A Methodology for Information Flow Experiments
- Resource Type
- Conference
- Authors
- Tschantz, Michael Carl; Datta, Amit; Datta, Anupam; Wing, Jeannette M.
- Source
- 2015 IEEE 28th Computer Security Foundations Symposium Computer Security Foundations Symposium (CSF), 2015 IEEE 28th. :554-568 Jul, 2015
- Subject
- Computing and Processing
Interference
Probabilistic logic
Analytical models
Monitoring
Statistical analysis
Google
Testing
information flow analysis
causation
online tracking
blackbox experiments
- Language
- ISSN
- 1063-6900
2377-5459
Information flow analysis has largely focused on methods that require access to the program in question or total control over an analyzed system. We consider the case where the analyst has neither control over nor a white-box model of the analyzed system. We formalize such limited information flow analyses and study an instance of it: detecting the usage of data by websites. We reduce these problems to ones of causal inference by proving a connection between non-interference and causation. Leveraging this connection, we provide a systematic black-box methodology based on experimental science and statistical analysis. Our systematic study leads to practical advice for detecting web data usage, a previously normalized area. We illustrate these concepts with a series of experiments collecting data on the use of information by websites.