Overview
Explore a static analysis method for measuring interference in software, presented at the 2018 IEEE Symposium on Security & Privacy. Delve into the concept of noninterference as a security definition for secret values in procedures, and learn how to assess interference using model counting techniques. Discover a flexible interference assessment approach that quantifiably improves accuracy with increased computational effort. Examine case studies demonstrating the effectiveness of this method, including leakage scenarios in search engine auto-complete responses, secrets subjected to compression with attacker-controlled inputs, and TCP sequence numbers from shared counters. Gain insights into information leakage, quantitative information flow, and interference between secret sets. Understand the proposed new measure for assessing interference and its potential applications in improving software security.
Syllabus
Information Leakage due to Interference
Quantitative Information Flow
Interference between two secrets (3)
Interference between two secret sets
Estimating
Define a new measure
Dummy Examples
Conclusion We proposed a new method for assessing interference
Taught by
IEEE Symposium on Security and Privacy