A Methodology for Information Flow Experiments

TitleA Methodology for Information Flow Experiments
Publication TypeConference Paper
Year of Publication2015
AuthorsTschantz MCarl, Datta A, Datta A, Wing JM
Published in2015 IEEE 28th Computer Security Foundations Symposium
Page(s)554-568
Date Published07/2015
KeywordsAnalytical models, authorisation, blackbox experiments, causal inference, causation, Google, inference mechanisms, information flow analysis, Interference, Monitoring, online tracking, Probabilistic logic, program access, statistical analysis, testing, Web sites, white-box model
Abstract

Information flow analysis has largely focused on methods that require access to the program in question or total control over an analyzed system. We consider the case where the analyst has neither control over nor a white-box model of the analyzed system. We formalize such limited information flow analyses and study an instance of it: detecting the usage of data by websites. We reduce these problems to ones of causal inference by proving a connection between non-interference and causation. Leveraging this connection, we provide a systematic black-box methodology based on experimental science and statistical analysis. Our systematic study leads to practical advice for detecting web data usage, a previously normalized area. We illustrate these concepts with a series of experiments collecting data on the use of information by websites.

URLhttp://www.icsi.berkeley.edu/pubs/networking/informationflowexperiments2015.pdf
DOI10.1109/CSF.2015.40
ICSI Research Group

Networking and Security