Information theory provides a range of useful methods to analyse probability distributions and these techniques have been successfully applied to measure information flow and the loss of anonymity in secure systems. However, previous work has tended to assume that the exact probabilities of every action are known, or that the system is non-deterministic. In this paper, we show that measures of information leakage based on mutual information and capacity can be calculated, automatically, from trial runs of a system alone. We find a confidence interval for this estimate based on the number of possible inputs, observations and samples. We have developed a tool to automatically perform this analysis and we demonstrate our method by analysing a Mixminon anonymous remailer node.
|Title of host publication||Tools and Algorithms for the Construction and Analysis of Systems (16th International Conference, TACAS 2010, Paphos, Cyprus, March 20-28, 2010. Proceedings)|
|Editors||J. Esparza, R. Majumdar|
|Place of Publication||Berlin|
|Publication status||Published - 2010|
|Name||Lecture Notes in Computer Science|
Chatzikokolakis, K., Chothia, T., & Guha, A. (2010). Statistical measurement of information leakage. In J. Esparza, & R. Majumdar (Eds.), Tools and Algorithms for the Construction and Analysis of Systems (16th International Conference, TACAS 2010, Paphos, Cyprus, March 20-28, 2010. Proceedings) (pp. 390-404). (Lecture Notes in Computer Science; Vol. 6015). Springer. https://doi.org/10.1007/978-3-642-12002-2_33