Information Flow. Piotr (Peter) Mardziel CMU. Fall 2018
|
|
- Ross Simpson
- 5 years ago
- Views:
Transcription
1 Information Flow Piotr (Peter) Mardziel CMU Fall 2018
2 Recall Bootstrapping lecture... Dataset A Dataset B Process 1 Scope, Hive, Dremel Data in the form of Tables Code Transforms Columns to Columns No Shared State Limited Hidden Flows Dataset C users = SELECT _name, _age FROM datasetab user_tag = SELECT GenerateTag(_name, _age) FROM users OUTPUT user_tag TO datasetc 2
3 Recall Bootstrapping lecture... Dataset A Dataset B Dataset D Dataset G Process 1 Process 4 Dataset C Dataset H Dataset I Process 2 Process 5 Dataset E Dataset F Dataset J Process 3 Process 6 3
4 Recall Bootstrapping lecture... Dataset A Dataset B Dataset D Dataset G Purpose Labels Annotate programs with purpose labels Process NewAcct 1 Dataset C Dataset H Process GeoIP 4 Dataset I Process Login 2 Check Process 5 Fraud Dataset E Dataset F Dataset J Check Process Hijack 3 Reporting Process 6 4
5 Recall Bootstrapping lecture... Purpose Labels Annotate programs with purpose labels Initial Data Labels Heuristics and Annotations Dataset Dataset Dataset NameA Dataset Age B IPAddress IDX D G users = SELECT _name, Name _age Age FROM datasetab user_tag = Process NewAcct 1 Process GeoIP 4 SELECT GenerateTag(_name, _age) FROM users OUTPUT user_tag TO datasetc Dataset Dataset?? Country C H Dataset IDX I Process Login 2 Check Process 5 Fraud Dataset Timestamp E Dataset Hash F Dataset?? J Check Process Hijack 3 Reporting Process 6 5
6 Recall Bootstrapping lecture... Purpose Labels Annotate programs with purpose labels Initial Data Labels Heuristics and Annotations Flow Labels Source labels propagated via data flow graph Dataset Dataset Dataset NameA Dataset Age B IPAddress IDX D G users = SELECT _name, Name _age Age FROM datasetab user_tag = Process NewAcct 1 Process GeoIP 4 SELECT GenerateTag(_name, _age) FROM users OUTPUT user_tag TO Name datasetc Profile + Age Dataset Dataset Profile Country C H Dataset IDX I Dataset Timestamp E Check Process Hijack 3 Process Login 2 Dataset Hash F Reporting Process 6 Check Process 5 Fraud Dataset IDX J D. E. Denning. A lattice model of secure information flow 6
7 Information flow } Does (some particular) information flow from Dataset A to Dataset C? Dataset A Dataset B Process 1 Dataset C 7
8 Lattices } Lattices as mathematical structures } Lattices as modeling tools } Lattices as enforcement tools
9 Lattices as mathematical structures } Total ordering } A set X } x,y in X either x y or y x... } Example: numbers in day-to-day maths } Example: in a group of Football teams, their standing } Patriots Bills Dolphins Jets... } Example: in a group of Basketball teams, their standing } Celtics Cavaliers Raptors Wizards Hawks...
