Language-Based Information- Flow Security
|
|
- Evan Blankenship
- 6 years ago
- Views:
Transcription
1 Language-Based Information- Flow Security Andrei Sabelfeld Andrew C. Myers Presented by Shiyi Wei
2 About the paper Literature review Information flow security Static program analysis to enforce information-flow Confidentiality Year: 2003 Jif (Java information flow) project Active since 1997 More than 34 publications System, language, security SOSP, POPL, CCS, Oakland Other work based on Jif 2
3 Overview Introduction Background Covert channels Mandatory access control Basics of language-based information flow Research trends Open challenges 3
4 Introduction Protect data confidentiality End-to-end security Enforcement of confidentiality policies Information cannot flow to where policy is violated Challenges Concurrency Covert channels Applications Military, medical, financial information systems Web-based services: mail, shopping, social network 4
5 Introduction Standard security mechanisms Discretionary access control Access files/objects based on privilege Prevent processes not authorized by file owner from reading Place restrictions on the release of information, but not its propagation Does not control how the data is used after reading from file To soundly enforce confidentiality Grant access privilege only to processes that will not leak confidential data» A much stronger information-flow policy!» Access control cannot identify these processes 5
6 Introduction Standard security mechanisms Encryption Secure an information channel Only the communicating endpoints have access However, no assurance that once the data is decrypted Antivirus software Offers limited protection against new attacks Firewall Protects confidentiality by preventing communication Checking confidentiality violation lies outside its scope 6
7 Introduction Language-based approach security-typed language Use of type systems for information flow Augmented with annotations Specify policies on the use of the typed data Compile-time type checking Add little or no run-time overhead E.g. Jif[1], SLam calculus[2], References [1] A.C.Myers and B. Liskov, A decentralized model for information flow control, in Proc. ACM Symp. on Operating System Principles, Oct. 1997, pp [2] N. Heintze and J. G. Riecke, The Slam calculus: programming with secrecy and integrity, in Proc. ACM Symp. on Principles of Programming Languages, Jan. 1998, pp
8 Introduction Integrity: a dual to confidentiality Confidentiality requires that information be prevented from flowing to inappropriate destinations Integrity requires that information be prevented from flowing from inappropriate sources 8
9 Background: Covert Channels Implicit flows Signal information through the control structure of a grogram Termination channels The termination/nontermination of a computation while secret=1 do skip Timing channels Signal information through the time at which an action occurs rather than through the data E.g. total execution time of a program 9
10 Background: Covert Channels Probabilistic channels Signal information by changing the probability distribution of observable data Resource exhaustion channels Signal information by the possible exhaustion of a finite, shared resource Power channels Signal information in the power consumed by the computer 10
11 Background: Mandatory Access control Mandatory access control Label each data with a security level Run-time enforcement mechanism Problem: implicit flow Process sensitivity label Label creep Monotonically increase label Too restrictive h := h mod 2; l := 0; if h = 1 then l :=1 else skip l := 1 h := h mod 2; l := 0; if h = 1 skip 11
12 Basics of Language-Based Information Flow Noninterference policy a variation of confidential(high) input does not cause a variation of public(low) output The attacker cannot observe any difference between two executions that differ only in their confidential input Security-type system A collection of typing rules Let s build one! 12
13 Basics of Language-Based Information Flow Language syntax: C ::= skip var := exp C1;C2 if exp then C1 else C2 while exp do C 13
14 Basics of Language-Based Information Flow Language syntax: C ::= skip var := exp C1;C2 if exp then C1 else C2 while exp do C (1) := (2) := (3) := (4) := 14
15 Basics of Language-Based Information Flow C ::= skip var := exp C1;C2 if exp then C1 else C2 while exp do C (1) if then else (2) if then else (3) if then else (4) if then else (5) if then else (6) if then else (7) if then else (8) if then else 15
16 Basics of Language-Based Information Flow Language syntax: C ::= skip var := exp C1;C2 if exp then C1 else C2 while exp do C 16
17 Research Trends static certification noninterference sound security analysis expressiveness concurrency covert channels security policies 17
18 Language Expressiveness static certification noninterference procedures sound security analysis functions exceptions objects expressiveness concurrency covert channels security policies 18
