| dc.description.abstract | This paper explores the idea of knowledge-based security policies, which
are used to decide whether to answer a query over secret data based on
an estimation of the querier's (possibly increased) knowledge given the
result. Limiting knowledge is the goal of existing information release
policies that employ mechanisms such as noising, anonymization, and
redaction. Knowledge-based policies are more general: they increase
flexibility by not fixing the means to restrict information flow. We
enforce a knowledge-based policy by explicitly tracking a model of a
querier's belief about secret data, represented as a probability
distribution. We then deny any query that could increase knowledge above
a given threshold. We implement query analysis and belief tracking via
abstract interpretation using a novel domain we call probabilistic
polyhedra, whose design permits trading off precision with performance
while ensuring estimates of a querier's knowledge are sound. Experiments
with our implementation show that several useful queries can be handled
efficiently, and performance scales far better than would more standard
implementations of probabilistic computation based on sampling. | en_US |