10 Lattices as mathematical structures } Partial ordering } x,y either x y or y x or neither } Example: in a group of Football and Basketball teams, their standing } Patriots Bills Dolphins Jets... } Celtics Cavaliers Raptors Wizards Hawks... } Neither Patriots Celtics nor Celtics Patriots
11 Lattices as mathematical structures } Lattice } Order for every pair is not necessary } But, every pair has to have sheared least upper and greatest lower bounds, written (join), (meet) } Example: } A = {1,2}, B = {1,2,3}, C = {2,3}, D = {2} } A B, C B but neither A C nor C A A C = B ( A B and C B ) A C = D ( D A and D C)
12 Lattices as mathematical structures } Non-Example: } Piotr Boss1 } Piotr Boss2 } Arthur Boss1 } Arthur Boss2 } Neither Boss1 Boss2 nor Boss2 Boss1 } Example? (add Superboss) } Boss1 Superboss } Boss2 Superboss
13 Lattices as mathematical structures } Non-Example: } Airman Basic... General of the Air Force } Seaman Recruit... Fleet Admiral } Private... General of the Army } Example? (add Secretary of Defense) } General of the Air Force Secretary of Defense } Fleet Admiral Secretary of Defense } General of the Army Secretary of Defense
14 Examples: Policy labels top Profile Name Age bottom 14
15 Examples: Policy labels 15
16 Lattices as a modeling tool } Policy: SearchTeam can access the Test Database. } Can Bob access the Test Database? } Access(P, testdatabase) :- PartOf(P, searchteam) } PartOf(bob, searchfraudteam) } PartOf(searchfraudteam, searchteam) } Transitivity: } PartOf(a,c) :- PartOf(a,b),PartOf(b,c)
17 Lattices as an enforcement tool } Do together. For each policy: } Define the objects and orderings over them necessary for modeling systems governed by that policy. } What questions about a system s execution need to be asked to determine whether a policy was violated or followed? } Show how to use the lattice to answer the question and how to correctly implement the policy.
18 Lattices as an enforcement tool } Do together. For each policy: } Define the objects and orderings over them necessary for modeling systems governed by that policy. } What questions about a system s execution need to be asked to determine whether a policy was violated or followed? } Show how to use the lattice to answer the question and how to correctly implement the policy. } PolicyA: PII cannot be used for advertising purposes. } PolicyB: PII can be sent for medical purposes. } PolicyC: Transmitted PII should be encrypted. } PolicyD: Transmissions with PII should be logged.
19 Lattices as an enforcement tool } Do together. For each policy: } Define the objects and orderings over them necessary for modeling systems governed by that policy. } What questions about a system s execution need to be asked to determine whether a policy was violated or followed? } Show how to use the lattice to answer the question and how to correctly implement the policy. } PolicyA: PII cannot be used for advertising purposes. } PolicyB: PII can be sent for medical purposes. } PolicyC: Transmitted PII should be encrypted. } PolicyD: Transmissions with PII should be logged.
20 Lattices as an enforcement tool } Do together. For each policy: } Define the objects and orderings over them necessary for modeling systems governed by that policy. } What questions about a system s execution need to be asked to determine whether a policy was violated or followed? } Show how to use the lattice to answer the question and how to correctly implement the policy. } PolicyA: PII cannot be used for advertising purposes. } PolicyB: PII can be sent for medical purposes. } PolicyC: Transmitted PII should be encrypted. } PolicyD: Transmissions with PII should be logged.
21 Lattices as an enforcement tool } Do together. For each policy: } Define the objects and orderings over them necessary for modeling systems governed by that policy. } What questions about a system s execution need to be asked to determine whether a policy was violated or followed? } Show how to use the lattice to answer the question and how to correctly implement the policy. } PolicyA: PII cannot be used for advertising purposes. } PolicyB: PII can be sent for medical purposes. } PolicyC: Transmitted PII should be encrypted. } PolicyD: Transmissions with PII should be logged.
