Secure Compilation of a Multi-tier Web Language
|
|
- Mabel Parrish
- 5 years ago
- Views:
Transcription
1 Secure Compilation of a Multi-tier Web Language Ioannis G. Baltopoulos (ioannis.baltopoulos@cl.cam.ac.uk) The Rise and Rise of the Declarative Datacentre (R2D2) Tuesday, May 13, 2008 Joint work with Andrew D. Gordon Ioannis G. Baltopoulos (University of Cambridge) Secure Compilation of a Multi-tier Web Language 1 / 10
2 Overview LINKS is a strict, typed, declarative language that enables the creation of web applications by partitioning a single source file and placing the data either on the client-tier or in the database-tier [Cooper et al.(2006)]. Motivation In programming languages that implement continuations on the client side using either cookies or hidden fields, the continuations are open to client manipulation. Objective Allow security reasoning about multi-tier programs at the source level. Ioannis G. Baltopoulos (University of Cambridge) Secure Compilation of a Multi-tier Web Language 2 / 10
3 Security for TINYLINKS programs Assumptions: The LINKS source code is not known to the attacker No state is stored on the server (effect-free language fragment) All functions reside on the server We are using SSL/TLS to protect against a 3rd party Attacker: We are protecting the server against a rogue client. An attacker can be represented at the source level as a surrounding LINKS context within which we place the program. Threats: 1 The client may learn secret data held in a closure embedded in a webpage. 2 A rogue client may break the integrity of server data by modifying a closure embedded in a webpage. 3 The client may change the control flow of the program. Ioannis G. Baltopoulos (University of Cambridge) Secure Compilation of a Multi-tier Web Language 3 / 10
4 Example 1 fun buy(value, dbpass) server { 2 inttoxml(value) # omitting actual call to the database 3 } 4 5 fun sellat(price) server { 6 var dbpass = "secret"; 7 <form l:onsubmit="{buy(price,dbpass)}" method="post"> 8 <button type="submit">buy</button> 9 </form> 10 } sellat(42) Ioannis G. Baltopoulos (University of Cambridge) Secure Compilation of a Multi-tier Web Language 4 / 10
5 Example 1 fun buy(value, dbpass) server { 2 inttoxml(value) # omitting actual call to the database 3 } 4 5 fun sellat(price) server { 6 var dbpass = "secret"; 7 <form l:onsubmit="{buy(price,dbpass)}" method="post"> 8 <button type="submit">buy</button> 9 </form> 10 } sellat(42) Source level intuition: The function buy can only be called with the arguments 42 and secret Ioannis G. Baltopoulos (University of Cambridge) Secure Compilation of a Multi-tier Web Language 4 / 10
6 What can go wrong? The expressions that are to be evaluated as a result of clicking buttons in forms or links are encoded, along with their necessary environment, into a continuation string. For example, from the expression E = buy(price, dbpass), the LINKS interpreter generates a hash value h E and an environment Γ E = {price 42, dbpass "secret"} 1 <form onsubmit="#" method="post"> 2 <input type="hidden" name=" k" value="b64(h E,Γ E )" /> 3 <button type="submit">buy</button> 4 </form> Ioannis G. Baltopoulos (University of Cambridge) Secure Compilation of a Multi-tier Web Language 5 / 10
7 What can go wrong? The expressions that are to be evaluated as a result of clicking buttons in forms or links are encoded, along with their necessary environment, into a continuation string. For example, from the expression E = buy(price, dbpass), the LINKS interpreter generates a hash value h E and an environment Γ E = {price 42, dbpass "secret"} 1 <form onsubmit="#" method="post"> 2 <input type="hidden" name=" k" value="b64(h E,Γ E )" /> 3 <button type="submit">buy</button> 4 </form> Immediate problems: 1 (Secrecy violation) The value of dbpass has been revealed to the client. 2 (Integrity violation) A client could modify the price in the environment and make a counterfeit request. Ioannis G. Baltopoulos (University of Cambridge) Secure Compilation of a Multi-tier Web Language 5 / 10
