Refining a Quantitative Information Flow Metric
This work addresses a foundational issue in program security analysis for the QIF community, though it is incremental as it refines an existing metric.
The paper tackles the problem of bounding leakage in quantitative information flow analysis by refining an existing metric to align with secret input size rather than counter-intuitive upper bounds, resulting in a clearer association between flow results and exhaustive search effort.
We introduce a new perspective into the field of quantitative information flow (QIF) analysis that invites the community to bound the leakage, reported by QIF quantifiers, by a range consistent with the size of a program's secret input instead of by a mathematically sound (but counter-intuitive) upper bound of that leakage. To substantiate our position, we present a refinement of a recent QIF metric that appears in the literature. Our refinement is based on slight changes we bring into the design of that metric. These changes do not affect the theoretical premises onto which the original metric is laid. However, they enable the natural association between flow results and the exhaustive search effort needed to uncover a program's secret information (or the residual secret part of that information) to be clearly established. The refinement we discuss in this paper validates our perspective and demonstrates its importance in the future design of QIF quantifiers.