22 Information Flow } Logical formulation } Language-based enforcement
23 Information Flow } Logical formulation: Non-interference } f: (X,Y) à Z } Does input X interfere in output Z? } x 1,x 2, and y such that } f(x 1,y) f(x 2,y) } X does not-interfere with output Z: } x 1,x 2, and y } f(x 1,y) = f(x 2,y) x f z y
24 Information Flow } Does input X interfere in output Z? } x 1,x 2, and y such that } f(x 1,y) f(x 2,y) } Examples: x y } f(x,y) = x } f(x,y) = y } f(x,y) = x + y f z } f(x,y) = x * y } f(x,y) = x * y * 0
25 Information Flow } Does input X interfere in output Z? } x 1,x 2, and y s.t. } f(x 1,y) = z 1 x y } f(x 2,y) = z 2 } Now: f is a program. f } def f(x,y): } print x } return 0 } f: (X,Y) à Return Value } f: (X,Y) à (ReturnValue, PrintOutput) z
26 Information Flow: Problems with definition } Programs are complicated } anything written in perl } Programs as implemented may involve more observables than as described logically } if x == 42 : do some long operation } return 0 } Programs sometimes need to use secret things: } if x == password : return login success } else: return login fail x f z y
27 Information Flow } Logical formulation } Language-based enforcement } Background: syntax and semantics of a simple language } Semantics of information flow labels
28 Language-based Information Flow } Example: perl, ruby taint mode } Anything from outside of a program is tainted. } Nothing can be sent to outside of a program if it is tainted. } If x is tainted and is used to compute y, y becomes tainted. } Example } $username, $password =... # from webform } $real_password = db::do( username } select password from USERS where username= $username ) } if $password == $real_password { return login succes }... login database password
29 Language-based Information Flow username password login database } when $username = Robert ; DROP TABLE Students; -- } db::do( } select password from USERS where username= Robert ; DROP TABLE Students; -- } ) } in perl taint mode; this would fail before executing on database
30 Language-based Information Flow } Label Lattices } Origin labels username password } Tainted, NotTainted login } TopSecret, Secret, NotSecret } Data labels } Name, Address, Profile database } IPAddress, IPAddress:truncated } Purpose labels } Advertising, Policing } Role labels } Advertising, Marketing, LawEnforcement
31 Language-based Information Flow } Syntax and Semantics for a simple language
32 Syntax } Expressions // expressions evaluate to values } exp ::= value } variable } readstring // read an int from outside } dbquery(exp) // execute a query specified by exp } exp + exp... } Statements // statements manipulate state and control execution } stmt ::= variable = exp } if exp: stmt } stmta ; stmtb // sequences of statements
33 Semantics } Imperative language has State } State: Variable à Value } Store the values of variables } Write {x = 4, y = 3} for state where variable x is 4, y is 3.
34 Semantics } Expressions } evalexp(exp): State àvalue } Examples } evalexp( 42 ) {} à 42 } evalexp( 5 + y ) {y=3} à 8 } evalexp( 5 + x ) {y=3} à error
35 Semantics } Statements } evalstmt(stmt): State à State } Example: } evalstmt( y = 3 ) {} à {y=3} } evalstmt( x = 5 + y ) {y=3} à {y=3,x=8}
36 Rules for Evaluation } EvalPlus: } evalexp( expl + expr )(S) à evalexp(expl)(s) + evalexp(expr)(s) } Example: evalexp( (1+2) + x ){x=3} } = evalexp( 1+2 ){x=3} + evalexp( x ){x=3} } = evalexp( 1 ){x=3} + evalexp( 2 ){x=3} + evalexp( x ){x=3} } = = 6
37 Rules for Evaluation } EvalCond: } evalstmt( if exp then stmt ) S à } if evalexp(exp)(s) is true then evalstmt(stmt)(s) otherwise S } Example: evalstmt( if x > 2: x = x + 10 ){x=3} } è if evalexp( x > 2 ){x=3} is true then evalstmt( x = x + 10 ){x=3} } è if 3 > 2 is true then evalstmt( x = x + 10 ){x = 3} else { x = 3 } } è evalstmt( x = x + 10 ){x=3} } è {x = evalexp( x + 10 ){x=3}} } è {x = } } è {x = 13}
38 Rules for Information Flow } Implement taint mode: read input should not interfere with written output } Input: readstring } Output dbquery(exp) } Parallel state for labels (taints, security level, other...) } evalexp(exp): (State, LabelState) à (Value, Label) or ERROR } evalstmt(stmt): (State, LabelState) à (State, LabelState) or ERROR } LabelState: Variable à Label
39 Rules for Information Flow } Expressions } evalexp( readstring ) S, LS } evalexp( hello ) S à ( hello, NotTainted) } evalexp( readstring ) S,LS à } ( Robert ; DROP TABLE Students;--, Tainted) } evalexp( dbquery(exp) ) S, LS } evalexp( SELECT password from Users where username= + username + ; ) } {} { username = Tainted } à ERROR
40 Rules for Information Flow } Do together: for each expression or statement, state combination: } Evaluate the given expression/statement under the given state. } (or for general statements) define a general recursive rule for evaluating the on any state. } Goal: inputs (readstring) do not interfere with what is sent to the database (dbquery argument).
