Computing Information Flow Using Symbolic Model Checking
Rohit Chadha
University of Missouri
Umang Mathur
UIUC
Stefan Schwoon
LSV, ENS Cachan
October 10, 2015
Outline
No leakage
Full Leakage
Outputs are independent of inputs
Unique input for given output
char* path = getenv("PATH");
...
sprintf(stderr, "cannot find \
exe on path %s\n", path);
try {
...
} catch (Exception e) {
e.printStackTrace();
}
def example1 (input) :
output = input % 8
return output
def example2 (input) :
output = input % 32
return output
Are both the functions below equally desirable in terms of information leakage ?
No ! example1 leaks lesser information than example2
Cryptographers A, B and C dine out together
Payment
C
A
B
NSA
Determine if NSA paid or not without revealing information about cryptographers
2 Stage Protocol:
Every two cryptographers establish a shared 1-bit secret
Each cryptographer publicly announces a bit:
iff
Min-entropy : Vulnerability of the secret inputs to being guessed correctly in a single attempt
Shannon entropy : Expected number of guesses required to correctly guess secret input
Essentially BDDs with possibly many terminals
Formally,
Efficient reduced representations, like ROBDDs
ADD
Reduced form of ADD
Stmt1 :      x = ¬x
Modifications/Optimizations made:
Algebraic Operations
Â
Salient features:
Handles large number of bits (30 bits)
Time taken in milliseconds
Consistently outperforms sqifc (Malacaria et. al)
Download : http://bengal.missouri.edu/~chadhar/mql/
network
voters’ voting preferences with different
types of votingprotocolsProPed = Moped   PRISM    PReMo
Created Using slides.com