19 Language Expressiveness Procedures Polymorphism[3] The type of commands or expressions may be generic Functions Slam calculus[4] A functional language References [3] D. Volpano and G. Simth, A type-based approach to program security, in Proc. TAPSOFT 97. Apr. 1997, vol of LNCS, pp [4] N. Heintze and J. G. Riecke, The Slam calculus: programming with secrecy and integrity, in Proc. ACM Symp. on Principles of Programming Languages, Jan. 1998, pp
20 Language Expressiveness Exceptions Nonlocal transfer of control; implicit flow Path labels[5] Objects Fine-grained tracking of implicit flows caused by exceptions Java-like imperative object-oriented language[6] JFlow[5] References [5] A. C. Myers, JFlow: Practical mostly-static information flow control, in Proc. ACM Symp. on Principles of Programming Languages, Jan , pp [6] A. Banerjee and D. A. Naumann, Secure information flow and pointer confinement in a Java-like language, in Proc. IEEE Computer security Foundations Workshop, June 2002, pp
21 Concurrency static certification noninterference nondeterminism sound security analysis threads distribution expressiveness concurrency covert channels security policies 21
22 Concurrency Nondeterminism Possibilistic security condition[7] High inputs may not affect set of possible low inputs Dependence analysis between variables[8] References [7] J. McLean, A general theory of composition for a class of possibilistic security properties, IEEE Transactions on Software Engineering, vol. 22, no. 1, pp , Jan [8] J. P. Banatre, C. Bryce, and D. Le Metayer, An approach to information security in distributed systems, in Proc. European Symp. on Research in Computer Security. 1994, vol. 875 of LNCS, pp , Springer-Verlag. 22
23 Concurrency Thread concurrency High part has to be protected at all times (thread1) h := 0; l := h; (thread2) h := h Noninterference for a multithreaded language[9] No while loop may have a high guard No high conditional may contain a while loop in branch Encode of a timing leak into a direct leak (if h = 1 then C long else skip); l :=1 l := 0 References [9] G. Simth and D. Volpano, Secure information flow in a multi-threaded imperative language, in Proc. ACM Symp. on POPL, Jan. 1998, pp
24 Concurrency Distribution The ability to exchange messages These communications may be observed by attackers Mutual distrust Components can fail Attempt to compromise the behavior of others Secure program partitioning[10] Sequential, security-typed program -> fine-grained communicating subgrams References [10] S. Zdancewic, L. Zheng, N. Nystrom, and A.C. Myers, Untrusted hosts and confidentiality: Secure program partitioning, in Proc. ACM Symp. on Operating System Principles, Oct. 2001, pp
25 Covert Channels static certification noninterference termination sound security analysis timing probability expressiveness concurrency covert channels security policies 25
26 Covert Channels Termination channels Termination-sensitive noninterference[11] Disallows high loops and requires high conditionals have no loops in the branches Binding-time analysis[12] Divides program terms into while h = 1 do skip Static: known at partial-evaluation time Dynamic: to be supplied later No static term depends on a dynamic variable References [11] D. Vlpano and G. Smith, Eliminating covert flows with minimum typings, Proc. IEEE Computer Security Foundations Workshop, pp , June 1997 [12] M. Abadi, A. Banerjee, N. Heintze, and J. Riecke, A core calculus of dependency, in Proc. ACM Symp. on Principles of Programming Languages, Jan. 1999, pp
27 Timing channels Click to edit Master title style Covert Channels Timing-sensitive noninterference[13] High conditionals have no loops in the branches and wrapping each high conditional in a protect statement whose execution is atomic Program transformation[14] if h = 1 then C long else skip Cross-copy of the slices of the branches of a high if to equalize the execution time of the branches References [13] D. Volpano and G. Smith, Probabilistic noninterference in a concurrent language, J. Computer Security, vol. 7, no. 2-3, pp , Nov [14] J. Agat, Transforming out timing leaks, in Proc. ACM Symp. on Principles of Programming Languages, Jan. 2000, pp
28 Covert Channels Probabilistic channels Probabilistic noninterference Two behaviors are indistinguishable by the attacker iff the distribution of low output is the same Example [] p : probabilistic choice operator Selects the left-hand side command with the probability p Selects the right-hand side with the probability 1-p Varying PIN does not change set of possible outcomes Secure for possibilistic condition l := PIN [] 9/10 l := rand(9999) 28
29 Security Policies static certification noninterference sound security analysis declassification admissibility relative security quantitative security expressiveness concurrency covert channels security policies 29
30 Security Policies Noninterference rejects downgrading Decentralized model[1] Selective declassification Admissibility[15] Explicitly states what dependencies between data are allowed in the program Quantitative security[16] Allow for a limited bandwidth of information leaks References [15] M. Dam and P. Giambiagi, Confidentiality for mobile code: The case of a simple payment protocol, in Proc. IEEE Computer Security Foundations Workshop, July 2000 [16] D. Clark, S. Hunt, and P. Malacaria, Quantitative analysis of the leakage of confidential data, in QAPL