8 Protecting against the attacks We use authenticated encryption on the hashed expressions and their environments. 1 fun buy(value, dbpass) server { 2 inttoxml(value) # omitting actual call to the database 3 } 4 5 fun sellat(price) server { 6 var dbpass = "secret"; 7 <form l:onsubmit="{enc(k s,(h E,Γ E ))}" method="post"> 8 <button type="submit">buy</button> 9 </form> 10 } sellat(42) Ioannis G. Baltopoulos (University of Cambridge) Secure Compilation of a Multi-tier Web Language 6 / 10
9 Multi-tier language based security reasoning We formalise the programmer s intuitions using assertions. 1 fun buy(value, dbpass) server { 2 assert Sell(value); 3 inttoxml(value) # omitting actual call to the database 4 } 5 6 fun sellat(price) server { 7 event Sell(price); 8 var dbpass = "secret"; 9 <form l:onsubmit="{buy(price,dbpass)}" method="post"> 10 <button type="submit">buy</button> 11 </form> 12 } sellat(42) Then we generate Proverif scripts [Blanchet(2001)] and analyse correspondence assertions [Woo and Lam(1993)] for specific programs. Ioannis G. Baltopoulos (University of Cambridge) Secure Compilation of a Multi-tier Web Language 7 / 10
10 A secure LINKS compiler Safety: For any run of the program E url the assertions are true. Robust Safety: For any opponent, the program E url is safe. Theorem: If E url is provably Robustly Safe in the source level, then [[E url ]] is provably Robustly Safe in the target level. Translate to a λ-calculus equipped with refinement types to express pre- and post-conditions within first order logic [Bengtson et al.(2008)]. Ioannis G. Baltopoulos (University of Cambridge) Secure Compilation of a Multi-tier Web Language 8 / 10
11 Conclusion & Future work Conclusion We have proposed a secure compilation strategy that can guarantee integrity of web continuations and secrecy of the data stored in them. Future Work Extend the threat model by relaxing some of our assumptions. Tackle a larger fragment of LINKS Ioannis G. Baltopoulos (University of Cambridge) Secure Compilation of a Multi-tier Web Language 9 / 10
12 Bibliography Jesper Bengtson, Karthikeyan Bhargavan, Cédric Fournet, Andrew D. Gordon, and Sergio Maffeis. Refinement types for secure implementations. IEEE Computer Society, Bruno Blanchet. An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In 14th IEEE Computer Security Foundations Workshop (CSFW-14), pages 82 96, Cape Breton, Nova Scotia, Canada, June IEEE Computer Society. Ezra Cooper, Sam Lindley, Philip Wadler, and Jeremy Yallop. Links: Web programming without tiers. In FMCO: Proceedings of 5th International Symposium on Formal Methods for Components and Objects, Lecture Notes in Computer Science. Springer-Verlag, T.Y.C. Woo and S.S. Lam. A semantic model for authentication protocols. In IEEE Symposium on Security and Privacy, pages , Ioannis G. Baltopoulos (University of Cambridge) Secure Compilation of a Multi-tier Web Language 10 / 10
Secure Compilation of a Multi-Tier Web Language
(ioannis.baltopoulos@cl.cam.ac.uk) Computer Laboratory Joint work with Andrew D. Gordon from Microsoft Research To appear in TLDI 09 Semantics Lunch - Monday, December 8, 2008 Web Programming Languages
More informationSecure Compilation of a Multi-Tier Web Language
Secure Compilation of a Multi-Tier Web Language Ioannis G. Baltopoulos University of Cambridge Computer Laboratory Andrew D. Gordon Microsoft Research November 5, 2008 Abstract Storing state in the client
More informationA Remote Biometric Authentication Protocol for Online Banking
International Journal of Electrical Energy, Vol. 1, No. 4, December 2013 A Remote Biometric Authentication Protocol for Online Banking Anongporn Salaiwarakul Department of Computer Science and Information
More informationVerification of Security Protocols
Verification of Security Protocols Chapter 12: The JFK Protocol and an Analysis in Applied Pi Christian Haack June 16, 2008 Exam When? Monday, 30/06, 14:00. Where? TUE, Matrix 1.44. Scheduled for 3 hours,
