiency
Fundamentals of the Analysis of Algorithm EfficiencyFundamentals of the Analysis of Algorithm Efficiency
Fundamentals of the Analysis of Algorithm Efficiency
 

Similar to Computing Information Flow Using Symbolic-Model-Checking_.pdf

Madrid easy
Madrid easyMadrid easy
Madrid easy
Sebastien Destercke
 
Quantifying Information Leaks via Model Counting Modulo Theories
Quantifying Information Leaks via Model Counting Modulo TheoriesQuantifying Information Leaks via Model Counting Modulo Theories
Quantifying Information Leaks via Model Counting Modulo Theories
Quoc-Sang Phan
 
Efficient Volume and Edge-Skeleton Computation for Polytopes Given by Oracles
Efficient Volume and Edge-Skeleton Computation for Polytopes Given by OraclesEfficient Volume and Edge-Skeleton Computation for Polytopes Given by Oracles
Efficient Volume and Edge-Skeleton Computation for Polytopes Given by Oracles
Vissarion Fisikopoulos
 
Anlysis and design of algorithms part 1
Anlysis and design of algorithms part 1Anlysis and design of algorithms part 1
Anlysis and design of algorithms part 1
Deepak John
 
Time complexity.ppt
Time complexity.pptTime complexity.ppt
Time complexity.ppt
YekoyeTigabuYeko
 
chapter1.ppt
chapter1.pptchapter1.ppt
chapter1.ppt
ebinazer1
 
Lec03 04-time complexity
Lec03 04-time complexityLec03 04-time complexity
Lec03 04-time complexity
Abbas Ali
 
Crystal Ball Event Prediction and Log Analysis with Hadoop MapReduce and Spark
Crystal Ball Event Prediction and Log Analysis with Hadoop MapReduce and SparkCrystal Ball Event Prediction and Log Analysis with Hadoop MapReduce and Spark
Crystal Ball Event Prediction and Log Analysis with Hadoop MapReduce and Spark
Jivan Nepali
 
Optimal L-shaped matrix reordering, aka graph's core-periphery
Optimal L-shaped matrix reordering, aka graph's core-peripheryOptimal L-shaped matrix reordering, aka graph's core-periphery
Optimal L-shaped matrix reordering, aka graph's core-periphery
Francesco Tudisco
 
Lecture 2 data structures and algorithms
Lecture 2 data structures and algorithmsLecture 2 data structures and algorithms
Lecture 2 data structures and algorithms
Aakash deep Singhal
 
01 EC 7311-Module IV.pptx
01 EC 7311-Module IV.pptx01 EC 7311-Module IV.pptx
01 EC 7311-Module IV.pptx
VSUDHEER4
 
Asymptotic notation
Asymptotic notationAsymptotic notation
Asymptotic notation
sajinis3
 
Asymptotic Notation and Complexity
Asymptotic Notation and ComplexityAsymptotic Notation and Complexity
Asymptotic Notation and Complexity
Rajandeep Gill
 
analysis.ppt
analysis.pptanalysis.ppt
analysis.ppt
AarushSharma69
 
Cs6402 daa-2 marks set 1
Cs6402 daa-2 marks set 1Cs6402 daa-2 marks set 1
Cs6402 daa-2 marks set 1
Vai Jayanthi
 
Probability cheatsheet
Probability cheatsheetProbability cheatsheet
Probability cheatsheet
Suvrat Mishra
 
module1_Introductiontoalgorithms_2022.pdf
module1_Introductiontoalgorithms_2022.pdfmodule1_Introductiontoalgorithms_2022.pdf
module1_Introductiontoalgorithms_2022.pdf
Shiwani Gupta
 
1.algorithms
1.algorithms1.algorithms
1.algorithms
Chandan Singh
 
Nbvtalkatbzaonencryptionpuzzles
NbvtalkatbzaonencryptionpuzzlesNbvtalkatbzaonencryptionpuzzles
Nbvtalkatbzaonencryptionpuzzles
Nagasuri Bala Venkateswarlu
 
Nbvtalkatbzaonencryptionpuzzles
NbvtalkatbzaonencryptionpuzzlesNbvtalkatbzaonencryptionpuzzles
Nbvtalkatbzaonencryptionpuzzles
Nagasuri Bala Venkateswarlu
 

