Quantitative analysis of information flow using theorem proving

Abstract

Quantitative analysis of information flow is widely used to measure how much information was leaked from the secret inputs to the outputs or public inputs of a program. We propose to conduct the quantitative analysis of information flow within the trusted kernel of a higher-order-logic theorem prover in order to overcome the inaccuracy limitations of traditional analysis techniques used in this domain. For this purpose, we present the formalization of the Kullback-Leibler divergence that can be used as a unified measure of information leakage. Furthermore, we propose two new measures of information leakage, namely the information leakage degree and the conditional information leakage degree. We also formalize the notion of anonymity-based single MIX and use the channel capacity as a measure of information leakage in the MIX. Finally, for illustration purposes, we show how our framework allowed us to find a counter-example for a theorem that was reported in the literature to describe the leakage properties of the anonymity-based single MIX. © 2012 Springer-Verlag.