More informationThe automatic security protocol verifier ProVerif
The automatic security protocol verifier ProVerif Bruno Blanchet CNRS, École Normale Supérieure, INRIA, Paris June 2010 Bruno Blanchet (CNRS, ENS, INRIA) ProVerif June 2010 1 / 43 Introduction Many techniques
More informationAuthenticity by Typing for Security Protocols
Authenticity by Typing for Security Protocols Andrew D. Gordon Microsoft Research Alan Jeffrey DePaul University May 2001 Technical Report MSR TR 2001 49 Microsoft Research Microsoft Corporation One Microsoft
More informationFormal Methods and Cryptography
Formal Methods and Cryptography Michael Backes 1, Birgit Pfitzmann 2, and Michael Waidner 3 1 Saarland University, Saarbrücken, Germany, backes@cs.uni-sb.de 2 IBM Research, Rueschlikon, Switzerland, bpf@zurich.ibm.com
More informationInformation Flow Analysis and Type Systems for Secure C Language (VITC Project) Jun FURUSE. The University of Tokyo
Information Flow Analysis and Type Systems for Secure C Language (VITC Project) Jun FURUSE The University of Tokyo furuse@yl.is.s.u-tokyo.ac.jp e-society MEXT project toward secure and reliable software
More informationFrom CryptoVerif Specifications to Computationally Secure Implementations of Protocols
From CryptoVerif Specifications to Computationally Secure Implementations of Protocols Bruno Blanchet and David Cadé INRIA, École Normale Supérieure, CNRS, Paris April 2012 Bruno Blanchet and David Cadé
More informationWeb Security Model and Applications
Web Security Model and Applications In this Tutorial Motivation: formal security analysis of web applications and standards Our Model of the Web Infrastructure Single Sign-On Case Studies Formal Security
More informationCombined CPV-TLV Security Protocol Verifier
Combined CPV-TLV Security Protocol Verifier by Ariel Cohen Thesis submitted in partial fulfillment of the requirements for the degree of Master of Science Department of Computer Science Courant Institute
More informationCS558 Programming Languages
CS558 Programming Languages Fall 2016 Lecture 7a Andrew Tolmach Portland State University 1994-2016 Values and Types We divide the universe of values according to types A type is a set of values and a
More informationCS558 Programming Languages
CS558 Programming Languages Winter 2017 Lecture 7b Andrew Tolmach Portland State University 1994-2017 Values and Types We divide the universe of values according to types A type is a set of values and
More informationExtracting the Range of cps from Affine Typing
Extracting the Range of cps from Affine Typing Extended Abstract Josh Berdine, Peter W. O Hearn Queen Mary, University of London {berdine, ohearn}@dcs.qmul.ac.uk Hayo Thielecke The University of Birmingham
More informationAchieving Security Despite Compromise Using Zero-knowledge
Achieving Security Despite Compromise Using Zero-knowledge Michael Backes 1,2, Martin Grochulla 1, Cătălin Hriţcu 1, Matteo Maffei 1 1 Saarland University, Saarbrücken, Germany 2 MPI-SWS Abstract. One
More informationType-Based Automated Verification of Authenticity in Asymmetric Cryptographic Protocols
Type-Based Automated Verification of Authenticity in Asymmetric Cryptographic Protocols Morten Dahl 2, Naoki Kobayashi 1, Yunde Sun 1, and Hans Hüttel 2 1 Tohoku University 2 Aalborg University Abstract.
More informationVerifying Real-World Security Protocols from finding attacks to proving security theorems
Verifying Real-World Security Protocols from finding attacks to proving security theorems Karthik Bhargavan http://prosecco.inria.fr + many co-authors at INRIA, Microsoft Research, Formal security analysis
More informationFormal methods for software security
Formal methods for software security Thomas Jensen, INRIA Forum "Méthodes formelles" Toulouse, 31 January 2017 Formal methods for software security Formal methods for software security Confidentiality
