Abstract
Quantitative security analysis evaluates and compares how effectively a system protects its secret data. We introduce QUAIL, the first tool able to perform an arbitrary-precision quantitative analysis of the security of a system depending on private information. QUAIL builds a Markov Chain model of the system's behavior as observed by an attacker, and computes the correlation between the system's observable output and the behavior depending on the private information, obtaining the expected amount of bits of the secret that the attacker will infer by observing the system. QUAIL is able to evaluate the safety of randomized protocols depending on secret data, allowing to verify a security protocol's effectiveness. We experiment with a few examples and show that QUAIL's security analysis is more accurate and revealing than results of other tools. © 2013 Springer-Verlag.
Cite
CITATION STYLE
Biondi, F., Legay, A., Traonouez, L. M., & Wa̧sowski, A. (2013). QUAIL: A quantitative security analyzer for imperative code. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8044 LNCS, pp. 702–707). https://doi.org/10.1007/978-3-642-39799-8_49
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