31 Open Challenges System-Wide Security Computer systems are only as secure as their weakest point Integration of language-based information flow and system-wide information-flow control Certifying Compilation Secure information flow of low-level languages Useful information about program structure is lost 31
32 Open Challenges Abstraction-violating attacks The model of the attacker is an abstraction Removes possibly important details about real attacker E.g. cache attack When h = 1, execution time is likely to be shorter (if h =1 then h := h 1 else h := h 2 ); h := h 1 Dynamic Policies Information-flow policies are not known statically E.g. Jif compiler Type label 32
33 Open Challenges Practical issues Improve the precision of type systems Do not reject too many secure programs Experience is needed Variations of static analysis for security Control- and data-flow analysis E.g. More accurate than many type systems (if h = 1 then l := 1 else l:= 0); l := 0 33
Security for Multithreaded Programs under Cooperative Scheduling
Security for Multithreaded Programs under Cooperative Scheduling Alejandro Russo and Andrei Sabelfeld Dept. of Computer Science and Engineering, Chalmers University of Technology 412 96 Göteborg, Sweden,
More informationPractical Mostly-Static Information Flow Control. Andrew Myers MIT Lab for Computer Science
Practical Mostly-Static Information Flow Control Andrew Myers MIT Lab for Computer Science Privacy Old problem (secrecy, confidentiality) : prevent programs from leaking data Untrusted, downloaded code:
More informationProgramming with Explicit Security Policies. Andrew Myers Cornell University
Programming with Explicit Security Policies Andrew Myers Cornell University Information security Amazon.com Privacy Notice: We reveal only the last five digits of your credit card numbers when confirming
More informationStack-based Access Control for Secure Information Flow
Stack-based Access Control for Secure Information Flow Anindya Banerjee and David A. Naumann ab@cis.ksu.edu, naumann@cs.stevens-tech.edu Kansas State University and Stevens Institute of Technology www.cis.ksu.edu/~ab,
More informationA New Type System for Secure Information Flow
A New Type System for Secure Information Flow Geoffrey Smith School of Computer Science Florida International University Miami, Florida 33199, USA smithg@cs.fiu.edu Abstract With the variables of a program
More informationFrom dynamic to static and back: Riding the roller coaster of information-flow control research
From dynamic to static and back: Riding the roller coaster of information-flow control research Andrei Sabelfeld and Alejandro Russo Dept. of Computer Science and Engineering, Chalmers University of Technology
More informationis neither a soundness proof nor a decision algorithm given for the logic. Because synchronisation is fundamental to concurrent programs, it is highly
The Impact of Synchronisation on Secure Information Flow in Concurrent Programs Andrei Sabelfeld Department of Computer Science, Chalmers University of Technology and University of Goteborg, 412 96 Goteborg,
More informationJFlow: Practical Mostly-Static Information Flow Control
JFlow: Practical Mostly-Static Information Flow Control A.Myers and B.Liskov. A Decentralized Model for Information Flow Control (SOSP 1997). Andrew C. Myers and Barbara Liskov. Protecting privacy using
More informationLenient Array Operations for Practical Secure Information Flow
Lenient Array Operations for Practical Secure Information Flow Zhenyue Deng Geoffrey Smith School of Computer Science Florida International University Miami, Florida 33199, USA zdeng01,smithg @cs.fiu.edu
More informationLenient Array Operations for Practical Secure Information Flow
Lenient Array Operations for Practical Secure Information Flow Zhenyue Deng Geoffrey Smith School of Computer Science Florida International University Miami, Florida 33199, USA {zdeng01,smithg@cs.fiu.edu
More informationModelling Downgrading in Information Flow Security. A. Bossi, C. Piazza, and S. Rossi. Dipartimento di Informatica Università Ca Foscari di Venezia
Modelling Downgrading in Information Flow Security A. Bossi, C. Piazza, and S. Rossi Dipartimento di Informatica Università Ca Foscari di Venezia bossi, piazza, srossi @dsi.unive.it Joint Meeting MYTHS/MIKADO/DART,
More informationDynamic vs. Static Flow-Sensitive Security Analysis
Dynamic vs. Static Flow-Sensitive Security Analysis Alejandro Russo Andrei Sabelfeld Dept. of Computer Science and Engineering, Chalmers University of Technology 412 96 Gothenburg, Sweden Abstract This
More informationLabels and Information Flow
Labels and Information Flow Robert Soulé March 21, 2007 Problem Motivation and History The military cares about information flow Everyone can read Unclassified Few can read Top Secret Problem Motivation
More informationSecure Programming Lecture 15: Information Leakage
Secure Programming Lecture 15: Information Leakage David Aspinall 21st March 2017 Outline Overview Language Based Security Taint tracking Information flow security by type-checking Summary Recap We have