More informationVerified Interoperable Implementations of Security Protocols
Verified Interoperable Implementations of Security Protocols Karthikeyan Bhargavan Cédric Fournet Andrew D. Gordon Stephen Tse Microsoft Research University of Pennsylvania Abstract We present an architecture
More informationCODESSEAL: Compiler/FPGA Approach to Secure Applications
CODESSEAL: Compiler/FPGA Approach to Secure Applications Olga Gelbart 1, Paul Ott 1, Bhagirath Narahari 1, Rahul Simha 1, Alok Choudhary 2, and Joseph Zambreno 2 1 The George Washington University, Washington,
More informationNot-quite-so-broken TLS 1.3 mechanised conformance checking
Not-quite-so-broken TLS 1.3 mechanised conformance checking David Kaloper-Meršinjak University of Cambridge Hannes Mehnert University of Cambridge Abstract We present a set of tools to aid TLS 1.3 implementors,
More informationConclusions and further reading
Chapter 18 Conclusions and further reading We have not been exhaustive in the description of the Caml Light features. We only introduced general concepts in functional programming, and we have insisted
More informationAchieving Security Despite Compromise Using Zero-knowledge
Achieving Security Despite Compromise Using Zero-knowledge Michael Backes 1,2, Martin Grochulla 1, Cătălin Hriţcu 1, Matteo Maffei 1 1 Saarland University, Saarbrücken, Germany 2 MPI-SWS Abstract. One
More informationSubtyping. Lecture 13 CS 565 3/27/06
Subtyping Lecture 13 CS 565 3/27/06 Polymorphism Different varieties of polymorphism: Parametric (ML) type variables are abstract, and used to encode the fact that the same term can be used in many different
More informationMechanising BAN Kerberos by the Inductive Method
Mechanising BAN Kerberos by the Inductive Method Giampaolo Bella Lawrence C Paulson Computer Laboratory University of Cambridge New Museums Site, Pembroke Street Cambridge CB2 3QG (UK) {gb221,lcp}@cl.cam.ac.uk
More informationMoscova. Jean-Jacques Lévy. March 23, INRIA Paris Rocquencourt
Moscova Jean-Jacques Lévy INRIA Paris Rocquencourt March 23, 2011 Research team Stats Staff 2008-2011 Jean-Jacques Lévy, INRIA Karthikeyan Bhargavan, INRIA James Leifer, INRIA Luc Maranget, INRIA Francesco
More informationProVerif. Dale Vaillancourt
ProVerif Dale Vaillancourt CSG 399 4/20/2006 Outline Logic Programming Review Modeling Protocols Verification of Secrecy Demo ProVerif Extensions Logic Programming Data given by terms. M ::= X Y... ;variables
More informationStatic and User-Extensible Proof Checking. Antonis Stampoulis Zhong Shao Yale University POPL 2012
Static and User-Extensible Proof Checking Antonis Stampoulis Zhong Shao Yale University POPL 2012 Proof assistants are becoming popular in our community CompCert [Leroy et al.] sel4 [Klein et al.] Four-color
More informationBeluga: A Framework for Programming and Reasoning with Deductive Systems (System Description)
Beluga: A Framework for Programming and Reasoning with Deductive Systems (System Description) Brigitte Pientka and Joshua Dunfield McGill University, Montréal, Canada {bpientka,joshua}@cs.mcgill.ca Abstract.
More informationCOS 320. Compiling Techniques
Topic 5: Types COS 320 Compiling Techniques Princeton University Spring 2016 Lennart Beringer 1 Types: potential benefits (I) 2 For programmers: help to eliminate common programming mistakes, particularly
More informationAutomatic Verification of Remote Electronic Voting Protocols
Automatic Verification of Remote Electronic Voting Protocols Cătălin Hrițcu Saarland University, Saarbrücken, Germany Joint work with: Michael Backes and Matteo Maffei Microsoft Research Cambridge, July
More informationROSAEC Survey Workshop SELab. Soohyun Baik
ROSAEC Survey Workshop SELab. Soohyun Baik Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel,
More informationVerfying the SSH TLP with ProVerif
A Demo Alfredo Pironti Riccardo Sisto Politecnico di Torino, Italy {alfredo.pironti,riccardo.sisto}@polito.it CryptoForma Bristol, 7-8 April, 2010 Outline Introduction 1 Introduction 2 3 4 Introduction
