Traffic analysis attacks remain a significant problem for online security. Communication between nodes can be observed by network level attackers as it inherently takes place in the open. Despite online services increasingly using encrypted traffic, the shape of the traffic is not hidden. To prevent traffic analysis, the shape of a system's traffic must be independent of secrets.We investigate adapting the data-oblivious approach the reactive setting and present OblivIO, a secure language for writing reactive programs driven by network events. Our approach pads with dummy messages to hide which program sends are genuinely executed. We use an information-flow type system to provably enforce timing-sensitive noninterference. The type system is extended with potentials to bound the overhead in traffic introduced by our approach. We address challenges that arise from joining data-oblivious and reactive programming and demonstrate the feasibility of our resulting language by developing an interpreter that implements security critical operations as constant-time algorithms. From standard to auxiliary: We proceed by induction on .Case is skip: Done by picking pc ′ = pc. Case is1 ; 2 : By the induction hypothesis. Case is = : Done by picking pc ′ = pc. Case is ?= : Done by picking pc ′ = pc. Case is ?= input(ch, ): Done by picking pc ′ = pc. Case is send(ch, ): By Γ, Π, Λ; Δ; pc ⊢ we have Λ(ch) = @ mode ; val ; such that mode = ⊥ ⟹ = ′ and mode ≠ ⊥ ⟹ = ′ + 1 + . Done by picking pc ′ = pc. Case is if then else : Done by picking pc ′ = pc. Case is while do : Done by picking pc ′ = pc. Case is oblif then else : By Γ, Π, Λ; Δ; pc ⊢ we have Γ; Δ ⊢ ∶ @ . By the step in the standard semantics we have ″ = ∷ _ for some , and thus by assumption have pc = pc ∷ _ for some pc. We are done by Case T-ASSIGN: We observe by T-ASSIGN that pc = ⊥. Done as there exists no pc ≠ [] such that ⊥ ⊢ ⊥ ∷ pc. Case T-OBLIVASSIGN: By observing that [pc] is a non-empty stack with pc as top element. Case T-LOCALINPUT: By observing that [pc] is a non-empty stack with pc as top element. Case T-SEND: By observing that [pc] is a non-empty stack with pc as top element. Case T-IF: By two applications of the induction hypothesis. Case T-WHILE: We observe by T-WHILE that pc = ⊥. Done as there exists no pc ≠ [] such that ⊥ ⊢ ⊥ ∷ pc. Case T-OBLIVIF: By two applications of the induction hypothesis. Auxiliary to standard: We proceed by induction on the typing judgement. Case T-SKIP-AUX: Trivial. Case T-SEQ-AUX: By two applications of the induction hypothesis.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.