41 Rules for Information Flow } Expressions } evalexp( z * 0 ){y=1, z=2}{y = NotTainted, z=tainted} } evalexp( y + z ){y=1, z=2}{y= NotTainted, z=tainted} } general: evalexp( expl + expr ) S SL } general: evalexp( readstring ) S SL //assuming the string hello will be read } evalexp( dbquery(x) ) {x= knock knock }{x = NotTainted} // assuming the database will return who is there? } evalexp( dbquery(x) ) {x= knock knock }{x = Tainted} // assuming the database will return who is there? } general: evalexp( dbquery(exp) ) S SL // assuming the database will return who is there?
42 Rules for Information Flow } Statements } evalstmt( x = y + z ){y = 1,z=2}{y = NotTainted, z=tainted} } general: evalstmt( var = expl + expr ) S SL } evalstmt( if x > 2: x = x + 10 ){x=3}{x=tainted} } evalstmt( if x > 2: y = 1 ){y=0, x=3}{x=tainted} } evalstmt( if (x == hello ): dbquery( there ) ) {x= not hello }{x=tainted} } general: evalstmt( if exp then stmt ) S SL } problem? (see goal a few slides ago)
Towards information flow control. Chaire Informatique et sciences numériques Collège de France, cours du 30 mars 2011
Towards information flow control Chaire Informatique et sciences numériques Collège de France, cours du 30 mars 2011 Mandatory access controls and security levels DAC vs. MAC Discretionary access control
More informationCPSC 91 Computer Security Fall Computer Security. Assignment #3 Solutions
CPSC 91 Computer Security Assignment #3 Solutions 1. Show that breaking the semantic security of a scheme reduces to recovering the message. Solution: Suppose that A O( ) is a message recovery adversary
More informationCMSC 631 Program Analysis and Understanding. Spring Data Flow Analysis
CMSC 631 Program Analysis and Understanding Spring 2013 Data Flow Analysis Data Flow Analysis A framework for proving facts about programs Reasons about lots of little facts Little or no interaction between
More informationBob Brown Math 251 Calculus 1 Chapter 4, Section 1 Completed 1 CCBC Dundalk
Bob Brown Math 251 Calculus 1 Chapter 4, Section 1 Completed 1 Absolute (or Global) Minima and Maxima Def.: Let x = c be a number in the domain of a function f. f has an absolute (or, global ) minimum
More informationMath Released Item Algebra 1. System of Inequalities VF648815
Math Released Item 2016 Algebra 1 System of Inequalities VF648815 Prompt Rubric Task is worth a total of 3 points. VF648815 Rubric Part A Score Description 1 Student response includes the following element.