More informationDistributed ID-based Signature Using Tamper-Resistant Module
, pp.13-18 http://dx.doi.org/10.14257/astl.2013.29.03 Distributed ID-based Signature Using Tamper-Resistant Module Shinsaku Kiyomoto, Tsukasa Ishiguro, and Yutaka Miyake KDDI R & D Laboratories Inc., 2-1-15,
More informationVerified Implementations of the Information Card Federated Identity-Management Protocol
Verified Implementations of the Information Card Federated Identity-Management Protocol Karthikeyan Bhargavan Cédric Fournet Andrew D. Gordon Nikhil Swamy Microsoft Research University of Maryland, College
More informationEliminating Annotations by Automatic Flow Analysis of Real-Time Programs
Eliminating Annotations by Automatic Flow Analysis of Real-Time Programs Jan Gustafsson Department of Computer Engineering, Mälardalen University Box 883, S-721 23 Västerås, Sweden jangustafsson@mdhse
More informationMessage Authentication with MD5 *
Message Authentication with MD5 * Burt Kaliski and Matt Robshaw RSA Laboratories 100 Marine Parkway, Suite 500 Redwood City, CA 94065 USA burt@rsa.com matt@rsa.com Message authentication is playing an
More information` e : T. Gradual Typing. ` e X. Ronald Garcia University of British Columbia
aaab/hicbvbns8naen34wetxtecvi0xwvbirfe9fd3qs0c9oqplsnu3s3stsbgqh1l/ixymixv0h3vw3btsctpxbwoo9gwbmbslnsjvot7w2vrg5tv3ake/u7r8c2kfhbzvkktawsxgiuweoyllmw5pptruppcactjvb6g7md8zukpbetz2n1bcwifnecggj9e2kdw9capbgiaghpvggn/t21ak5c+bv4hakigo0+vaxfyykeztwhinspddjtt8bqrnhdfr2mkvticmy0j6hmqiq/mn8+ck+m0qio0saijweq78njicuykvgogxoovr2zuj/xi/t0bu/yxgaarqtxaio41gnejyedpmkrppceccsmvsxgyieok1ezrocu/zykmlf1fyn5j5evuu3rrwldijo0tly0rwqowfuqc1eui6e0st6s56sf+vd+li0rlnftax9gfx5a8zmk40=
More informationVorlesung Methodische Grundlagen des Software-Engineering im Sommersemester 2013
Vorlesung des Software-Engineering im Sommersemester 2013 Prof. Dr. Jan Jürjens TU Dortmund, Fakultät Informatik, Lehrstuhl XIV 3.3: UMLsec v. 26.06.2013 1 Literatur: [Jür05] Jan Jürjens: Secure systems
More informationCode Generation for network software with formal safety guarantees
R. Sisto Cisco Tech Talk July 24th, 2009 1 Code Generation for network software with formal safety guarantees Riccardo Sisto Dipartimento di Automatica e Informatica Politecnico di Torino R. Sisto Cisco
More informationCS 6110 S11 Lecture 12 Naming and Scope 21 February 2011
CS 6110 S11 Lecture 12 Naming and Scope 21 February 2011 In this lecture we introduce the topic of scope in the context of the λ-calculus and define translations from λ-cbv to FL for the two most common
More informationPCAL: Language Support for Proof-Carrying Authorization Systems
PCAL: Language Support for Proof-Carrying Authorization Systems Avik Chaudhuri 1 and Deepak Garg 2 1 University of Maryland, College Park 2 Carnegie Mellon University Abstract. By shifting the burden of
More informationEncryption as an Abstract Datatype:
June 2003 1/18 Outline Encryption as an Abstract Datatype: an extended abstract Dale Miller INRIA/Futurs/Saclay and École polytechnique 1. Security protocols specified using multisets rewriting. 2. Eigenvariables
More informationThe Scyther Tool: Verification, Falsification, and Analysis of Security Protocols
The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols Tool Paper Cas J.F. Cremers Department of Computer Science, ETH Zurich, 8092 Zurich, Switzerland cas.cremers@inf.ethz.ch
More informationLecture 1: Perfect Security
CS 290G (Fall 2014) Introduction to Cryptography Oct 2nd, 2014 Instructor: Rachel Lin 1 Recap Lecture 1: Perfect Security Scribe: John Retterer-Moore Last class, we introduced modern cryptography and gave
More informationRuntime Behavior of Conversion Interpretation of Subtyping
Runtime Behavior of Conversion Interpretation of Subtyping Yasuhiko Minamide Institute of Information Sciences and Electronics University of Tsukuba and PRESTO, JST minamide@is.tsukuba.ac.jp Abstract.