More informationType-Based Information Flow Analysis for Low-Level Languages
Type-Based Information Flow Analysis for Low-Level Languages Naoki Kobayashi and Keita Shirane Department of Computer Science, Tokyo Institute of Technology kobayasi@cs.titech.ac.jp, shirane@fuji.cs.titech.ac.jp
More informationEnsuring Secure Non-interference of Programs by Game Semantics
Ensuring Secure Non-interference of Programs by Game Semantics Aleksandar S. Dimovski IT University of Copenhagen, 2300 Copenhagen S, Denmark adim@itu.dk Abstract. Non-interference is a security property
More informationConfined Mobile Functions
Confined Mobile Functions Z. Dilsun Kırlı Laboratory for Foundations of Computer Science Division of Informatics, The University of Edinburgh King s Buildings, Mayfield Road, Edinburgh, EH9 3JZ, UK Email:
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 17 - Language-based security October 25, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Engineering Disaster? Millions of Bots Compromised applications Programming
More informationInformation Security CS526
Information Security CS 526 Topic 20: Non-interference and Nondeducibility 1 Optional Readings for This Lecture Security Policies and Security Models. J.A.Goguen and J.Meseguer. Oakland 1982 Non-deducibility
More informationImproving Usability of Information Flow Security in Java
Improving Usability of Information Flow Security in Java Mark Thober Joint work with Scott F. Smith Department of Computer Science Johns Hopkins University PLAS 07 1 Motivation Information security is
More information8.3 Mandatory Flow Control Models
8.3 Mandatory Flow Control Models Mingsen Xu Advanced Operating System 2011-10-26 Outline Mandatory Flow Control Models - Information Flow Control - Lattice Model - Multilevel Security Model - Bell-Lapadula
More informationCryptographically Sound Implementations for Typed Information-Flow Security
FormaCrypt, Nov 30. 2007 Cryptographically Sound Implementations for Typed Information-Flow Security Cédric Fournet Tamara Rezk Microsoft Research INRIA Joint Centre http://msr-inria.inria.fr/projects/sec/cflow
More informationX-Rays, not Passport Checks Information Flow Control Using JOANA
X-Rays, not Passport Checks Information Flow Control Using JOANA Gregor Snelting Presentation at SAP, 14.5.2014 KIT Universita t des Landes Baden-Wu rttemberg und nationales Großforschungszentrum in der
More informationReasoning about modules: data refinement and simulation
Reasoning about modules: data refinement and simulation David Naumann naumann@cs.stevens-tech.edu Stevens Institute of Technology Naumann - POPL 02 Java Verification Workshop p.1/17 Objectives of talk
More informationRepresentation Independence, Confinement and Access Control
Representation Independence, Confinement and Access Control Anindya Banerjee and David Naumann ab@cis.ksu.edu and naumann@cs.stevens-tech.edu Kansas State University and Stevens Institute of Technology,
More informationCSE Computer Security (Fall 2006)
CSE 543 - Computer Security (Fall 2006) Lecture 22 - Language-based security November 16, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ 1 The Morris Worm Robert Morris, a 23 doctoral student from
More informationSecuring Interaction between Threads and the Scheduler
Securing Interaction between Threads and the Scheduler Alejandro Russo Andrei Sabelfeld Department of Computer Science and Engineering Chalmers University of Technology 412 96 Göteborg, Sweden Abstract
More information99.44% pure: Useful Abstractions in Specifications
99.44% pure: Useful Abstractions in Specifications Mike Barnett 0, David A. Naumann 1, Wolfram Schulte 0, and Qi Sun 1 0 Microsoft Research {mbarnett,schulte@microsoft.com 1 Stevens Institute of Technology
More informationDynamic Dependency Monitoring to Secure Information Flow
Dynamic Dependency Monitoring to Secure Information Flow Mark Thober Joint work with Paritosh Shroff and Scott F. Smith Department of Computer Science Johns Hopkins University CSF 07 1 Motivation Information
More informationTowards a Flow- and Path-Sensitive Information Flow Analysis. Pennsylvania State University University Park, PA, USA
Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang Pennsylvania State University University Park, PA, USA {pzl129,zhang}@cse.psu.edu Background: Information Flow Analysis
More informationA Sound Type System for Secure Flow Analysis
A Sound Type System for Secure Flow Analysis Dennis Volpano, Geoffrey Smith, Cynthia Irvine Presenter: Lantian Zheng CS 711 September 29, 2003 Soundness of Dening s Program Certification Mechanism Define
More informationRepresentation Independence, Confinement and Access Control
Representation Independence, Confinement and Access Control Anindya Banerjee and David Naumann ab@cis.ksu.edu and naumann@cs.stevens-tech.edu Kansas State University and Stevens Institute of Technology
More informationLiberalizing Dependency
Liberalizing Dependency Avik Chaudhuri University of Maryland at College Park avik@cs.umd.edu Abstract. The dependency core calculus (DCC), a simple extension of the computational lambda calculus, captures
More informationFormal methods for software security
