Researcher develops method for monitoring whether private information is sufficiently protected
Tri Minh Ngo, researcher at the University of Twente, has developed a new method for monitoring whether private information is sufficiently protected in computer programs. His technology can be used to check whether private data can be leaked and, if so, how much information is actually leaked in that case. His technology can also be used to detect possible leaks.
In our modern society, information is of strategic importance. Therefore, the protection of information is critical. Governments, military services, companies and banks are all dependent on the capability to protect information. If private data is stored and made accessible through a computer program, one needs to be absolutely sure this data cannot be retrieved by anyone just like that. Therefore, one has to make sure that users cannot distract any information about private data just by studying the public data. Marieke Huisman, associate professor at the University of Twente: "Consider a personnel administration system, for instance. Pay data of individual employees are obviously private; still, the number of employees is probably public. If one knows the total amount of salaries paid, one can possibly discover something on the wages of individual employees."
Ngo discovered a better way to precisely formulate when a parallel program does not leak any private data. Parallelism is the capacity by a computer program to perform multiple calculations at the same time. Ngo developed an algorithm which makes it possible to verify whether concrete parallel programs do not leak any information. Leaking information cannot always be prevented and, in some instances, it may even be desirable to a certain extent. However, in case information is leaked, Ngo's algorithm can give an indication of how this information has actually been leaked. The technology even enables us to make an estimate of how much information has been leaked. Huisman: "In this way, one can make a comparison of two implementations and simply see which of the two leaks the least amount of information."
Minh Tri Ngo's dissertation is entitled "Qualitative and Quantitative information flow analysis for multi-threaded programs". Ngo will obtain his doctoral degree on 17 April at the Formal Methods and Tools department of the University of Twente. Ngo performed his research under the supervision of Ms Marieke Huisman, PhD, and Professor Jaco van de Pol, PhD.