Quantitative Information Flow: when are partial breaches of confidentiality insignificant?

In computer security, it is frequently necessary in practice to accept some leakage of confidential information. This motivates the development of theories of Quantitative Information Flow aimed at showing that some leaks are small and therefore tolerable.

In this talk I will describe some recent developments concerning how to measure the severity of information leaks based on new definitions of entropy, and how to apply them to programming language semantics. The ideas are illustrated by measuring the degree of privacy participants can rely on when they vote using some standard voting protocols.