Probabilistic Polynomial-Time Process Calculus and Security Protocol Analysis

Mitchell, John C.

doi:10.1007/3-540-45309-1_2

Cited by 6 publications

(4 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is related to the approaches found in Laud's work [40,41] and Mitchell et al's work on polynomial-time process calculus (see, e.g., [44,52]). …”

Section: Whenmentioning

confidence: 93%

“…When: The semantic consistency principle critically depends on the underlying semantics. For complexity-sensitive security definitions [40,41,44,52,75,76], semantic consistency requires complexity-preserving transformations. Otherwise, for example, a program which cannot leak in polynomial time could be sped up by a transformation that compromises security.…”

Section: What: Models Capturing What Is Released Are Generally Semantmentioning

confidence: 99%

See 1 more Smart Citation

Declassification: Dimensions and principles

Sabelfeld

Sands

2009

JCS

171

167

View full text Add to dashboard Cite

Computing systems often deliberately release (or declassify) sensitive information. A principal security concern for systems permitting information release is whether this release is safe: is it possible that the attacker compromises the information release mechanism and extracts more secret information than intended? While the security community has recognised the importance of the problem, the state-of-the-art in information release is, unfortunately, a number of approaches with somewhat unconnected semantic goals. We provide a road map of the main directions of current research, by classifying the basic goals according to what information is released, who releases information, where in the system information is released and when information can be released. With a general declassification framework as a longterm goal, we identify some prudent principles of declassification. These principles shed light on existing definitions and may also serve as useful "sanity checks" for emerging models.1 Note that in this article we will refer to both intentional, meaning deliberate, and intensional, meaning the opposite of extensional, when discussing declassification.A. Sabelfeld and D. Sands / Declassification: Dimensions and principles 519 clear distinctions, seeking to crystallise the security assurance provided by some known approaches.• Secondly, we identify some common semantic principles for declassification mechanisms:semantic consistency, which states that security definitions should be invariant under equivalence-preserving transformations; conservativity, which states that the definition of security should be a weakening of noninterference; monotonicity of release, which states that adding declassification annotations cannot make a secure program become insecure. Roughly speaking: the more you choose to declassify, the weaker the security guarantee; and non-occlusion, which states that the presence of declassifications cannot mask other covert information leaks.These principles help shed light on existing approaches and should also serve as useful "sanity checks" for emerging models.This article is a revised and extended version of a paper published in the IEEE Computer Security Foundations Workshop 2005 [71]. Compared to the earlier version, we overview some new work on declassification that has appeared under 2005 [32,34,35,37,43,50], consider "why" and "how" as other possible dimensions of declassification, sketch challenges for enforcing declassification policies along the dimensions, discuss dimensions of endorsement (the dual of declassification for integrity), and make other changes and improvements throughout. Dimensions of declassificationThis section provides a classification of the basic declassification goals according to four axes: what information is released, who releases information, where in the system information is released and when information can be released. WhatPartial, or selective, information flow policies [15,16,27,28,38,70] regulate what information may be released. Partial release g...

show abstract

“…This is related to the approaches found in Laud's work [40,41] and Mitchell et al's work on polynomial-time process calculus (see, e.g., [44,52]). …”

Section: Whenmentioning

confidence: 93%

Section: What: Models Capturing What Is Released Are Generally Semantmentioning

confidence: 99%

Declassification: Dimensions and principles

Sabelfeld

Sands

2009

JCS

171

167

View full text Add to dashboard Cite

show abstract

“…Abadi and Gordon [1] use observational equivalence to formulate secrecy in the spi-calculus, and define a sound equational theory for proving observational equivalence between two processes; Figure 6: Implementation of signing oracle and OH oracle in PSS2 using the equational theory, they establish the security of common protocols. While the spi-calculus relies on a symbolic model of cryptography, Mitchell et al [32] develop a theory of observational equivalence in a process algebra for probabilistic polynomial time computation, and show how to use the equivalence to reason about cryptographic primitives. In particular, they develop a proof system for bisimulation for their process algebra.…”

Section: Related Workmentioning

confidence: 99%

Computational indistinguishability logic

Barthe

Daubignard

Kapron

et al. 2010

Proceedings of the 17th ACM Conference on Computer and Communications Security

View full text Add to dashboard Cite

Computational Indistinguishability Logic (CIL) is a logic for reasoning about cryptographic primitives in computational models. It captures reasoning patterns that are common in provable security, such as simulations and reductions. CIL is sound for the standard model, but also supports reasoning in the random oracle and other idealized models. We illustrate the benefits of CIL by formally proving the security of the probabilistic signature scheme (PSS).

show abstract

“…Instead of the usual assumption that cryptographic primitives are perfectly secure-they are modeled as functions for which only a very restricted set of formulas holds ( [5,1] are among the most prominent examples), one attempts to take into account that the cryptographic primitives may be implemented by any algorithm satisfying some complex complexity-theoretical definition; dealing with those definitions is an issue that both the analyses for secure information flow and the analyses of cryptographic protocols must handle. Mitchell et al [14,15,16] extended the spi-calculus [1] with (polynomial) bounds on message lengths and execution time, and developed a probabilistic semantics for this extension. This has allowed them to prove the protocols correct with respect to polynomially bounded adversaries, where the cryptographic primitives that the protocols employ are real ones.…”

Section: Related Workmentioning

confidence: 99%

Handling Encryption in an Analysis for Secure Information Flow

Laud

2003

Programming Languages and Systems

View full text Add to dashboard Cite

Abstract. This paper presents a program analysis for secure information flow. The analysis works on a simple imperative programming language containing a cryptographic primitive-encryption-as a possible operation. The analysis captures the intuitive qualities of the (lack of) information flow from a plaintext to its corresponding ciphertext. The analysis is proved correct with respect to a complexity-theoretical definition of the security of information flow. In contrast to the previous results, the analysis does not put any restrictions on the structure of the program, especially on the ways of how the program uses the encryption keys.

show abstract

Probabilistic Polynomial-Time Process Calculus and Security Protocol Analysis

Cited by 6 publications

References 45 publications

Declassification: Dimensions and principles

Declassification: Dimensions and principles

Computational indistinguishability logic

Handling Encryption in an Analysis for Secure Information Flow

Contact Info

Product

Resources

About