TY  - JOUR
ID  - city195
UR  - https://openaccess.city.ac.uk/id/eprint/195/
IS  - 3
A1  - Hunt, S.
A1  - Clark, D.
A1  - Malacaria, P.
Y1  - 2007///
N2  - We propose an approach to quantify interference in a simple imperative language that includes a looping construct. In this paper we focus on a particular case of this definition of interference: leakage of information from private variables to public ones via a Trojan Horse attack. We quantify leakage in terms of Shannon's information theory and we motivate our definition by proving a result relating this definition of leakage and the classical notion of programming language interference. The major contribution of the paper is a quantitative static analysis based on this definition for such a language. The analysis uses some non-trivial information theory results like Fano's inequality and L1 inequalities to provide reasonable bounds for conditional statements. While-loops are handled by integrating a qualitative flow-sensitive dependency analysis into the quantitative analysis.
PB  - SAGE Publications
JF  - Journal of Computer Security
VL  - 15
SN  - 0926-227X
TI  - A static analysis for quantifying information flow in a simple imperative language
SP  - 321
AV  - public
EP  - 371
ER  -