Confidentiality: Searching for the Hole in the Bucket? Herbert Wiklicky Imperial College Confidentiality is that aspect of computer security which is concerned with how information is allowed to flow through a computer system. Models for confidentiality typically characterise the absence of information flow, between objects (across interfaces, or along channels) - i.e. confinement - by essentially reducing it to non-interference. We approach the problem of analysing confidentiality and confinement by looking at models which are able to give a quantitative estimate of the information flowing through a system. Such models abandon the purely qualitative binary view of the information flow by characterising how much information is actually ``leaking'' from the system rather than the complete absence of any such flow. This allows us to define and investigate notions of non-interference which are approximate and yet able to capture the security properties of a system in a more realistic way. We will consider different types of relatively simple attacks during which a spying agent tries to reveal the identity of some unknown process. Our aim is to characterise the ``vulnerability'' of a set of agents by applying program analysis techniques, e.g. probabilistic abstract interpretation.