Similar to Computing Information Flow Using Symbolic-Model-Checking_.pdf (20)

Madrid easy
Madrid easyMadrid easy
Madrid easy
 
Quantifying Information Leaks via Model Counting Modulo Theories
Quantifying Information Leaks via Model Counting Modulo TheoriesQuantifying Information Leaks via Model Counting Modulo Theories
Quantifying Information Leaks via Model Counting Modulo Theories
 
Efficient Volume and Edge-Skeleton Computation for Polytopes Given by Oracles
Efficient Volume and Edge-Skeleton Computation for Polytopes Given by OraclesEfficient Volume and Edge-Skeleton Computation for Polytopes Given by Oracles
Efficient Volume and Edge-Skeleton Computation for Polytopes Given by Oracles
 
Anlysis and design of algorithms part 1
Anlysis and design of algorithms part 1Anlysis and design of algorithms part 1
Anlysis and design of algorithms part 1
 
Time complexity.ppt
Time complexity.pptTime complexity.ppt
Time complexity.ppt
 
chapter1.ppt
chapter1.pptchapter1.ppt
chapter1.ppt
 
Lec03 04-time complexity
Lec03 04-time complexityLec03 04-time complexity
Lec03 04-time complexity
 
Crystal Ball Event Prediction and Log Analysis with Hadoop MapReduce and Spark
Crystal Ball Event Prediction and Log Analysis with Hadoop MapReduce and SparkCrystal Ball Event Prediction and Log Analysis with Hadoop MapReduce and Spark
Crystal Ball Event Prediction and Log Analysis with Hadoop MapReduce and Spark
 
Optimal L-shaped matrix reordering, aka graph's core-periphery
Optimal L-shaped matrix reordering, aka graph's core-peripheryOptimal L-shaped matrix reordering, aka graph's core-periphery
Optimal L-shaped matrix reordering, aka graph's core-periphery
 
Lecture 2 data structures and algorithms
Lecture 2 data structures and algorithmsLecture 2 data structures and algorithms
Lecture 2 data structures and algorithms
 
01 EC 7311-Module IV.pptx
01 EC 7311-Module IV.pptx01 EC 7311-Module IV.pptx
01 EC 7311-Module IV.pptx
 
Asymptotic notation
Asymptotic notationAsymptotic notation
Asymptotic notation
 
Asymptotic Notation and Complexity
Asymptotic Notation and ComplexityAsymptotic Notation and Complexity
Asymptotic Notation and Complexity
 
analysis.ppt
analysis.pptanalysis.ppt
analysis.ppt
 
Cs6402 daa-2 marks set 1
Cs6402 daa-2 marks set 1Cs6402 daa-2 marks set 1
Cs6402 daa-2 marks set 1
 
Probability cheatsheet
Probability cheatsheetProbability cheatsheet
Probability cheatsheet
 
module1_Introductiontoalgorithms_2022.pdf
module1_Introductiontoalgorithms_2022.pdfmodule1_Introductiontoalgorithms_2022.pdf
module1_Introductiontoalgorithms_2022.pdf
 
1.algorithms
1.algorithms1.algorithms
1.algorithms
 
Nbvtalkatbzaonencryptionpuzzles
NbvtalkatbzaonencryptionpuzzlesNbvtalkatbzaonencryptionpuzzles
Nbvtalkatbzaonencryptionpuzzles
 
Nbvtalkatbzaonencryptionpuzzles
NbvtalkatbzaonencryptionpuzzlesNbvtalkatbzaonencryptionpuzzles
Nbvtalkatbzaonencryptionpuzzles
 

Recently uploaded

Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
Alberto Brandolini
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
Peter Muessig
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
dakas1
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
Drona Infotech
 
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
kalichargn70th171
 
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative AnalysisOdoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Envertis Software Solutions
 
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CDKuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
rodomar2
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Julian Hyde
 
Mobile app Development Services | Drona Infotech
Mobile app Development Services  | Drona InfotechMobile app Development Services  | Drona Infotech
Mobile app Development Services | Drona Infotech
Drona Infotech
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
Ayan Halder
 
Malibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed RoundMalibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed Round
sjcobrien
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
XfilesPro
 
What next after learning python programming basics
What next after learning python programming basicsWhat next after learning python programming basics
What next after learning python programming basics
Rakesh Kumar R
 
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
Grant Fritchey
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
Peter Muessig
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
Quickdice ERP
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
Patrick Weigel
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
SOCRadar
 
Top 9 Trends in Cybersecurity for 2024.pptx
Top 9 Trends in Cybersecurity for 2024.pptxTop 9 Trends in Cybersecurity for 2024.pptx
Top 9 Trends in Cybersecurity for 2024.pptx
devvsandy
 

Recently uploaded (20)

Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
 
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
 
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative AnalysisOdoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
 
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CDKuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
 
Mobile app Development Services | Drona Infotech
Mobile app Development Services  | Drona InfotechMobile app Development Services  | Drona Infotech
Mobile app Development Services | Drona Infotech
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
 
Malibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed RoundMalibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed Round
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
 
What next after learning python programming basics
What next after learning python programming basicsWhat next after learning python programming basics
What next after learning python programming basics
 
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
 
Top 9 Trends in Cybersecurity for 2024.pptx
Top 9 Trends in Cybersecurity for 2024.pptxTop 9 Trends in Cybersecurity for 2024.pptx
Top 9 Trends in Cybersecurity for 2024.pptx
 