Formal methods for software security Thomas Jensen, INRIA Forum "Méthodes formelles" Toulouse, 31 January 2017 Formal methods for software security Formal methods for software security Confidentiality
More informationType-Based Distributed Access Control vs. Untyped Attackers
Type-Based Distributed Access Control vs. Untyped Attackers Tom Chothia 1 and Dominic Duggan 2 1 Laboratoire d Informatique (LIX), École Polytechnique (CNRS), 91128 Palaiseau Cedex France, tomc@lix.polytechnique.fr
More informationInformation Flow Control and Privacy. Dennis Chen Ming Chow
Information Flow Control and Privacy Dennis Chen Dennis.Chen@tufts.edu Ming Chow Abstract With the rise of technology and the worry of protecting private user information, a new security practice must
More informationA Separation Logic for Enforcing Declarative Information Flow Control Policies
A Separation Logic for Enforcing Declarative Information Flow Control Policies David Costanzo and Zhong Shao Yale University Abstract. In this paper, we present a program logic for proving that a program
More informationCPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME:
CPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME: There are 6 questions on this quiz. Each question is individually weighted. If you do not understand the question, please ask for clarification. 1 I. (24
More informationThe SLam Calculus: Programming with Secrecy and Integrity
The SLam Calculus: Programming with Secrecy and Integrity Nevin Heintze Bell Laboratories Lucent Technologies 700 Mountain Avenue Murray Hill, NJ 07974 USA nch@bell-labs.com Jon G. Riecke Bell Laboratories
More informationInformation Flow Control For Standard OS Abstractions
Information Flow Control For Standard OS Abstractions Maxwell Krohn, Alex Yip, Micah Brodsky, Natan Cliffer, Frans Kaashoek, Eddie Kohler, Robert Morris MIT SOSP 2007 Presenter: Lei Xia Mar. 2 2009 Outline
More informationAsset Analysis -I. 1. Fundamental business processes 2.Critical ICT resources for these processes 3.The impact for the organization if
Asset Analysis Asset Analysis -I It discovers the assets that result in an impact (a loss for the organization) if successfully attacked It should discover which ICT resources an organization needs to
More informationCHAPTER 20 LANGUAGE EXTENSIONS FOR PROGRAMMABLE SECURITY
CHAPTER 20 LANGUAGE EXTENSIONS FOR PROGRAMMABLE SECURITY J. Hale, R. Chandia, C. Campbell, M. Papa and S. Shenoi Abstract Software developers rely on sophisticated programming language protection models
More informationProbabilistic Noninterference in a Concurrent Language
Probabilistic Noninterference in a Concurrent Language Dennis Volpano Computer Science Department Naval Postgraduate School Monterey, CA 93943, USA volpano@cs.nps.navy.mil Geoffrey Smith School of Computer
More informationDiscretionary Vs. Mandatory
Discretionary Vs. Mandatory Discretionary access controls (DAC) Privilege propagated from one subject to another Possession of an access right is sufficient to access the object Mandatory access controls
More informationTyping Computationally Secure Information Flow in Jif
Typing Computationally Secure Information Flow in Jif Liisi Haav 1 Peeter Laud 1,2 1 Tartu University 2 Cybernetica AS {liisi222 peeter.laud}@ut.ee Abstract We investigate how to model type systems for
More informationComputer Security. Access control. 5 October 2017
Computer Security Access control 5 October 2017 Policy and mechanism A security policy is a statement of what is, and what is not, allowed. A security mechanism is a method, tool or procedure for enforcing
More informationLast time. User Authentication. Security Policies and Models. Beyond passwords Biometrics
Last time User Authentication Beyond passwords Biometrics Security Policies and Models Trusted Operating Systems and Software Military and Commercial Security Policies 9-1 This time Security Policies and
More informationBoosting the Permissiveness of Dynamic Information-Flow Tracking by Testing
Boosting the Permissiveness of Dynamic Information-Flow Tracking by Testing Arnar Birgisson, Daniel Hedin, and Andrei Sabelfeld Chalmers University of Technology, 412 96 Gothenburg, Sweden Abstract. Tracking
More informationDAC vs. MAC. Most people familiar with discretionary access control (DAC)
p. 1/1 DAC vs. MAC Most people familiar with discretionary access control (DAC) - Example: Unix user-group-other permission bits - Might set a fileprivate so only groupfriends can read it Discretionary
More informationSECOMP Efficient Formally Secure Compilers to a Tagged Architecture. Cătălin Hrițcu INRIA Paris
SECOMP Efficient Formally Secure Compilers to a Tagged Architecture Cătălin Hrițcu INRIA Paris 1 SECOMP Efficient Formally Secure Compilers to a Tagged Architecture Cătălin Hrițcu INRIA Paris 5 year vision
More informationInformation Flow Analysis and Type Systems for Secure C Language (VITC Project) Jun FURUSE. The University of Tokyo
Information Flow Analysis and Type Systems for Secure C Language (VITC Project) Jun FURUSE The University of Tokyo furuse@yl.is.s.u-tokyo.ac.jp e-society MEXT project toward secure and reliable software
More informationA compact Aggregate key Cryptosystem for Data Sharing in Cloud Storage systems.
