TWC: Small: Confidentiality Measurement of Complex Computations using Quantitative Information Flow

TWC：小型：使用定量信息流进行复杂计算的机密性测量

• 批准号: 1526319
• 负责人: Stephen McCamant
• 金额: $ 49.57万
• 依托单位: University of Minnesota-Twin Cities
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-09-01 至 2019-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1526319&HistoricalAwards=false
• 关键词: TWC; Small; Confidentiality; Measurement; Complex

Concern about information privacy is a major obstacle to user adoption of new information technology applications, from smart phone applications to the deployment of automated workflows in the largest health-care and government enterprises. This project addresses privacy concerns caused by software through errors and malicious attacks. A major security concern about software revolves around whether computers reveal information that they should not. Much of the information we entrust to computers might be described as secret, private, or confidential, because we want to limit who has access to it. However many things can go wrong in computer systems to allow information to be revealed when it should not. In this project the focus is on the information that is present in the results of a computation. A computation might take information from several sources and combine it in a complex way to produce output. These outputs are usually not in a format that can easily be read directly by people, thus the output from a computation may be undesirably "leaking" information without our knowledge. The project tackles this problem using techniques called quantitative information flow analysis, which allow one computer program to automatically determine how much information another computer program is revealing. For instance, such an analysis system might report that one program always reveals 4 bits of secret information, while another program revealed 1000 bits of secret information in its most recent execution. By comparing these measurements to the expected behavior of a program, one can detect situations that might be causing a program to reveal information that it should not. Previous quantitative information flow analysis systems have demonstrated that the basic approach is sound, but they have been limited in the kinds and sizes of programs where they are effective, and they require guidance from software developers to obtain good results. This project will develop new techniques that eliminate these restrictions to make quantitative information flow analysis more widely applicable. The quantitative information-flow techniques, which measure the number of bits of information about secret computation inputs that are revealed by computation outputs, give a measurement that can be evaluated separately without reference to the intended meaning of the computation results and without additional annotation or specification of the subject program. By combining a quantitative analysis with techniques from taint analysis and symbolic execution, the tools can track in a precise way where secret information flows, and the connection between input values and output values. Quantitative information-flow measurement has not yet seen practical adoption because existing approaches have too high overhead, do not naturally support multiple kinds of secret data, are limited in the software to which they apply, and/or require occasional developer annotations. The project seeks to overcome the limitations of previous approaches by generalizing the underlying techniques and improving their precision, while at the same time improving their performance and applicability via staged optimizations and complete automation. The research will demonstrate the approach by application to a number of realistic challenge problems in computer security and privacy.

对信息隐私的担忧是用户采用新的信息技术应用程序的主要障碍，从智能手机应用程序到最大的医疗保健和政府企业部署自动化工作流程。该项目解决了软件通过错误和恶意攻击引起的隐私问题。 关于软件的一个主要安全问题是计算机是否泄露了它们不应该泄露的信息。我们委托给计算机的许多信息可能被描述为秘密的，私人的或机密的，因为我们想限制谁可以访问它。然而，计算机系统中的许多事情可能会出错，允许信息在不应该的时候被泄露。在这个项目中，重点是计算结果中存在的信息。一个计算可能从多个来源获取信息，然后以一种复杂的方式将其联合收割机组合起来以产生输出。这些输出通常不是以人们可以容易地直接读取的格式，因此来自计算的输出可能在我们不知道的情况下不期望地“泄漏”信息。该项目使用称为定量信息流分析的技术来解决这个问题，该技术允许一个计算机程序自动确定另一个计算机程序揭示了多少信息。例如，这样的分析系统可能报告一个程序总是揭示4比特的秘密信息，而另一个程序在其最近的执行中揭示了1000比特的秘密信息。通过将这些测量结果与程序的预期行为进行比较，可以检测出可能导致程序泄露不应该泄露的信息的情况。以前的定量信息流分析系统已经证明，基本的方法是健全的，但他们一直限制在种类和规模的程序，他们是有效的，他们需要从软件开发人员的指导，以获得良好的结果。本项目将开发消除这些限制的新技术，使定量信息流分析更广泛地适用。 定量信息流技术，它测量由计算输出揭示的关于秘密计算输入的信息的比特数，给出了可以单独评估的测量，而不参考计算结果的预期含义，也不需要对主题程序进行额外的注释或规范。 通过将定量分析与污点分析和符号执行技术相结合，这些工具可以精确地跟踪秘密信息的流向，以及输入值和输出值之间的联系。定量信息流测量尚未看到实际采用，因为现有的方法有太高的开销，不自然地支持多种类型的秘密数据，在他们应用的软件中是有限的，和/或需要偶尔的开发人员注释。该项目旨在通过推广底层技术并提高其精度来克服以前方法的局限性，同时通过分阶段优化和完全自动化来提高其性能和适用性。 该研究将通过应用程序来展示计算机安全和隐私方面的一些现实挑战问题的方法。