Computing Information Flow Using Symbolic-Model-Checking_.pdf

  • 1. Computing Information Flow Using Symbolic Model-Checking 10 avril 2018
  • 2. Introduction Literature review Background Leakage in non-probabilistic programs Demo Experimental results Conclusion and future work
  • 3. Introduction Literature review Background Leakage in non-probabilistic programs Demo Experimental results Conclusion and future work
  • 4. Introduction Information Leakage : I Information about the secret inputs using publicly observable outputs I Outputs independent of inputs =⇒ No leakage I Unique input corresponding to given output =⇒ Full leakage The quantitative information flow bounding problem and the quantitative information flow comparison problem for Boolean programs are PSPACE-complete .
  • 5. Introduction Literature review Background Leakage in non-probabilistic programs Demo Experimental results Conclusion and future work
  • 6. Literature review I .[M. Backes , al] - S&P 2009 . DisQuant : Automatic discovery and quantification of information leaks I .[Heusser , al] - ACSAC 2010 . selfcomp : Quantifying Information Leaks in Software I .[Quoc-Sang Phan , al ] - ACM SIGSOFT 2012. jpf-qif : Symbolic Quantitative Information Flow I .[Quoc-Sang Phan , al ] - ASIACCS 2014. sqifc : Abstract model counting : a novel approach for quantification of information leaks. I .[Rohit Chadha , al] - FSTTCS 2014. Moped-QLeak : Computing Information Flow Using Symbolic Model-Checking
  • 7. Introduction Literature review Background Leakage in non-probabilistic programs Demo Experimental results Conclusion and future work
  • 8. Symbolic Model-Checking Model Checking : I Exhaustive search of the state space of the system . I Disadvantage : State Explosion Problem Symbolic Model Checking : I uses boolean encoding for state machine and sets of states. I BDDs used to represent boolean functions .
  • 9. Boolean programs I Global variables G : Input and output I Local variables : Internal calculations I Program statements : transform global and local variables I For Program P, Fp : 2G 7−→ 2G ∪ {⊥} I Fp( ¯ g0) = ⊥ : P does not terminate ¯ g0
  • 10. Binary decision diagrams (BDDs) I Set of variables V = {x, y, z} with the order x < y < z I f (x, y, z) = x → (y ↔ z) I BDDs are data structures for storing elements : 2G −→ {0, 1} Unreduced decision diagram (left) and corresponding BDD (right)
  • 11. Algebraic Decision Diagrams (ADDs) I Set of variables V I ADD : 2G −→ M (M = R) I BDDs + real values on the terminal nodes I BDDs as 0/1-ADDs ADD (right) and its reduced form (left)
  • 12. Fixed-point Consider the complete lattice (2G , ⊆) Consider a function f : 2S 7−→ 2S X ∈ 2S is fixed point of f ⇐⇒ f (X) = X X is least fixed point of f if for every fixed point Y , X ⊆ Y Theorem (Tarski-knaster) Consider a function f : 2S 7−→ 2S that is monotonic X ⊆ Y then f (X) ⊆ f (Y ) Consider the sequence : X0 = ∅ X1 = f (X0) X2 = f (X1)... This eventually converge to the least fixed point
  • 13. Information leakage in programs 1. Min-entropy leakage measures vulnerability of the secret inputs to being guessed correctly in a single attempt of the adversary MEU(P) = log P o∈O maxs∈S µ(S = s|O = o) 2. Shannon entropy leakage measures expected number of guesses required to correctly guess the secret input SEU(P) = log|S| − 1 |S| P o∈O |P−1(o)|log(|P−1(o)|)
  • 14. Introduction Literature review Background Leakage in non-probabilistic programs Demo Experimental results Conclusion and future work
  • 15. Definition (Summary of a Program) Let P be a program with G = {x1, ..., xn} as the set of global variables. Let G0 = {x0 1, ..., x0 n} and G ∩ G0 = ∅. The summary of P , denoted TP , is a function TP : 2(G∪G0) → {0, 1} such that for every z1, ..., zn, z0 1, ..., z0 n ∈ {true, false}, we have TP(z1, ..., zn, z0 1, ..., z0 n) = 1 ⇐⇒ P(z1, ..., zn) = (z0 1, ..., z0 n). Example : Boolean program Pex with global variables : s1, s2, o1 and o2. o1 = false ; o2 = false ; while s1 ; o1 = false ; o2 = s2 ; s1 = false ; s2 = false ;
  • 16. Assuming the order s1 < s0 1 < s2 < s0 2 < o1 < o0 1 < o2 < o0 2 : Pex is shown as a 0/1-ADD :
  • 17. Leakage measured using min-entropy Let post(2G ) = { ¯ g0 ∈ 2G |∃ḡ ∈ 2G .P(ḡ) = ¯ g0}. If P terminates on all inputs then the min-entropy leakage : is log(|post(2G )|) . otherwise it is log(|post(2G )| + 1) Lemma Let Tout,P = orAbstract(G, TP) ∧ Tterm,P = orAbstract(G0, TP). 1. |post(2G )| = val(abstract(+, G0, Tout,P)). 2. P terminates on every input iff isConst(Tterm,P) and val(Tterm,P) = 1.
  • 18. Leakage measured using min-entropy The ADD representing Tout,P : the set of all possible outputs of P .
  • 19. Algorithm : Symbolic computation of min-entropy leakage
  • 20. Leakage measured using Shannon entropy Two possible outputs =⇒ We need to compute : P ¯ g0∈2G0 |P−1( ¯ g0)|log|P−1( ¯ g0)| + |P−1(⊥)|log|P−1(⊥)| . The ADD Teq−size,P : The ADD Tnon−term,P :
  • 21. Algorithm :Symbolic computation of Shannon-entropy leakage
  • 22. Introduction Literature review Background Leakage in non-probabilistic programs Demo Experimental results Conclusion and future work
  • 23.
  • 24. Example : Sum Query Input language : Remopla
  • 26. Introduction Literature review Background Leakage in non-probabilistic programs Demo Experimental results Conclusion and future work
  • 27. Examples used for evaluation
  • 28.
  • 29. Introduction Literature review Background Leakage in non-probabilistic programs Demo Experimental results Conclusion and future work
  • 30. Conclusion and future work I Symbolic algorithms for measuring information leakage I Integrable in any BDD based reachability analysis tool I Summary calculation is the overhead - BDD size (algebraic operations) and variable orderings I future work : I ProPed :Support recursive programs I Other symbolic verification approaches : CEGAR (Counterexample Guided Abstraction Refinement )
  • 31. References R. Chadha, U. Mathur, S. Schwoon Computing Information Flow Using Symbolic Model Checking Foundations of Software Technology and Theoretical Computer Science (FSTTCS), 2014 . Moped QLeak : https://sites.google.com/site/mopedqleak Presented By : LOTFI LARBAOUI