More informationTimestamps and authentication protocols
Timestamps and authentication protocols Chris J. Mitchell Technical Report RHUL MA 2005 3 25 February 2005 Royal Holloway University of London Department of Mathematics Royal Holloway, University of London
More informationSecurity protocols. Correctness of protocols. Correctness of protocols. II. Logical representation and analysis of protocols.i
Security protocols Logical representation and analysis of protocols.i A security protocol is a set of rules, adhered to by the communication parties in order to ensure achieving various security or privacy
More informationCryptographically Sound Implementations for Typed Information-Flow Security
FormaCrypt, Nov 30. 2007 Cryptographically Sound Implementations for Typed Information-Flow Security Cédric Fournet Tamara Rezk Microsoft Research INRIA Joint Centre http://msr-inria.inria.fr/projects/sec/cflow
More informationFrom Crypto to Code. Greg Morrisett
From Crypto to Code Greg Morrisett Languages over a career Pascal/Ada/C/SML/Ocaml/Haskell ACL2/Coq/Agda Latex Powerpoint Someone else s Powerpoint 2 Cryptographic techniques Already ubiquitous: e.g., SSL/TLS
More informationLess naive type theory
Institute of Informatics Warsaw University 26 May 2007 Plan 1 Syntax of lambda calculus Why typed lambda calculi? 2 3 Syntax of lambda calculus Why typed lambda calculi? origins in 1930s (Church, Curry)
More informationType-checking implementations of protocols based on zero-knowledge proofs
Type-checking implementations of protocols based on zero-knowledge proofs work in progress Cătălin Hrițcu Saarland University, Saarbrücken, Germany Joint work with: Michael Backes, Matteo Maffei, and Thorsten
More informationAn implementation model of rendezvous communication
G.Winskel Eds. Appears in Seminar on Concurrency S.D.Brookds, A.W.Roscoe, and Lecture Notes in Computer Science 197 Springer-Verlag, 1985 An implementation model of rendezvous communication Luca Cardelli
More informationMoscova 07. Jean-Jacques Lévy. April 24, INRIA Rocquencourt
Moscova 07 Jean-Jacques Lévy INRIA Rocquencourt April 24, 2007 Research Part 1 Type-safe communication Acute communicating values of abstract data types and preserving abstraction between 2 distinct run-times;
More informationOASIS: Architecture, Model and Management of Policy
OASIS: Architecture, Model and Management of Policy Ken Moody Computer Laboratory, University of Cambridge 1 Overview OASIS : Architecture, Model and Policy 1. background to the research people, projects
More informationAnalyzing Robustness of UML State Machines
Analyzing Robustness of UML State Machines Reinhard von Hanxleden Department of Computer Science and Applied Mathematics Real-Time Systems and Embedded Systems Group Christian-Albrecht Universität zu Kiel
More informationOverview of Cryptography
18739A: Foundations of Security and Privacy Overview of Cryptography Anupam Datta CMU Fall 2007-08 Is Cryptography A tremendous tool The basis for many security mechanisms Is not The solution to all security
More informationPassword-Based Encryption Analyzed
Password-Based Encryption Analyzed Martín Abadi and Bogdan Warinschi Computer Science Department, University of California, Santa Cruz Computer Science Department, Stanford University Abstract. The use
More informationModelling the Security of Key Exchange
Modelling the Security of Key Exchange Colin Boyd including joint work with Janaka Alawatugoda, Juan Gonzalez Nieto Department of Telematics, NTNU Workshop on Tools and Techniques for Security Analysis
More informationCSCI B522 Lecture 11 Naming and Scope 8 Oct, 2009
CSCI B522 Lecture 11 Naming and Scope 8 Oct, 2009 Lecture notes for CS 6110 (Spring 09) taught by Andrew Myers at Cornell; edited by Amal Ahmed, Fall 09. 1 Static vs. dynamic scoping The scope of a variable
More informationMMT Objects. Florian Rabe. Computer Science, Jacobs University, Bremen, Germany
MMT Objects Florian Rabe Computer Science, Jacobs University, Bremen, Germany Abstract Mmt is a mathematical knowledge representation language, whose object layer is strongly inspired by OpenMath. In fact,
More informationSecure Programming Lecture 15: Information Leakage
Secure Programming Lecture 15: Information Leakage David Aspinall 21st March 2017 Outline Overview Language Based Security Taint tracking Information flow security by type-checking Summary Recap We have
More informationControl Flow Analysis with SAT Solvers
Control Flow Analysis with SAT Solvers Steven Lyde, Matthew Might University of Utah, Salt Lake City, Utah, USA Abstract. Control flow analyses statically determine the control flow of programs. This is
More informationCSE Fall Project 1: Password Management
CSE 543 - Fall 2017 - Project 1: Password Management 1 Dates Out: August 26, 2017 Due: September 20, 2017 2 Introduction In this project, you will complete the implementation of a password management system.
