{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,16]],"date-time":"2026-04-16T05:20:31Z","timestamp":1776316831349,"version":"3.50.1"},"reference-count":0,"publisher":"SAGE Publications","issue":"3","license":[{"start":{"date-parts":[[2007,3,20]],"date-time":"2007-03-20T00:00:00Z","timestamp":1174348800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2007,3,20]]},"abstract":"<jats:p> We propose an approach to quantify interference in a simple imperative language that includes a looping construct. In this paper we focus on a particular case of this definition of interference: leakage of information from private variables to public ones via a Trojan Horse attack. We quantify leakage in terms of Shannon\u2019s information theory and we motivate our definition by proving a result relating this definition of leakage and the classical notion of programming language interference. The major contribution of the paper is a quantitative static analysis based on this definition for such a language. The analysis uses some non-trivial information theory results like Fano\u2019s inequality and the [Formula: see text] inequality to provide reasonable bounds for conditional statements. While-loops are handled by integrating a qualitative flow-sensitive dependency analysis into the quantitative analysis. <\/jats:p>","DOI":"10.3233\/jcs-2007-15302","type":"journal-article","created":{"date-parts":[[2016,5,18]],"date-time":"2016-05-18T07:36:46Z","timestamp":1463557006000},"page":"321-371","source":"Crossref","is-referenced-by-count":105,"title":["A static analysis for quantifying information flow in a simple imperative language"],"prefix":"10.1177","volume":"15","author":[{"given":"David","family":"Clark","sequence":"first","affiliation":[{"name":"Department of Computer Science, Kings College, London, UK."}]},{"given":"Sebastian","family":"Hunt","sequence":"additional","affiliation":[{"name":"Department of Computing, City University, London, UK."}]},{"given":"Pasquale","family":"Malacaria","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Queen Mary, London, UK."}]}],"member":"179","published-online":{"date-parts":[[2007,3,20]]},"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-2007-15302","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-2007-15302","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,10]],"date-time":"2025-03-10T13:50:12Z","timestamp":1741614612000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-2007-15302"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007,3,20]]},"references-count":0,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2007,3,20]]}},"alternative-id":["10.3233\/JCS-2007-15302"],"URL":"https:\/\/doi.org\/10.3233\/jcs-2007-15302","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"value":"0926-227X","type":"print"},{"value":"1875-8924","type":"electronic"}],"subject":[],"published":{"date-parts":[[2007,3,20]]}}}