All Secrets Great and Small

Demange, Delphine; Sands, David

doi:10.1007/978-3-642-00590-9_16

Cited by 10 publications

(19 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We first observe that if the entropy of the hashed value is low an attacker might try to compute, by brute force, the hash of all the possible values until he finds a match. We thus select, as our starting point, a recent noninterference variant called secret-sensitive noninterference [6] which distinguishes small and big secrets and allows us to treat their corresponding digests accordingly. If a secret is big, meaning that it is infeasible to guess its actual value, then the brute force attack above is also infeasible.…”

Section: Trial = Hash(t_pwd); If (Trial = Passwd[root]) Then << Launcmentioning

confidence: 99%

“…In Section 2 we give the background on secretsensitive noninterference [6]; Section 3 extends the noninterference notions so to correctly deal with hash functions. Integrity check by equality is analyzed in Section 4.…”

Section: Trial = Hash(t_pwd); If (Trial = Passwd[root]) Then << Launcmentioning

confidence: 99%

“…Secret-sensitive noninterference (SSNI) [6], by Demange and Sands, is a variant of noninterference which distinguishes small, guessable secrets from big, unguessable ones. As discussed in the introduction, this distinction will be useful to discipline the downgrading of digests of secret values, as we will see in Section 3.…”

Section: Secret-sensitive Noninterferencementioning

confidence: 99%

“…The main idea of SSNI [6] is that for unguessable secrets, brute force attacks will terminate only with negligible probability. Intuitively, this allows for adopting a termination insensitive equivalence notion when comparing program behaviour.…”

Section: Secret-sensitive Noninterferencementioning

confidence: 99%

“…The proposed solution is based on the type system by Demange and Sands [6]. We only report typing rules for expressions and integrity check commands.…”

Section: Security Type Systemmentioning

confidence: 99%

See 4 more Smart Citations

Match It or Die: Proving Integrity by Equality

Centenaro

Focardi

2010

Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security

View full text Add to dashboard Cite

Abstract. Cryptographic hash functions are commonly used as modification detection codes. The goal is to provide message integrity assurance by comparing the digest of the original message with the hash of what is thought to be the intended message. This paper generalizes this idea by applying it to general expressions instead of just digests: success of an equality test between a tainted data and a trusted one can be seen as a proof of high-integrity for the first item. Secure usage of hash functions is also studied with respect to the confidentiality of digests by extending secret-sensitive noninterference of Demange and Sands.

show abstract

Section: Trial = Hash(t_pwd); If (Trial = Passwd[root]) Then << Launcmentioning

confidence: 99%

Section: Trial = Hash(t_pwd); If (Trial = Passwd[root]) Then << Launcmentioning

confidence: 99%

Section: Secret-sensitive Noninterferencementioning

confidence: 99%

Section: Secret-sensitive Noninterferencementioning

confidence: 99%

“…The proposed solution is based on the type system by Demange and Sands [6]. We only report typing rules for expressions and integrity check commands.…”

Section: Security Type Systemmentioning

confidence: 99%

See 3 more Smart Citations

Match It or Die: Proving Integrity by Equality

Centenaro

Focardi

2010

Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security

View full text Add to dashboard Cite

show abstract

All Secrets Great and Small

Demange

Sands

2009

Programming Languages and Systems

Self Cite

View full text Add to dashboard Cite

Abstract. Tools for analysing secure information flow are almost exclusively based on ideas going back to Denning's work from the 70's. This approach embodies an imperfect notion of security which turns a blind eye to information flows which are encoded in the termination behaviour of a program. In exchange for this weakness many more programs are deemed "secure", using conditions which are easy to check. Previously it was thought that such leaks are limited to at most one bit per run. Recent work by Askarov et al (ESORICS'08) offers some bad news and some good news: the bad news is that for programs which perform output, the amount of information leaked by a Denning style analysis is not bounded; the good news is that if secrets are chosen to be sufficiently large and sufficiently random then they cannot be effectively leaked at all. The problem addressed in this paper is that secrets cannot always be made sufficiently large or sufficiently random. Contrast, for example, an encryption key with an "hasHIV"-field of a patient record. In recognition of this we develop a notion of secret-sensitive noninterference in which "small" secrets are handled more carefully than "big" ones. We illustrate the idea with a type system which combines a liberal Denning-style analysis with a more restrictive system according to the nature of the secrets at hand.

show abstract

From Exponential to Polynomial-Time Security Typing via Principal Types

Hunt

Sands

2011

Programming Languages and Systems

Self Cite

View full text Add to dashboard Cite

Abstract. Hunt and Sands (POPL'06) studied a flow sensitive type (FST) system for multi-level security, parametric in the choice of lattice of security levels. Choosing the powerset of program variables as the security lattice yields a system which was shown to be equivalent to Amtoft and Banerjee's Hoare-style independence logic (SAS'04). Moreover, using the powerset lattice, it was shown how to derive a principal type from which all other types (for all choices of lattice) can be simply derived. Both of these earlier works gave "algorithmic" formulations of the type system/program logic, but both algorithms are of exponential complexity due to the iterative typing of While loops. Later work by Hunt and Sands (ESOP'08) adapted the FST system to provide an erasure type system which determines whether some input is correctly erased at a designated time. This type system is inherently exponential, requiring a double typing of the erasure-labelled input command. In this paper we start by developing the FST work in two key ways: (1) We specialise the FST system to a form which only derives principal types; the resulting type system has a simple algorithmic reading, yielding principal security types in polynomial time. (2) We show how the FST system can be simply extended to check for various degrees of termination sensitivity (the original FST system is completely termination insensitive, while the erasure type system is fully termination sensitive). We go on to demonstrate the power of these techniques by combining them to develop a type system which is shown to correctly implement erasure typing in polynomial time. Principality is used in an essential way to reduce type derivation size from exponential to linear.

show abstract

All Secrets Great and Small

Cited by 10 publications

References 13 publications

Match It or Die: Proving Integrity by Equality

Match It or Die: Proving Integrity by Equality

All Secrets Great and Small

From Exponential to Polynomial-Time Security Typing via Principal Types

Contact Info

Product

Resources

About