A Type System for Computationally Secure Information Flow

Laud, Peeter; Vene, Varmo

doi:10.1007/11537311_32

Cited by 40 publications

(53 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Consequently, certain security APIs cannot be analysed using some of these existing systems. For example, the IBM 4758 [3] has one internal master key that is used to encrypt all other keys which are then stored on the attached host, therefore rule sets in which the result of a decryption cannot be used as a key (e.g., [17]) are unable to analyse the security API for that device.…”

Section: Discussionmentioning

confidence: 99%

Towards a Type System for Security APIs

Keighren

Aspinall

Steel

2009

Foundations and Applications of Security Analysis

View full text Add to dashboard Cite

Abstract. Security API analysis typically only considers a subset of an API's functions, with results bounded by the number of function calls. Furthermore, attacks involving partial leakage of sensitive information are usually not covered. Type-based static analysis has the potential to alleviate these shortcomings. To that end, we present a type system for secure information flow based upon the one of Volpano, Smith and Irvine [1], extended with types for cryptographic keys and ciphertext similar to those in Sumii and Pierce [2]. In contrast to some other type systems, the encryption and decryption of keys does not require special treatment. We show that a well-typed sequence of commands is non-interferent, based upon a definition of indistinguishability where, in certain circumstances, the adversary can distinguish between ciphertexts that correspond to encrypted public data.

show abstract

Section: Discussionmentioning

confidence: 99%

Towards a Type System for Security APIs

Keighren

Aspinall

Steel

2009

Foundations and Applications of Security Analysis

View full text Add to dashboard Cite

show abstract

“…The proof is based on a new notion of fast simulation, which builds on the work of Baier, Katoen, Hermanns, and Wolf [BKHW05] on strong and weak simulation on discrete and continuous Markov chains. The theorem that stripping is a fast simulation shows that the theory of probabilistic simulation can be applied fruitfully to the secure information flow problem, giving another proof technique in addition to the more common bisimulation-based approach of work like [LV05], [SA06], and [FR08] on languages with cryptography, and [AFG98], [SV98], [Smi03], [ACF06], [FC08] on multi-threaded languages. The recent work [AS09] on secure information flow in a distributed language also makes use of the technique of stripping and fast simulation, although in a non-probabilistic context.…”

Section: Related Work and Conclusionmentioning

confidence: 99%

Non-termination and secure information flow

Smith¹,

Alpízar²

2011

Math. Struct. Comp. Sci.

View full text Add to dashboard Cite

In secure information flow analysis, the classic Denning restrictions allow a program's termination to be affected by the values of its H variables, resulting in potential information leaks. In an effort to quantify such leaks, in this work we study a simple imperative language with random assignments. As a thought experiment, we propose a "stripping" operation on programs, which eliminates all "high computation", and we prove a fundamental property: stripping cannot decrease the probability of any low outcome. To prove this property, we first introduce a new notion of fast probabilistic simulation on Markov chains and we show that it implies a key reachability property. Viewing the stripping function as a binary relation, we then prove that stripping is a fast simulation. As an application we prove that, under the Denning restrictions, well-typed probabilistic programs are guaranteed to satisfy an approximate probabilistic noninterference property, provided that their probability of nontermination is small.

show abstract

“…Interestingly, greatest fixed point computations were suggested [23, equation 15] as an algorithmic tool to evaluate Laud's entailment relation. The main difference between [19,23] and our work is that [19,23] retain the inductive framework (and entailment relation, see Section 2) for modeling the adversarial knowledge, and resolve the encryption cycles issue using ad-hoc methods. Here we establish a close connection between greatest fixed points and cryptographic expressions at the semantic (computational soundness) level, and present a general approach (based on the use of co-induction) that can be generalized to a larger class of cryptographic expressions, e.g., the expressions with pseudo-random keys [13,12], secret sharing schemes [14], etc.…”

Section: Related Workmentioning

confidence: 99%

Computational Soundness, Co-induction, and Encryption Cycles

Micciancio

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We analyze the relation between induction, co-induction and the presence of encryption cycles in the context of computationally sound symbolic equivalence of cryptographic expressions. Our main finding is that the use of co-induction in the symbolic definition of the adversarial knowledge allows to prove soundness results without the need to require syntactic restrictions, like the absence of encryption cycles, common to most previous work in the area. Encryption cycles are relevant only to the extent that the key recovery function associated to acyclic expressions can be shown to have a unique fixed point. So, when a cryptographic expression has no encryption cycles, the inductive (least fixed point) and co-inductive (greatest fixed point) security definitions produce the same results, and the computational soundness of the inductive definitions for acyclic expressions follows as a special case of the soundness of the coinductive definition.

show abstract

A Type System for Computationally Secure Information Flow

Cited by 40 publications

References 25 publications

Towards a Type System for Security APIs

Towards a Type System for Security APIs

Non-termination and secure information flow

Computational Soundness, Co-induction, and Encryption Cycles

Contact Info

Product

Resources

About