More informationLecture Notes on Real-world SMT
15-414: Bug Catching: Automated Program Verification Lecture Notes on Real-world SMT Matt Fredrikson Ruben Martins Carnegie Mellon University Lecture 15 1 Introduction In the previous lecture we studied
More informationLecture 02: Historical Encryption Schemes. Lecture 02: Historical Encryption Schemes
What is Encryption Parties involved: Alice: The Sender Bob: The Receiver Eve: The Eavesdropper Aim of Encryption Alice wants to send a message to Bob The message should remain hidden from Eve What distinguishes
More informationCSE BAN Logic Presentation
(Mike Burrows Marin Abadi Roger Needham Published 1989 SRC Research Report 9 Presentation by Heather Goldsby Michelle Pirtle "! #! $ % Problem Solution BAN Logic Goals of BAN Terms Symbols Notation and
More informationOn Constraint Problems with Incomplete or Erroneous Data
On Constraint Problems with Incomplete or Erroneous Data Neil Yorke-Smith and Carmen Gervet IC Parc, Imperial College, London, SW7 2AZ, U.K. nys,cg6 @icparc.ic.ac.uk Abstract. Real-world constraint problems
More informationFeatherweight Firefox
Featherweight Firefox Formalizing the Core of a Web Browser Aaron Bohannon Benjamin Pierce University of Pennsylvania June 24, 2010 1 / 27 Pop Quiz! 2 / 27 Question 1 Assume d is a Document object. var
More informationKey Exchange in IPsec revisited: Formal Analysis of IKEv1 and IKEv2. Cas Cremers, ETH Zurich
Key Exchange in IPsec revisited: Formal Analysis of IKEv1 and IKEv2 Cas Cremers, ETH Zurich Overview What is IKE? Internet Key Exchange, part of IPsec Formal analysis of IKE Previously considered infeasible
More informationVerified Interoperable Implementations of Security Protocols
Verified Interoperable Implementations of Security Protocols Karthikeyan Bhargavan 1 Cédric Fournet 1 Andrew D. Gordon 1 Stephen Tse 2 1 Microsoft Research 2 University of Pennsylvania August 2007 Technical
More informationAn Efficient Staging Algorithm for Binding-Time Analysis
An Efficient Staging Algorithm for Binding-Time Analysis Takuma Murakami 1, Zhenjiang Hu 1,2, Kazuhiko Kakehi 1, and Masato Takeichi 1 1 Department of Mathematical Informatics, Graduate School of Information
More informationVerified Implementations of the Information Card Federated Identity-Management Protocol
ABSTRACT Verified Implementations of the Information Card Federated Identity-Management Protocol K. Bhargavan C. Fournet A.D. Gordon N. Swamy We describe reference implementations for selected configurations
More informationA Derivation System for Security Protocols and its Logical Formalization
A Derivation System for Security Protocols and its Logical Formalization Anupam Datta Ante Derek John C. Mitchell Dusko Pavlovic Stanford University CSFW July 1, 2003 Kestrel Institute Contributions Protocol
More informationProgramming Languages
CSE 230: Winter 2008 Principles of Programming Languages Ocaml/HW #3 Q-A Session Push deadline = Mar 10 Session Mon 3pm? Lecture 15: Type Systems Ranjit Jhala UC San Diego Why Typed Languages? Development
More informationComputer Security CS 426 Lecture 35. CS426 Fall 2010/Lecture 35 1
Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs 1 Readings for This Lecture Optional: Haveli and Micali: Practical and Privably-Secure Commitment Schemes from Collision-Free Hashing
More informationProgramming Languages Lecture 14: Sum, Product, Recursive Types
CSE 230: Winter 200 Principles of Programming Languages Lecture 4: Sum, Product, Recursive Types The end is nigh HW 3 No HW 4 (= Final) Project (Meeting + Talk) Ranjit Jhala UC San Diego Recap Goal: Relate
More informationGuarded Operations, Refinement and Simulation
Guarded Operations, Refinement and Simulation Steve Reeves and David Streader Department of Computer Science University of Waikato Hamilton, New Zealand stever,dstr@cs.waikato.ac.nz Abstract Simulation
More informationRational Oblivious Transfer
Rational Oblivious Transfer Xiong Fan xfan@cs.umd.edu Kartik Nayak kartik1507@gmail.com May 14, 2014 Abstract Oblivious transfer is widely used in secure multiparty computation. In this paper, we propose
More informationfor Compound Authentication
Verified Contributive Channel Bindings for Compound Authentication Antoine Delignat-Lavaud, Inria Paris Joint work with Karthikeyan Bhargavan and Alfredo Pironti Motivation: Authentication Composition
More informationInitial Assumptions. Modern Distributed Computing. Network Topology. Initial Input
Initial Assumptions Modern Distributed Computing Theory and Applications Ioannis Chatzigiannakis Sapienza University of Rome Lecture 4 Tuesday, March 6, 03 Exercises correspond to problems studied during
More informationType-safe Distributed Programming with ML5
Type-safe Distributed Programming with ML5 Tom Murphy VII, Karl Crary, and Robert Harper Department of Computer Science Carnegie Mellon University Pittsburgh, PA, USA tom7,crary,rwh@cs.cmu.edu Abstract
More informationHarvard School of Engineering and Applied Sciences CS 152: Programming Languages
Harvard School of Engineering and Applied Sciences CS 152: Programming Languages Lecture 18 Thursday, April 3, 2014 1 Error-propagating semantics For the last few weeks, we have been studying type systems.