A compact Aggregate key Cryptosystem for Data Sharing in Cloud Storage systems. G Swetha M.Tech Student Dr.N.Chandra Sekhar Reddy Professor & HoD U V N Rajesh Assistant Professor Abstract Cryptography
More informationWritten Presentation: JoCaml, a Language for Concurrent Distributed and Mobile Programming
Written Presentation: JoCaml, a Language for Concurrent Distributed and Mobile Programming Nicolas Bettenburg 1 Universitaet des Saarlandes, D-66041 Saarbruecken, nicbet@studcs.uni-sb.de Abstract. As traditional
More informationDD2460 Software Safety and Security: Part III Exercises session 2: Type + Jif
DD2460 Software Safety and Security: Part III Exercises session 2: Type + Jif Gurvan Le Guernic adapted from Aslan Askarov DD2460 (III, E2) February 22 st, 2012 1 Noninterference type systems challenge
More informationA LTERATURE SURVEY ON REVOCABLE MULTIAUTHORITY CIPHER TEXT-POLICY ATTRIBUTE-BASED ENCRYPTION (CP-ABE) SCHEME FOR CLOUD STORAGE
A LTERATURE SURVEY ON REVOCABLE MULTIAUTHORITY CIPHER TEXT-POLICY ATTRIBUTE-BASED ENCRYPTION (CP-ABE) SCHEME FOR CLOUD STORAGE Vinoth Kumar P, Dr.P.D.R. Vijaya Kumar 1 PG Student, INFO Institute of Engineering,
More informationMULTILEVEL POLICY BASED SECURITY IN DISTRIBUTED DATABASE
MULTILEVEL POLICY BASED SECURITY IN DISTRIBUTED DATABASE CHAPTER 8 Addressing security demands under fixed budgets and deadline constraints are becoming extremely challenging, time consuming and resource
More informationAnalysing Cryptographically-Masked Information Flows Using Slicing
RWTH Aachen University Lehrstuhl für Informatik 2 Software Modeling and Verification Bachelor Thesis Analysing Cryptographically-Masked Information Flows Using Slicing August 22, 2016 Author: First Reviewer:
More informationSimply-Typed Lambda Calculus
#1 Simply-Typed Lambda Calculus #2 Back to School What is operational semantics? When would you use contextual (small-step) semantics? What is denotational semantics? What is axiomatic semantics? What
More informationChapter 15: Information Flow
Chapter 15: Information Flow Definitions Compiler-based mechanisms Execution-based mechanisms Examples Slide #15-1 Overview Basics and background Compiler-based mechanisms Execution-based mechanisms Examples
More informationSystem design issues
System design issues Systems often have many goals: - Performance, reliability, availability, consistency, scalability, security, versatility, modularity/simplicity Designers face trade-offs: - Availability
More informationFrom Exponential to Polynomial-time Security Typing via Principal Types
From Exponential to Polynomial-time Security Typing via Principal Types Sebastian Hunt 1 and David Sands 2 1 City University London 2 Chalmers University of Technology, Sweden Abstract. Hunt and Sands
More informationAdvanced Systems Security: Multics
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationFormal Methods and Cryptography
Formal Methods and Cryptography Michael Backes 1, Birgit Pfitzmann 2, and Michael Waidner 3 1 Saarland University, Saarbrücken, Germany, backes@cs.uni-sb.de 2 IBM Research, Rueschlikon, Switzerland, bpf@zurich.ibm.com
More informationDefining Encryption. Lecture 2. Simulation & Indistinguishability
Defining Encryption Lecture 2 Simulation & Indistinguishability Roadmap First, Symmetric Key Encryption Defining the problem We ll do it elaborately, so that it will be easy to see different levels of
More informationA Decentralized Model for Information Flow Control
Proceedings of the 16th ACM Symposium on Operating Systems Principles, Saint-Malo, France, October 1997 A Decentralized Model for Information Flow Control Andrew C. Myers Barbara Liskov MIT Laboratory
More informationMandatory access control and information flow control
Mandatory access control and information flow control Mandatory access controls and security levels DAC vs. MAC Discretionary access control This is the familiar case. E.g., the owner of a file can make
More informationConstructive Security Using Information Flow Control. Andrew Myers Cornell University
Constructive Security Using Information Flow Control Andrew Myers Cornell University What is computer security? Past: can an attacker control my computer? Future: do networked systems sharing information
More informationProcess Management And Synchronization
Process Management And Synchronization In a single processor multiprogramming system the processor switches between the various jobs until to finish the execution of all jobs. These jobs will share the
More informationInformation Flow Control
Information Flow Control Language and System Level Fall, 2011 - Privacy&Security - Concept Information flow Long-term confinement of information to authorized receivers Controls how information moves among
More informationInference of Usable Declassification Policies
