University of Minnesota
Program Analysis for Security
index.php

Quantitative information flow, part 1

Pasquale Malacaria. “Assessing security threats of looping constructs”. In Principles of Programming Languages (POPL), pages 225–235, Nice, France, January 2007.
[ACM]

Stephen McCamant and Michael D. Ernst. “Quantitative information flow as network flow capacity”. In Programming Language Design and Implementation (PLDI), pages 193–205, Tucson, AZ, USA, June 2008.
[ACM]

Question: (Note: this time, I suggest that you answer this extra question before doing the readings, since it's about brainstorming the general area of the papers.)

When I ran the Linux wc on this assignment web page while writing it, I got the output: 

  76  378 2645 08-qif1.html

That means that the file contained 76 lines, 378 words, and 2645 characters. How much information about the input file is conveyed by that output? Give an estimate of the amount of information revealed, as a number of bits, where one bit is the amount of information needed to choose between two equally likely alternatives.

This question is intentionally somewhat vague, and there are many possible answers, no single one of which is "right". I'd prefer that you think creatively, not try to give the answer that matches one of the papers or the one you think I would give. In fact it would be great if I happened to get a different number from everyone in the class. I do want everyone's analysis to come up with a specific number for this specific example in the end. If your analysis depends on some detail of how wc is implemented, you can feel free to make any reasonable assumption (though if you want to look at the source code for a particular implementation for inspiration, it's not hard to find on the web). If you analysis requires a complex calculation, you can use an approximation.

Historic

Dorothy Elizabeth Robling Denning. Cryptography and Data Security. Addison-Wesley Longman Publishing, 1982.
[ACM]

An early book on information security, which is available from the ACM Digital Library in a collection of classic monographs. The section related to quantitative information flow appears on pages 265–273.