Abstract
Quantitative information flow aims to assess and control the leakage of sensitive information by computer systems. A key insight in this area is that no single leakage measure is appropriate in all operational scenarios; as a result, several leakage measures have been proposed, with many different properties. In this talk, we will present an axiomatic approach to the various measures, and will point out the relations between them, thus contributing to offer a systematic view of the field. We will also establish a completeness result about the $g$-leakage family, showing that any leakage measure satisfying certain intuitively “natural” properties can be expressed as a $g$-leakage.