More informationUndecidability and Rice s Theorem. Lecture 26, December 3 CS 374, Fall 2015
Undecidability and Rice s Theorem Lecture 26, December 3 CS 374, Fall 2015 UNDECIDABLE EXP NP P R E RECURSIVE Recap: Universal TM U We saw a TM U such that L(U) = { (z,w) M z accepts w} Thus, U is a stored-program
More informationLecture 38: Secure Multi-party Computation MPC
Lecture 38: Secure Multi-party Computation Problem Statement I Suppose Alice has private input x, and Bob has private input y Alice and Bob are interested in computing z = f (x, y) such that each party
More informationEDA045F: Program Analysis LECTURE 10: TYPES 1. Christoph Reichenbach
EDA045F: Program Analysis LECTURE 10: TYPES 1 Christoph Reichenbach In the last lecture... Performance Counters Challenges in Dynamic Performance Analysis Taint Analysis Binary Instrumentation 2 / 44 Types
More informationDynamic Noninterference Analysis Using Context Sensitive Static Analyses. Gurvan Le Guernic July 14, 2007
Dynamic Noninterference Analysis Using Context Sensitive Static Analyses Gurvan Le Guernic July 14, 2007 1 Abstract This report proposes a dynamic noninterference analysis for sequential programs. This
More informationMATH 137 : Calculus 1 for Honours Mathematics. Online Assignment #2. Introduction to Sequences
1 MATH 137 : Calculus 1 for Honours Mathematics Online Assignment #2 Introduction to Sequences Due by 9:00 pm on WEDNESDAY, September 19, 2018 Instructions: Weight: 2% This assignment covers the topics
More informationLecture 11: Non-Interactive Zero-Knowledge II. 1 Non-Interactive Zero-Knowledge in the Hidden-Bits Model for the Graph Hamiltonian problem
CS 276 Cryptography Oct 8, 2014 Lecture 11: Non-Interactive Zero-Knowledge II Instructor: Sanjam Garg Scribe: Rafael Dutra 1 Non-Interactive Zero-Knowledge in the Hidden-Bits Model for the Graph Hamiltonian
More informationReasoning About Imperative Programs. COS 441 Slides 10b
Reasoning About Imperative Programs COS 441 Slides 10b Last time Hoare Logic: { P } C { Q } Agenda If P is true in the initial state s. And C in state s evaluates to s. Then Q must be true in s. Program
More informationDataflow Analysis. A sample program int fib10(void) { int n = 10; int older = 0; int old = 1; Simple Constant Propagation
-74 Lecture 2 Dataflow Analysis Basic Blocks Related Optimizations SSA Copyright Seth Copen Goldstein 200-8 Dataflow Analysis Last time we looked at code transformations Constant propagation Copy propagation
More informationCS 4110 Programming Languages & Logics. Lecture 16 Programming in the λ-calculus
CS 4110 Programming Languages & Logics Lecture 16 Programming in the λ-calculus 30 September 2016 Review: Church Booleans 2 We can encode TRUE, FALSE, and IF, as: TRUE λx. λy. x FALSE λx. λy. y IF λb.
More informationLecture 9 Julie Staub Avi Dalal Abheek Anand Gelareh Taban. 1 Introduction. 2 Background. CMSC 858K Advanced Topics in Cryptography February 24, 2004
CMSC 858K Advanced Topics in Cryptography February 24, 2004 Lecturer: Jonathan Katz Lecture 9 Scribe(s): Julie Staub Avi Dalal Abheek Anand Gelareh Taban 1 Introduction In previous lectures, we constructed
More informationDiscrete Mathematics
Discrete Mathematics Discrete mathematics is devoted to the study of discrete or distinct unconnected objects. Classical mathematics deals with functions on real numbers. Real numbers form a continuous
More informationInformation Flow Inference for ML
POPL 02 INRIA Rocquencourt Projet Cristal Francois.Pottier@inria.fr http://cristal.inria.fr/~fpottier/ Vincent.Simonet@inria.fr http://cristal.inria.fr/~simonet/ Information flow analysis account number
More informationThe Laws of Cryptography Zero-Knowledge Protocols
26 The Laws of Cryptography Zero-Knowledge Protocols 26.1 The Classes NP and NP-complete. 26.2 Zero-Knowledge Proofs. 26.3 Hamiltonian Cycles. An NP-complete problem known as the Hamiltonian Cycle Problem
More informationCSE 331 Winter 2018 Reasoning About Code I
CSE 331 Winter 2018 Reasoning About Code I Notes by Krysta Yousoufian Original lectures by Hal Perkins Additional contributions from Michael Ernst, David Notkin, and Dan Grossman These notes cover most
More informationInf2D 06: Logical Agents: Knowledge Bases and the Wumpus World
Inf2D 06: Logical Agents: Knowledge Bases and the Wumpus World School of Informatics, University of Edinburgh 26/01/18 Slide Credits: Jacques Fleuriot, Michael Rovatsos, Michael Herrmann Outline Knowledge-based
More informationDatabases Exam HT2016 Solution
Databases Exam HT2016 Solution Solution 1a Solution 1b Trainer ( ssn ) Pokemon ( ssn, name ) ssn - > Trainer. ssn Club ( name, city, street, streetnumber ) MemberOf ( ssn, name, city ) ssn - > Trainer.
