Abstract:
There is growing interest in quantitative theories of information flow in a variety of contexts, such as secure information flow, anonymity protocols, and side-channel analysis. Such theories offer an attractive way of relaxing the standard noninterference properties, which allow absolutely no leakage, by letting us talk about "how much" information is being leaked, and perhaps allowing us to tolerate "small" leaks that are necessary in practice. The emerging consensus is that quantitative information flow should be founded on the concepts of Shannon entropy and mutual information. But, to be useful, a theory of quantitative information flow needs to provide appropriate security guarantees: if the theory says that an attack leaks x bits of secret information, then x should be useful in calculating bounds on the resulting threat. In this talk, we argue that the standard theories actually fail to provide such guarantees. We then propose an alternative foundation based directly on a concept of vulnerability, which is closely related to Bayes risk, and which leads us to measure uncertainty using Renyi's min-entropy, rather than Shannon entropy.

Biography:
Geoffrey Smith is an Associate Professor in the School of Computing and Information Sciences at Florida International University. His research interests are centered on programming languages and computer security. His research on secure information flow has been supported by several NSF grants, and his papers in this area have been cited more than 1200 times, according to Google Scholar. He completed his Ph.D. in Computer Science in 1991 from Cornell University.