{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,24]],"date-time":"2025-10-24T08:06:46Z","timestamp":1761293206680},"reference-count":24,"publisher":"Cambridge University Press (CUP)","issue":"2","license":[{"start":{"date-parts":[[2014,11,10]],"date-time":"2014-11-10T00:00:00Z","timestamp":1415577600000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/www.cambridge.org\/core\/terms"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Math. Struct. Comp. Sci."],"published-print":{"date-parts":[[2015,2]]},"abstract":"<jats:p>A long-standing and fundamental issue in computer security is to control the <jats:italic>flow of information<\/jats:italic>, whether to prevent confidential information from being <jats:italic>leaked<\/jats:italic>, or to prevent trusted information from being <jats:italic>tainted<\/jats:italic>. While there have been many efforts aimed at preventing improper flows completely (see for example, the survey by Sabelfeld and Myers (2003)), it has long been recognized that perfection is often impossible in practice. A basic example is a login program \u2013 whenever it rejects an incorrect password, it unavoidably reveals that the secret password differs from the one that was entered. More subtly, systems may be vulnerable to <jats:italic>side channel<\/jats:italic> attacks, because observable characteristics like running time and power consumption may depend, at least partially, on sensitive information.<\/jats:p>","DOI":"10.1017\/s0960129513000583","type":"journal-article","created":{"date-parts":[[2014,11,10]],"date-time":"2014-11-10T17:58:24Z","timestamp":1415642304000},"page":"203-206","source":"Crossref","is-referenced-by-count":2,"title":["Preface to the special issue on quantitative information flow"],"prefix":"10.1017","volume":"25","author":[{"given":"MIGUEL E.","family":"ANDR\u00c9S","sequence":"first","affiliation":[]},{"given":"CATUSCIA","family":"PALAMIDESSI","sequence":"additional","affiliation":[]},{"given":"GEOFFREY","family":"SMITH","sequence":"additional","affiliation":[]}],"member":"56","published-online":{"date-parts":[[2014,11,10]]},"reference":[{"key":"S0960129513000583_ref7","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-2007-15302"},{"key":"S0960129513000583_ref18","doi-asserted-by":"crossref","unstructured":"McLean J. (1990) Security models and information flow. In: IEEE Symposium on Security and Privacy 180\u2013189.","DOI":"10.21236\/ADA462529"},{"key":"S0960129513000583_ref19","doi-asserted-by":"crossref","unstructured":"Millen J. K. (1987) Covert channel capacity. In: IEEE Symposium on Security and Privacy 60\u201366.","DOI":"10.1109\/SP.1987.10013"},{"key":"S0960129513000583_ref6","doi-asserted-by":"publisher","DOI":"10.1016\/S1571-0661(04)00290-7"},{"key":"S0960129513000583_ref17","doi-asserted-by":"crossref","unstructured":"Malacaria P. (2007) Assessing security threats of looping constructs. In: Proceedings of the 34th Symposium on Principles of Programming Languages 225\u2013235.","DOI":"10.1145\/1190216.1190251"},{"key":"S0960129513000583_ref22","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2002.806121"},{"key":"S0960129513000583_ref3","doi-asserted-by":"crossref","unstructured":"Backes M. , K\u00f6pf B. and Rybalchenko A. (2009) Automatic discovery and quantification of information leaks. In: Proceedings 30th IEEE Symposium on Security and Privacy 141\u2013153.","DOI":"10.1109\/SP.2009.18"},{"key":"S0960129513000583_ref12","doi-asserted-by":"crossref","unstructured":"Heusser J. and Malacaria P. (2010) Quantifying information leaks in software. In: Proceedings of the Annual Computer Security Applications Conference 261\u2013269.","DOI":"10.1145\/1920261.1920300"},{"key":"S0960129513000583_ref1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2012.26"},{"key":"S0960129513000583_ref5","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-12002-2_33"},{"key":"S0960129513000583_ref9","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-2008-0333"},{"key":"S0960129513000583_ref14","doi-asserted-by":"crossref","unstructured":"K\u00f6pf B. , Mauborgne L. and Ochoa M. (2012) Automatic quantification of cache side-channels. In: Proceedings of the 24th International Conference on Computer-Aided Verification 564\u2013580.","DOI":"10.1007\/978-3-642-31424-7_40"},{"key":"S0960129513000583_ref4","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2011.20"},{"key":"S0960129513000583_ref10","volume-title":"Cryptography and Data Security","author":"Denning","year":"1983"},{"key":"S0960129513000583_ref23","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-00596-1_21"},{"key":"S0960129513000583_ref8","doi-asserted-by":"publisher","DOI":"10.1109\/CSFW.2005.10"},{"key":"S0960129513000583_ref13","doi-asserted-by":"crossref","unstructured":"K\u00f6pf B. and Basin D. (2007) An information-theoretic model for adaptive side-channel attacks. In: Proceedings of the 14th ACM Conference on Computer and Communications Security 286\u2013296.","DOI":"10.1145\/1315245.1315282"},{"key":"S0960129513000583_ref11","doi-asserted-by":"crossref","unstructured":"Gray J. W. III (1991) Toward a mathematical foundation for information flow security. In: IEEE Symposium on Security and Privacy 21\u201335.","DOI":"10.1109\/RISP.1991.130769"},{"key":"S0960129513000583_ref24","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2010.9"},{"key":"S0960129513000583_ref15","doi-asserted-by":"crossref","unstructured":"K\u00f6pf B. and Rybalchenko A. (2010) Approximation and randomization for quantitative information-flow analysis. In: Proceedings of the 23nd IEEE Computer Security Foundations Symposium 3\u201314.","DOI":"10.1109\/CSF.2010.8"},{"key":"S0960129513000583_ref2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-12002-2_32"},{"key":"S0960129513000583_ref20","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-14162-1_19"},{"key":"S0960129513000583_ref21","doi-asserted-by":"crossref","unstructured":"Newsome J. , McCamant S. and Song D. (2009) Measuring channel capacity to distinguish undue influence. In: Proceedings of the Fourth Workshop on Programming Languages and Analysis for Security 73\u201385.","DOI":"10.1145\/1554339.1554349"},{"key":"S0960129513000583_ref16","doi-asserted-by":"crossref","unstructured":"K\u00f6pf B. and Smith G. (2010) Vulnerability bounds and leakage resilience of blinded cryptography under timing attacks. In: Proceedings of the 23nd IEEE Computer Security Foundations Symposium 44\u201356.","DOI":"10.1109\/CSF.2010.11"}],"container-title":["Mathematical Structures in Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.cambridge.org\/core\/services\/aop-cambridge-core\/content\/view\/S0960129513000583","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,4,21]],"date-time":"2019-04-21T18:59:55Z","timestamp":1555873195000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.cambridge.org\/core\/product\/identifier\/S0960129513000583\/type\/journal_article"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,11,10]]},"references-count":24,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2015,2]]}},"alternative-id":["S0960129513000583"],"URL":"https:\/\/doi.org\/10.1017\/s0960129513000583","relation":{},"ISSN":["0960-1295","1469-8072"],"issn-type":[{"value":"0960-1295","type":"print"},{"value":"1469-8072","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014,11,10]]}}}