More informationLoop Convergence. CS 536: Science of Programming, Fall 2018
Solved Loop Convergence CS 536: Science of Programming, Fall 2018 A. Why Diverging programs aren t useful, so it s useful to know how to show that loops terminate. B. Objectives At the end of this lecture
More informationTHE LOGIC OF COMPOUND STATEMENTS
THE LOGIC OF COMPOUND STATEMENTS All dogs have four legs. All tables have four legs. Therefore, all dogs are tables LOGIC Logic is a science of the necessary laws of thought, without which no employment
More informationVIDEO Intypedia008en LESSON 8: SECRET SHARING PROTOCOL. AUTHOR: Luis Hernández Encinas. Spanish Scientific Research Council in Madrid, Spain
VIDEO Intypedia008en LESSON 8: SECRET SHARING PROTOCOL AUTHOR: Luis Hernández Encinas Spanish Scientific Research Council in Madrid, Spain Hello and welcome to Intypedia. We have learned many things about
More informationBob Brown Math 251 Calculus 1 Chapter 4, Section 4 1 CCBC Dundalk
Bob Brown Math 251 Calculus 1 Chapter 4, Section 4 1 A Function and its Second Derivative Recall page 4 of Handout 3.1 where we encountered the third degree polynomial f(x) = x 3 5x 2 4x + 20. Its derivative
More informationStatic Program Analysis
Static Program Analysis Xiangyu Zhang The slides are compiled from Alex Aiken s Michael D. Ernst s Sorin Lerner s A Scary Outline Type-based analysis Data-flow analysis Abstract interpretation Theorem
More informationA Short Introduction to Hoare Logic
A Short Introduction to Hoare Logic Supratik Chakraborty I.I.T. Bombay June 23, 2008 Supratik Chakraborty (I.I.T. Bombay) A Short Introduction to Hoare Logic June 23, 2008 1 / 34 Motivation Assertion checking
More informationTuring Machine Recap
Turing Machine Recap DFA with (infinite) tape. One move: read, write, move, change state. High-level Points Church-Turing thesis: TMs are the most general computing devices. So far no counter example Every
More informationComputability Crib Sheet
Computer Science and Engineering, UCSD Winter 10 CSE 200: Computability and Complexity Instructor: Mihir Bellare Computability Crib Sheet January 3, 2010 Computability Crib Sheet This is a quick reference
More informationATLAS of Biochemistry
ATLAS of Biochemistry USER GUIDE http://lcsb-databases.epfl.ch/atlas/ CONTENT 1 2 3 GET STARTED Create your user account NAVIGATE Curated KEGG reactions ATLAS reactions Pathways Maps USE IT! Fill a gap
More informationModels of Computation, Recall Register Machines. A register machine (sometimes abbreviated to RM) is specified by:
Models of Computation, 2010 1 Definition Recall Register Machines A register machine (sometimes abbreviated M) is specified by: Slide 1 finitely many registers R 0, R 1,..., R n, each capable of storing
More informationIntroduction to Cryptography Lecture 13
Introduction to Cryptography Lecture 13 Benny Pinkas June 5, 2011 Introduction to Cryptography, Benny Pinkas page 1 Electronic cash June 5, 2011 Introduction to Cryptography, Benny Pinkas page 2 Simple
More informationCOMPUTER SCIENCE TRIPOS
CST.2016.6.1 COMPUTER SCIENCE TRIPOS Part IB Thursday 2 June 2016 1.30 to 4.30 COMPUTER SCIENCE Paper 6 Answer five questions. Submit the answers in five separate bundles, each with its own cover sheet.