Inference of Usable Declassification Policies Jeffrey A. Vaughan Stephen Chong Harvard University Abstract We explore the inference of fine-grained human readable declassification policies as a step towards
More informationEFFICIENT DATA SHARING WITH ATTRIBUTE REVOCATION FOR CLOUD STORAGE
EFFICIENT DATA SHARING WITH ATTRIBUTE REVOCATION FOR CLOUD STORAGE Chakali Sasirekha 1, K. Govardhan Reddy 2 1 M.Tech student, CSE, Kottam college of Engineering, Chinnatekuru(V),Kurnool,Andhra Pradesh,
More informationHelgi Sigurbjarnarson
Nickel A Framework for Design and Verification of Information Flow Control Systems Helgi Sigurbjarnarson, Luke Nelson, Bruno Castro-Karney, James Bornholt, Emina Torlak, and Xi Wang.org Enforcing information
More informationAsbestos Operating System
Asbestos Operating System Presented by Sherley Codio and Tom Dehart This Talk Recap on Information Flow Asbestos Overview Labels Special Rules Discretionary Contamination Declassification/Decontamination
More informationDexter Kozen, Greg Morrisett and Andrew Myers. Cornell University Ithaca, NY 14853
S Form Approved REPORT DOCUMENTATION PAGE OMB No. 0704-0188 ~rding of information, including suggestions for reducing this buden to Washington Headquarters Service. Directorate for Information Operations
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 12: Database Security Department of Computer Science and Engineering University at Buffalo 1 Review of Access Control Types We previously studied four types
More informationInternational Journal of Advanced Research in Computer Science and Software Engineering
Volume 2, Issue 9, September 2012 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Backup Two
More informationOASIS: Architecture, Model and Management of Policy
OASIS: Architecture, Model and Management of Policy Ken Moody Computer Laboratory, University of Cambridge 1 Overview OASIS : Architecture, Model and Policy 1. background to the research people, projects
More informationAspectJ [6] Figure 2: dflow[x, y](q) [8] 1. (q) 6 print. lookup. (p) ) print. p && dflow[x, y](q) lookup p. AspectJ dflow. Java. 2 dflow.
AspectJ dflow Java dflow dflow AspectJ Java dflow 1 before(string x) : call(void Strm.print(String)) && args(x) && dflow[x, String y] [7] ( call(string Db.lookup(String)) && returns(y) ){ log.info(thisjoinpoint
More informationLearning is Change in Knowledge: Knowledge-based Security for Dynamic Policies
Learning is Change in Knowledge: Knowledge-based Security for Dynamic Policies Aslan Askarov and Stephen Chong TR-02-12 Computer Science Group Harvard University Cambridge, Massachusetts Learning is Change
More informationAdvanced Systems Security: Cloud Computing Security
Advanced Systems Security: Cloud Computing Security Trent Jaeger Penn State University Systems and Internet Infrastructure Security Laboratory (SIIS) 1 Cloudy Foundations Can customers move their services
More informationAn Efficient Verifiable Multi-Authority Secret Access control scheme in Cloud Storage M.Sreelakshmi & P.Gangadhara
An Efficient Verifiable Multi-Authority Secret Access control scheme in Cloud Storage M.Sreelakshmi & P.Gangadhara 1 M.Tech, Dept of CSE,Shri Shirdi Sai Institute of Science and Engineering, Affiliated
More informationPSD2 Compliance - Q&A
PSD2 Compliance - Q&A Q: How do hardware-based solutions such as OTP tokens provide dynamic linking with single transactions? In general, users can enter payment information such as the amount of money
More informationA Survey on Secure Sharing In Cloud Computing
A Survey on Secure Sharing In Cloud Computing Aakanksha maliye, Sarita Patil Department of Computer Engineering, G.H.Raisoni College of Engineering & Management, Wagholi, India ABSTRACT: Cloud computing
More informationEncoding Information Flow in Haskell
University of Pennsylvania ScholarlyCommons Departmental Papers (CIS) Department of Computer & Information Science July 2006 Encoding Information Flow in Haskell Peng Li University of Pennsylvania Stephan
More informationStefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan. Stanford University, Chalmers University of Technology
Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology One of the most popular application platforms Easy to deploy and access Almost anything
More informationSingle-Path Code Generation and Input-Data Dependence Analysis
Single-Path Code Generation and Input-Data Dependence Analysis Daniel Prokesch daniel@vmars.tuwien.ac.at July 10 th, 2014 Project Workshop Madrid D. Prokesch TUV T-CREST Workshop, Madrid July 10 th, 2014
More informationOperating Systems Design Exam 3 Review: Spring Paul Krzyzanowski
Operating Systems Design Exam 3 Review: Spring 2012 Paul Krzyzanowski pxk@cs.rutgers.edu 1 Question 1 An Ethernet device driver implements the: (a) Data Link layer. (b) Network layer. (c) Transport layer.
