RS3 Logo
Final Event
of the DFG Priority Program
"Reliably Secure Software Systems (RS3)"
September 4-6, 2017
Darmstadt, Germany

Carroll Morgan

"What do Hyper-Distributions have to do with Security?"

Hyper-distributions are distributions of distributions. Their ultimate antecedents are the partitions of Landauer and Redmond's "Lattice of Information" [1] whose aim was to present the abstract essence of secrecy together with a partial order – in fact a lattice – such that "less secret" ⊆ "more secret".

Whereas Landauer's work concerned deterministic information flow, in which a leak derived from the same secret always reveals the same value, more recent work has generalised that first to "demonic" information flow [2], where the revealed value can vary even for the same secret, and then to "quantitative" information flow where leaks are typically represented by probabilistic channels in the sense of Shannon. The original partitions of Landauer, equivalently sets of pairwise-disjoint subsets, generalise correspondingly to sets of possibly intersecting subsets and then to distributions of distributions: hyper-distributions.

Hyper-distributions were introduced only recently in security, in 2010 [3], but have been much worked on since. Lately they have been linked to the monadic model of computation [4], a fortuitious connection that allows many general reasoning rules to be imported for free, and a straightforward denotational semantics for (say) a sequential probabilistic programming language with explicit side-channel leakage. That semantics is very basic, intentionally so, and thus does indeed not address many of the complicated challenges that real-life security research is concerned with. But a positive point of its simplicity is that in that sparse setting many subtle issues can be seen more clearly.

The talk will summarise the development [5] and current state of the hyper-distribution approach to quantitative information flow, and suggest directions it might take from here on.

  • [1] Landauer and Redmond. A lattice of information. Proc. CSFW, 1993.
  • [2] Morgan. A demonic lattice of information. In Concurrency, Security and Puzzles. Springer LNCS 10160, 2016.
  • [3] McIver, Meinicke and Morgan. Compositional closure for Bayes risk in probabilistic non-interference, Proc. ICALP, 2010.
  • [4] McIver, Morgan and Rabehaja. Abstract hidden Markov models: a monadic account of quantitative information flow. Proc. LiCS, 2015.
  • [5] Alvim, Chatzikokolakis, McIver, Morgan, Palamidessi and Smith. Additive and multiplicative notions of leakage, and their capacities. Proc CSF, 2014.

Carroll Morgan

Data61 and
University of New South Wales