skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Maximal α-Leakage and its Properties
Maximal α-leakage is a tunable measure of information leakage based on the quality of an adversary's belief about an arbitrary function of private data based on public data. The parameter α determines the loss function used to measure the quality of a belief, ranging from log-loss at α = 1 to the probability of error at α = ∞. We review its definition and main properties, including extensions to α <; 1, robustness to side information, and relationship to Rényi differential privacy.  more » « less
Award ID(s):
1901243 1900750
PAR ID:
10232244
Author(s) / Creator(s):
; ; ;
Date Published:
Journal Name:
2020 IEEE Conference on Communications and Network Security (CNS)
Page Range / eLocation ID:
1 to 6
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, International Symposium on Information Theory)
    null (Ed.)
    We consider a problem of guessing, wherein an adversary is interested in knowing the value of the realization of a discrete random variable X on observing another correlated random variable Y. The adversary can make multiple (say, k) guesses. The adversary's guessing strategy is assumed to minimize a-loss, a class of tunable loss functions parameterized by a. It has been shown before that this loss function captures well known loss functions including the exponential loss (a = 1/2), the log-loss (a = 1) and the 0–1 loss (a = ∞). We completely characterize the optimal adversarial strategy and the resulting expected α-loss, thereby recovering known results for a = ∞. We define an information leakage measure from the k-guesses setup and derive a condition under which the leakage is unchanged from a single guess. 
    more » « less
  2. ; (, Schloss Dagstuhl – Leibniz-Zentrum für Informatik)
    Aldrich, Jonathan; Silva, Alexandra (Ed.)
    We propose an improved abstract interpretation based method for quantifying cache side-channel leakage by addressing two key components of precision loss in existing set-based cache abstractions. Our method targets two key sources of imprecision: (1) imprecision in the abstract transfer function used to update the abstract cache state when interpreting a memory access and (2) imprecision due to the incompleteness of the set-based domain. At the center of our method are two key improvements: (1) the introduction of a new transfer function for updating the abstract cache state which carefully leverages information in the abstract state to prevent the spurious aging of memory blocks and (2) a refinement of the set-based domain based on the finite powerset construction. We show that both the new abstract transformer and the domain refinement enjoy certain enhanced precision properties. We have implemented the method and compared it against the state-of-the-art technique on a suite of benchmark programs implementing both sorting algorithms and cryptographic algorithms. The experimental results show that our method is effective in improving the precision of cache side-channel leakage quantification. 
    more » « less
  3. ; ; ; ; ; (, Atmospheric Measurement Techniques)
    Abstract. The viscosity of secondary organic aerosol (SOA) is needed to improve predictions of air quality, climate, and atmospheric chemistry. Many techniques have been developed to measure the viscosity of micrometer-sized materials at room temperature; however, few techniques are able to measure viscosity as a function of temperature for these small sample sizes. SOA in the troposphere experience a wide range of temperatures, so measurement of viscosity as a function of temperature is needed. To address this need, a new method was developed based on hot-stage microscopy combined with fluid dynamics simulations. The current method can be used to determine viscosities in the range of roughly 104 to 108 Pa s at temperatures greater than room temperature. Higher viscosities may be measured if experiments are carried out over multiple days. To validate our technique, the viscosities of 1,3,5-tris(1-naphthyl)benzene and phenolphthalein dimethyl ether were measured and compared with values reported in the literature. Good agreement was found between our measurements and literature data. As an application to SOA, the viscosity as a function of temperature for lab-generated farnesene SOA material was measured, giving values ranging from 3.1×106 Pa s at 51 ∘C to 2.6×104 Pa s at 67 ∘C. We fit the temperature-dependent data to the Vogel–Fulcher–Tammann (VFT) equation and obtained a fragility parameter for the material of 7.29±0.03, whichis very similar to the fragility parameter of 7 reported for α-pinene SOA by Petters and Kasparoglu (2020). These results demonstrate that the viscosity as a function of temperature can be measured for lab-generated SOA material using our hot-stage microscopy method. 
    more » « less
  4. ; ; ; ; (, Proceedings of the 37th IEEE/ACM International Conference on Software Engineering (ASE))
    Information leaks in software can unintentionally reveal private data, yet they are hard to detect and fix. Although several methods have been proposed to detect leakage, such as static verification-based approaches, they require specialist knowledge, and are time-consuming. Recently, we introduced HyperGI, a dynamic, hypertest-based approach that can detect and produce potential fixes for hyperproperty violations. In particular, we focused on violations of the noninterference property, as it results in information flow leakage. Our instantiation of HyperGI was able to detect and reduce leakage in three small programs. Its fitness function tried to balance information leakage and program correctness but, as we pointed out, there may be tradeoffs between keeping program semantics and reducing information leakage that require developer decisions. In this work we ask if it is possible to automatically detect and repair information leakage in more realistic programs without requiring specialist knowledge. We instantiate a multi-objective version of HyperGI in a tool, called LeakReducer, which explicitly encodes the tradeoff between program correctness and information leakage. We apply LeakReducer to six leaky programs, including the well-known Heartbleed bug. LeakReducer is able to detect leakage in all, in contrast to state-of-the-art fuzzers, detecting leakage in only two programs. Moreover, LeakReducer is able to reduce leakage in all subjects, with comparable results to previous work, while scaling to much larger software. 
    more » « less
  5. ; ; (, ACM Transactions on Privacy and Security)
    Information leakageis usually defined as the logarithmic increment in the adversary’s probability of correctly guessing the legitimate user’s private data or some arbitrary function of the private data when presented with the legitimate user’s publicly disclosed information. However, this definition of information leakage implicitly assumes that both the privacy mechanism and the prior probability of the original data are entirely known to the attacker. In reality, the assumption of complete knowledge of the privacy mechanism for an attacker is often impractical. The attacker can usually have access to only an approximate version of the correct privacy mechanism, computed from a limited set of the disclosed data, for which they can access the corresponding un-distorted data. In this scenario, the conventional definition of leakage no longer has an operational meaning. To address this problem, in this article, we propose novel meaningful information-theoretic metrics for information leakage when the attacker hasincomplete informationabout the privacy mechanism—we call themaverage subjective leakage,average confidence boost, andaverage objective leakage, respectively. For the simplest, binary scenario, we demonstrate how to find an optimized privacy mechanism that minimizes the worst-case value of either of these leakages. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email