Quantitative Information Flow for Scheduler-Dependent Systems
This work addresses information flow security for scheduler-dependent systems, offering incremental improvements by extending prior compositional analyses to include scheduling and observer imperfections.
The paper tackles the problem of quantifying information leakage in composed systems by considering how scheduling and observation capabilities affect leakage, showing that scheduling can hide information from perfect observers or reveal it to imperfect ones, and presents an algorithm to construct a scheduler that minimizes min-entropy leakage and min-capacity.
Quantitative information flow analyses measure how much information on secrets is leaked by publicly observable outputs. One area of interest is to quantify and estimate the information leakage of composed systems. Prior work has focused on running disjoint component systems in parallel and reasoning about the leakage compositionally, but has not explored how the component systems are run in parallel or how the leakage of composed systems can be minimised. In this paper we consider the manner in which parallel systems can be combined or scheduled. This considers the effects of scheduling channels where resources may be shared, or whether the outputs may be incrementally observed. We also generalise the attacker's capability, of observing outputs of the system, to consider attackers who may be imperfect in their observations, e.g. when outputs may be confused with one another, or when assessing the time taken for an output to appear. Our main contribution is to present how scheduling and observation effect information leakage properties. In particular, that scheduling can hide some leaked information from perfect observers, while some scheduling may reveal secret information that is hidden to imperfect observers. In addition we present an algorithm to construct a scheduler that minimises the min-entropy leakage and min-capacity in the presence of any observer.