Learning is Change in Knowledge: Knowledge-Based Security for Dynamic Policies

Askarov, Aslan; Chong, Stephen

doi:10.1109/csf.2012.31

Cited by 44 publications

(81 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Namely, the observer is unable to learn more information than what is allowed at a given point while moving to a successive point of the same trace and possibly making a new observation. This model fits well with current knowledge-based approaches to information flow security [9,6,10], and, inspired by work of Guttman and Nadel [11], by being explicit about the information that needs to be protected, it allows a very general treatment of secret information, both as high level input and output events, and as relationships between events, say ordering, multiplicity, and interleaving. We show that several possibilistic conditions such as Separability, Generalized Noninterference, Nondeducibility, Nondeducibility on Outputs and Nondeducibility on Strategies are accurately reflected in the epistemic setting.…”

Section: Introductionmentioning

confidence: 53%

“…By contrast, this paper defines knowledge as the set of global traces that an agent considers possible based on his local observations. This allows us to give security conditions which are closer to what is used in language-based security [21,10,7]. Furthermore, the logic we present here captures directly the security properties of traces.…”

Section: Temporal Epistemic Logic With Pastmentioning

confidence: 95%

“…1 can be relaxed to deal with different forms of dynamic policies [15,10]. A release (or declassification) policy R(τ, i , P) at point (τ, i ) is a property of P, i.e., subset of M ↓P , representing the knowledge that the observer is allowed to learn at that point.…”

Section: Security Conditionmentioning

confidence: 99%

“…Several works [4,22] explore epistemic conditions for relational and interactive models, although in a synchronous setting only. Different issues related to declassification [6] and attack models [10] have been considered using epistemic security conditions. In [23] Sabelfeld and Mantel discuss information flow security for distributed programs and point out finer-grained sources of leaks due to encryption, environment totality and timing.…”

Section: Temporal Epistemic Logic With Pastmentioning

confidence: 99%

See 3 more Smart Citations

Secure IT Systems

Nielson¹,

Gollmann²

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Securing communication in large scale distributed systems is an open problem. When multiple principals exchange sensitive information over a network, security and privacy issues arise immediately. For instance, in an online auction system we may want to ensure that no bidder knows the bids of any other bidder before the auction is closed. Such systems are typically interactive/reactive and communication is mostly asynchronous, lossy or unordered. Language-based security provides language mechanisms for enforcing end-to-end security. However, with few exceptions, previous research has mainly focused on relational or synchronous models, which are generally not suitable for distributed systems. This paper proposes a general knowledge-based account of possibilistic security from a language perspective and shows how existing trace-based conditions fit in. A syntactic characterization of these conditions, given by an epistemic temporal logic, shows that existing model checking tools can be used to enforce security.

show abstract

Section: Introductionmentioning

confidence: 53%

Section: Temporal Epistemic Logic With Pastmentioning

confidence: 95%

Section: Security Conditionmentioning

confidence: 99%

Section: Temporal Epistemic Logic With Pastmentioning

confidence: 99%

See 2 more Smart Citations

Secure IT Systems

Nielson¹,

Gollmann²

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Knowledge-based conditions have also been used to provide intuitive semantics for dynamic information-flow policies [9], [62]. This is done by considering attackers that partially forget the observations made during the computation.…”

Section: Related Workmentioning

confidence: 99%

Explicit Secrecy: A Policy for Taint Tracking

Schoepe

Balliu

Pierce

et al. 2016

2016 IEEE European Symposium on Security and Privacy (EuroS&P)

View full text Add to dashboard Cite

Taint tracking is a popular security mechanism for tracking data-flow dependencies, both in high-level languages and at the machine code level. But despite the many taint trackers in practical use, the question of what, exactly, tainting means-what security policy it embodies-remains largely unexplored.We propose explicit secrecy, a generic framework capturing the essence of explicit flows, i.e., the data flows tracked by tainting. The framework is semantic, generalizing previous syntactic approaches to formulating soundness criteria of tainting. We demonstrate the usefulness of the framework by instantiating it with both a simple high-level imperative language and an idealized RISC machine. To further understanding of what is achieved by taint tracking tools, both dynamic and static, we obtain soundness results with respect to explicit secrecy for the tainting engine cores of a collection of popular dynamic and static taint trackers.

show abstract