Confidentiality: Searching for the Hole in the Bucket?

                       Herbert Wiklicky
                       Imperial College

Confidentiality is that aspect of computer security which is concerned
with how information is allowed to flow through a computer system.
Models for confidentiality typically characterise the absence of
information flow, between objects (across interfaces, or along channels)
- i.e. confinement - by essentially reducing it to non-interference.

We approach the problem of analysing confidentiality and confinement by
looking at models which are able to give a quantitative estimate of the
information flowing through a system. Such models abandon the purely
qualitative binary view of the information flow by characterising how
much information is actually ``leaking'' from the system rather than the
complete absence of any such flow. This allows us to define and
investigate notions of non-interference which are approximate and yet
able to capture the security properties of a system in a more realistic

We will consider different types of relatively simple attacks during
which a spying agent tries to reveal the identity of some unknown
process. Our aim is to characterise the ``vulnerability'' of a set of
agents by applying program analysis techniques, e.g. probabilistic
abstract interpretation.