Mechanized logical relations for termination-insensitive noninterference

Gregersen, Simon Oddershede; Bay, Johan; Timany, Amin; Birkedal, Lars

doi:10.1145/3434291

Cited by 8 publications

(1 citation statement)

References 54 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Rajani et al (2017) extend this proof technique for FG and CG, but their logical relation require step-indexed Kripke worlds (Birkedal et al, 2011) to avoid circular arguments when reasoning about state. Recently, Gregersen et al (2021) develop a mechanized semantic model based on logical relations on top of the Iris framework (Jung et al, 2018) for an expressive fine-grained static IFC language. Proofs based on logical relations for stateful languages feature two types of logical relations: a binary relation for observable values (similar to L-equivalence), and a unary relation for secret values, which provides a semantics interpretation of the confinement lemma.…”

Section: Proof Techniques For Termination-insensitive Non-interferencementioning

confidence: 99%

From fine- to coarse-grained dynamic information flow control and back

Vassena

Russo

Garg

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

We show that fine-grained and coarse-grained dynamic information-flow control (IFC) systems are equally expressive. To this end, we mechanize two mostly standard languages, one with a fine-grained dynamic IFC system and the other with a coarse-grained dynamic IFC system, and prove a semantics-preserving translation from each language to the other. In addition, we derive the standard security property of non-interference of each language from that of the other, via our verified translation. This result addresses a longstanding open problem in IFC: whether coarse-grained dynamic IFC techniques are less expressive than fine-grained dynamic IFC techniques (they are not!). The translations also stand to have important implications on the usability of IFC approaches. The coarse-to fine-grained direction can be used to remove the label annotation burden that fine-grained systems impose on developers, while the fine-to coarse-grained translation shows that coarse-grained systemsÐwhich are easier to design and implementÐcan track information as precisely as fine-grained systems and provides an algorithm for automatically retrofitting legacy applications to run on existing coarse-grained systems. CCS Concepts: • Security and privacy → Formal security models;

show abstract

Section: Proof Techniques For Termination-insensitive Non-interferencementioning

confidence: 99%

From fine- to coarse-grained dynamic information flow control and back

Vassena

Russo

Garg

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

DDUO: General-Purpose Dynamic Analysis for Differential Privacy

Abuah

Silence

Darais

et al. 2021

2021 IEEE 34th Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

Reconciling Shannon and Scott with a Lattice of Computable Information

Hunt

Sands

Stucki³

2023

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

This paper proposes a reconciliation of two different theories of information. The first, originally proposed in a lesser-known work by Claude Shannon (some five years after the publication of his celebrated quantitative theory of communication), describes how the information content of channels can be described qualitatively , but still abstractly, in terms of information elements , where information elements can be viewed as equivalence relations over the data source domain. Shannon showed that these elements have a partial ordering, expressing when one information element is more informative than another, and that these partially ordered information elements form a complete lattice. In the context of security and information flow this structure has been independently rediscovered several times, and used as a foundation for understanding and reasoning about information flow. The second theory of information is Dana Scott’s domain theory, a mathematical framework for giving meaning to programs as continuous functions over a particular topology. Scott’s partial ordering also represents when one element is more informative than another, but in the sense of computational progress – i.e. when one element is a more defined or evolved version of another. To give a satisfactory account of information flow in computer programs it is necessary to consider both theories together, in order to understand not only what information is conveyed by a program (viewed as a channel, à la Shannon) but also how the precision with which that information can be observed is determined by the definedness of its encoding (à la Scott). To this end we show how these theories can be fruitfully combined, by defining the Lattice of Computable Information (LoCI), a lattice of preorders rather than equivalence relations. LoCI retains the rich lattice structure of Shannon’s theory, filters out elements that do not make computational sense, and refines the remaining information elements to reflect how Scott’s ordering captures possible varieties in the way that information is presented. We show how the new theory facilitates the first general definition of termination-insensitive information flow properties, a weakened form of information flow property commonly targeted by static program analyses.

show abstract

Mechanized logical relations for termination-insensitive noninterference

Cited by 8 publications

References 54 publications

From fine- to coarse-grained dynamic information flow control and back

From fine- to coarse-grained dynamic information flow control and back

DDUO: General-Purpose Dynamic Analysis for Differential Privacy

Reconciling Shannon and Scott with a Lattice of Computable Information

Contact Info

Product

Resources

About