Other Publications: Bounding Information Leakage by Combining an Interpreter with Model Counting

[stroessner21ma]Tina Maria Strößner, Bounding Information Leakage by Combining an Interpreter with Model Counting, August 2021.


Information flow control (IFC) is the process of analyzing whether an attacker can gain information about sensitive data by observing the outputs of a program. The traditional approach to IFC is qualitative. The focus is on whether the program leaks any information. More relevant for practical purposes is the quantitative approach to IFC, where the aim is to measure how much information the program can leak. Quantitative approaches to IFC are usually classed into one of two categories. Static analyses and dynamic analyses. We present an approach to quantitative information flow control that combines both. Our tool performs a SAT-based analysis of the program, that converts all information flows into propositional formulas. We combine this with a static quantitative IFC tool that is applied to parts of the program, where analyzing every program path is infeasible. We show that the combination of the two approaches can improve the results of the quantitative analysis, compared to purely static or purely dynamic tools.




Authors at the institute

Tina Maria Strößner

Bachelor and Masters theses

Bachelor and Masters theses
Information leakage limiting interpreter