More informationA Certified Non-Interference Java Bytecode Verifier
1 A Certified Non-Interference Java Bytecode Verifier G. Barthe, D. Pichardie and T. Rezk, A Certified ightweight Non-Interference Java Bytecode Verifier, ESOP'07 2 Motivations 1: bytecode verification
More informationChapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao
Chapter 9: Database Security: An Introduction Nguyen Thi Ai Thao thaonguyen@cse.hcmut.edu.vn Spring- 2016 Outline Introduction to Database Security Issues Types of Security Threats to databases Database
More informationAdvanced Systems Security: Integrity
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationDecentralised Label Model / Jif (part 2)
Decentralised Label Model / Jif (part 2) René Rydhof Hansen F05-02913 Decentralised Label Model / Jif (part 2) F05-02913 p.1/?? Today s Papers [ML97] Andrew C. Myers, Barbara Liskov A Decentralized Model
More informationLecture 21. Isolation: virtual machines, sandboxes Covert channels. The pump Why assurance? Trust and assurance Life cycle and assurance
Lecture 21 Isolation: virtual machines, sandboxes Covert channels Detection Mitigation The pump Why assurance? Trust and assurance Life cycle and assurance May 17, 2013 ECS 235B Spring Quarter 2013 Slide
More informationUsing Error Detection Codes to detect fault attacks on Symmetric Key Ciphers
Using Error Detection Codes to detect fault attacks on Symmetric Key Ciphers Israel Koren Department of Electrical and Computer Engineering Univ. of Massachusetts, Amherst, MA collaborating with Luca Breveglieri,
More informationCover Page. The handle holds various files of this Leiden University dissertation
Cover Page The handle http://hdl.handle.net/1887/22891 holds various files of this Leiden University dissertation Author: Gouw, Stijn de Title: Combining monitoring with run-time assertion checking Issue
More informationC and C++ Secure Coding 4-day course. Syllabus
C and C++ Secure Coding 4-day course Syllabus C and C++ Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted toward our systems. This course
More informationIntegrating SELinux with Security-typed Languages
Integrating SELinux with Security-typed Languages Boniface Hicks, Sandra Rueda, Trent Jaeger and Patrick McDaniel Systems and Internet Infrastructure Security Laboratory (SIIS) Computer Science and Engineering,
More informationT-SGX: Eradicating Controlled-Channel
T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs Ming-Wei Shih Sangho Lee Taesoo Kim Marcus Peinado Georgia Institute of Technology Microsoft Research 2 3 Intel SGX aims to secure
More informationPSD2 webinar session - Q&A
PSD2 webinar session - Q&A Q: How does hardware based solutions such as OTP tokens will provide dynamic linking with single transactions? In general, users can enter payment information, such as the amount
More informationQUAIL: A Quantitative Security Analyzer for Imperative Code
QUAIL: A Quantitative Security Analyzer for Imperative Code Fabrizio Biondi 1, Axel Legay 2, Louis-Marie Traonouez 2, and Andrzej Wąsowski 1 1 IT University of Copenhagen, Denmark 2 INRIA Rennes, France
More informationBuilding Efficient Concurrent Graph Object through Composition of List-based Set
Building Efficient Concurrent Graph Object through Composition of List-based Set Sathya Peri Muktikanta Sa Nandini Singhal Department of Computer Science & Engineering Indian Institute of Technology Hyderabad
More information