The Science of Quantitative Information Flow

This book presents a comprehensive mathematical theory that explains precisely what information flow is, and how it can be assessed quantitatively (bringing precise meaning to the intuition that certain information leaks are small enough to be tolerated), and how systems can be constructed that achieve rigorous, quantitative information-flow guarantees in those terms. This theory addresses a fundamental challenge: functional and practical requirements frequently conflict with the goal of preserving confidentiality, making perfect security unattainable.

The authors include: a systematic presentation of how unwanted information flow, i.e. "leaks," can be quantified in operationally significant ways and then bounded, both with respect to estimated benefit for an attacking adversary and by comparisons between alternative implementations; a detailed study of capacity, refinement, and Dalenius leakage, supporting robust leakage assessments; a unification of information-theoretic channels and information-leaking sequential programs within the same framework; and a collection of case studies, showing how the theory can be applied to interesting realistic scenarios.

The text is a unified, self-contained, and comprehensive presentation, accessible to students and researchers with knowledge of discrete probability and some mathematical maturity, with numerous exercises to facilitate use as a course textbook.

本書提出了一個全面的數學理論，精確解釋了信息流是什麼，以及如何以量化方式評估它（將某些信息洩漏的直覺小到可以容忍的程度），以及如何建立系統以在這些條件下實現嚴格的、量化的信息流保證。這個理論解決了一個基本挑戰：功能和實際需求常常與保密的目標相衝突，使得完美的安全無法實現。

作者包括：系統性地介紹了如何以操作上重要的方式量化和界定不需要的信息流（即“洩漏”），並通過攻擊者的預估效益和不同實現之間的比較進行界定；詳細研究了容量、精煉度和Dalenius洩漏，支持強大的洩漏評估；在同一框架內統一了信息理論通道和信息洩漏的順序程序；以及一系列案例研究，展示了如何將該理論應用於有趣的現實情境中。

本書是一本統一、自成體系且全面的著作，適合具備離散概率和一定數學基礎的學生和研究人員閱讀，並提供了大量練習題以便作為課程教材使用。

Mário S. Alvim is an assistant professor in the Computer Science Department of the Universidade Federal de Minas Gerais (UFMG) in Belo Horizonte. His current research interests include quantitative information flow and, in particular, its potential applications to fields other than security. Kostas Chatzikokolakis is a CNRS researcher at the École Polytechnique of Paris. He works on security and privacy, in particular quantitative information flow, location privacy and differential privacy. Annabelle McIver is a professor in the Department of Computing at Macquarie University in Sydney. She works on mathematical techniques for the verification of probabilistic systems. Carroll Morgan is a professor in the School of Engineering and Computer Science at the University of New South Wales, and is affiliated with the Trustworthy Systems Group of the CSIRO's Data61. His current interests are quantitative information flow, program derivation (including security) and proved correctness of multi-core operating-system kernels. Catuscia Palamidessi is director of research at INRIA Saclay. She is the leader of COMETE, a research team in the INRIA and École Polytechnique shared lab. Her main research interests are quantitative information flow, privacy, and concurrency theory. Geoffrey Smith is a professor in the School of Computing and Information Sciences of Florida International University in Miami. His current research interests include quantitative information flow and its applications to cryptography.

Mário S. Alvim是巴西米納斯吉拉斯聯邦大學（UFMG）計算機科學系的助理教授，位於貝洛奧里藏特。他目前的研究興趣包括量化信息流以及其在安全以外領域的潛在應用。Kostas Chatzikokolakis是巴黎高等理工學院（École Polytechnique）的CNRS研究員。他的研究方向是安全和隱私，尤其是量化信息流、位置隱私和差分隱私。Annabelle McIver是悉尼麥覺理大學（Macquarie University）計算機科學系的教授。她致力於應用數學技術驗證概率系統。Carroll Morgan是新南威爾士大學（University of New South Wales）工程與計算機科學學院的教授，並隸屬於CSIRO的Data61可信系統組。他目前的研究興趣包括量化信息流、程序推導（包括安全性）和多核操作系統核心的證明正確性。Catuscia Palamidessi是法國國家計算機科學和自動化研究所（INRIA）Saclay研究所的研究主任。她是INRIA和École Polytechnique共享實驗室COMETE的研究團隊負責人。她的主要研究興趣是量化信息流、隱私和並發理論。Geoffrey Smith是美國佛羅里達國際大學（Florida International University）計算機與信息科學學院的教授，位於邁阿密。他目前的研究興趣包括量化信息流及其在密碼學中的應用。