More informationCOMP9321 Web Application Engineering
COMP9321 Web Application Engineering Semester 2, 2015 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 12 (Wrap-up) http://webapps.cse.unsw.edu.au/webcms2/course/index.php?cid=2411
More informationExcerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt
Excerpts of Web Application Security focusing on Data Validation adapted for F.I.S.T. 2004, Frankfurt by fs Purpose of this course: 1. Relate to WA s and get a basic understanding of them 2. Understand
More informationNEW FUNCTIONS FOR SECRECY ON REAL PROTOCOLS
NEW FUNCTIONS FOR SECRECY ON REAL PROTOCOLS Jaouhar Fattahi 1 and Mohamed Mejri 1 and Hanane Houmani 2 1 LSI Group, Laval University, Quebec, Canada 2 University Hassan II, Morocco ABSTRACT In this paper,
More informationType Driven Development in Idris
Type Driven Development in Idris Edwin Brady (ecb10@st-andrews.ac.uk) University of St Andrews, Scotland, UK @edwinbrady Kats Workshop, Dublin, 21st May 2016 Scotland, Home of Functional Programming Welcome
More informationCOMP9321 Web Application Engineering
COMP9321 Web Application Engineering Semester 1, 2017 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 12 (Wrap-up) http://webapps.cse.unsw.edu.au/webcms2/course/index.php?cid=2457
More informationWhat Can Be Proved About Security?
What Can Be Proved About Security? Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in Centre for Artificial Intelligence and Robotics Bengaluru 23 rd
More informationWriting code that I'm not smart enough to write. A funny thing happened at Lambda Jam
Writing code that I'm not smart enough to write A funny thing happened at Lambda Jam Background "Let s make a lambda calculator" Rúnar Bjarnason Task: write an interpreter for the lambda calculus Lambda
More informationType Checking. Outline. General properties of type systems. Types in programming languages. Notation for type rules.
Outline Type Checking General properties of type systems Types in programming languages Notation for type rules Logical rules of inference Common type rules 2 Static Checking Refers to the compile-time
More informationIdioms are oblivious, arrows are meticulous, monads are promiscuous
MSFP 2008 Idioms are oblivious, arrows are meticulous, monads are promiscuous Sam Lindley, Philip Wadler and Jeremy Yallop Laboratory for Foundations of Computer Science The University of Edinburgh Abstract
More informationContents. Introduction
Contents Preface Introduction xiii xvii 1 Why Did the Chicken Cross the Road? 1 1.1 The Computer.......................... 1 1.2 Turing Machine.......................... 3 CT: Abstract Away......................
More informationBindings for Security Protocol Message Composition
Bindings for Security Protocol Message Composition Genge Bela 1, Haller Piroska 2 Abstract We present a method for creating security protocols, based on message composition. The novelty of our approach
More informationScaling Privacy Guarantees in Code Verification Elections
Scaling Privacy Guarantees in Code Verification Elections Anthi Orfanou Columbia University July 18, 2013 Joint work with Aggelos Kiayias (University of Athens) Anthi Orfanou (Columbia University) Scaling
More informationOutline. General properties of type systems. Types in programming languages. Notation for type rules. Common type rules. Logical rules of inference
Type Checking Outline General properties of type systems Types in programming languages Notation for type rules Logical rules of inference Common type rules 2 Static Checking Refers to the compile-time
More informationModular Verification of Security Protocol Code by Typing
Modular Verification of Security Protocol Code by Typing Karthikeyan Bhargavan Cédric Fournet Andrew D. Gordon Draft of December 2010 Technical Report Microsoft Research Roger Needham Building 7 J.J. Thomson
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationFormal Methods in Software Design. Markus Roggenbach
Formal Methods in Software Design Markus Roggenbach October 2001 2 Formal Methods Use of mathematics in software development main activities: writing formal specifications 2 Formal Methods Use of mathematics
More informationCompiler Construction
Compiler Construction Lecture 1: Introduction Thomas Noll Lehrstuhl für Informatik 2 (Software Modeling and Verification) noll@cs.rwth-aachen.de http://moves.rwth-aachen.de/teaching/ss-14/cc14/ Summer
More information