English

Compositional security and collateral leakage

Cryptography and Security 2016-04-19 v1 Logic in Computer Science Programming Languages

Abstract

In quantitative information flow we say that program QQ is "at least as secure as" PP just when the amount of secret information flowing from QQ is never more than flows from PP, with of course a suitable quantification of "flow". This secure-refinement order \sqsubseteq is compositional just when PQP{\sqsubseteq}Q implies C(P)C(Q){\cal C}(P){\sqsubseteq}{\cal C}(Q) for any context C{\cal C}, again with a suitable definition of "context". Remarkable however is that leaks caused by executing P,QP,Q might not be limited to their declared variables: they might impact correlated secrets in variables declared and initialised in some broader context to which P,QP,Q do not refer even implicitly. We call such leaks collateral because their effect is felt in domains of which (the programmers of) P,QP, Q might be wholly unaware: our inspiration is the "Dalenius" phenomenon for statistical databases. We show that a proper treatment of these collateral leaks is necessary for a compositional program semantics for read/write "open" programs. By adapting a recent Hidden-Markov denotational model for non-interference security, so that it becomes "collateral aware", we give techniques and examples (e.g.\ public-key encryption) to show how collateral leakage can be calculated and then bounded in its severity.

Keywords

Cite

@article{arxiv.1604.04983,
  title  = {Compositional security and collateral leakage},
  author = {N. Bordenabe and A. McIver and C Morgan and T. Rabehaja},
  journal= {arXiv preprint arXiv:1604.04983},
  year   = {2016}
}
R2 v1 2026-06-22T13:34:27.279Z