More informationEquational Logic and Term Rewriting: Lecture I
Why so many logics? You all know classical propositional logic. Why would we want anything more? Equational Logic and Term Rewriting: Lecture I One reason is that we might want to change some basic logical
More informationLogic: Bottom-up & Top-down proof procedures
Logic: Bottom-up & Top-down proof procedures Alan Mackworth UBC CS 322 Logic 3 March 4, 2013 P & M Textbook 5.2 Lecture Overview Recap: Soundness, Completeness, Bottom-up proof procedure Bottom-up Proof
More information1 Secure two-party computation
CSCI 5440: Cryptography Lecture 7 The Chinese University of Hong Kong, Spring 2018 26 and 27 February 2018 In the first half of the course we covered the basic cryptographic primitives that enable secure
More informationMODAL LOGIC WITH SUBJUNCTIVE MARKERS: A NEW PERSPECTIVE ON RIGID DESIGNATION
MODAL LOGIC WITH SUBJUNCTIVE MARKERS: A NEW PERSPECTIVE ON RIGID DESIGNATION Helge Rückert Department of Philosophy University of Saarbrücken, Germany Abstract: According to Kripke
More information'XNH8QLYHUVLW\ (GPXQG73UDWW-U6FKRRORI(QJLQHHULQJ. EGR 103L Fall Test 2. Michael R. Gustafson II
'XNH8QLYHUVLW\ (GPXQG73UDWW-U6FKRRORI(QJLQHHULQJ EGR 103L Fall 2017 Test 2 Michael R. Gustafson II Name (please print) NET ID (please print): In keeping with the Community Standard, I have neither provided
More informationDataflow Analysis Lecture 2. Simple Constant Propagation. A sample program int fib10(void) {
-4 Lecture Dataflow Analysis Basic Blocks Related Optimizations Copyright Seth Copen Goldstein 00 Dataflow Analysis Last time we looked at code transformations Constant propagation Copy propagation Common
More informationLecture 5, CPA Secure Encryption from PRFs
CS 4501-6501 Topics in Cryptography 16 Feb 2018 Lecture 5, CPA Secure Encryption from PRFs Lecturer: Mohammad Mahmoody Scribe: J. Fu, D. Anderson, W. Chao, and Y. Yu 1 Review Ralling: CPA Security and
More informationEntanglement and information
Ph95a lecture notes for 0/29/0 Entanglement and information Lately we ve spent a lot of time examining properties of entangled states such as ab è 2 0 a b è Ý a 0 b è. We have learned that they exhibit
More informationCHAPTER 1. Relations. 1. Relations and Their Properties. Discussion
CHAPTER 1 Relations 1. Relations and Their Properties 1.1. Definition of a Relation. Definition 1.1.1. A binary relation from a set A to a set B is a subset R A B. If (a, b) R we say a is Related to b
More informationCTL Model Checking. Wishnu Prasetya.
CTL Model Checking Wishnu Prasetya wishnu@cs.uu.nl www.cs.uu.nl/docs/vakken/pv Background Example: verification of web applications à e.g. to prove existence of a path from page A to page B. Use of CTL
More informationk-nearest Neighbor Classification over Semantically Secure Encry
k-nearest Neighbor Classification over Semantically Secure Encrypted Relational Data Reporter:Ximeng Liu Supervisor: Rongxing Lu School of EEE, NTU May 9, 2014 1 2 3 4 5 Outline 1. Samanthula B K, Elmehdwi
More informationProgramming Language Concepts, CS2104 Lecture 3
Programming Language Concepts, CS2104 Lecture 3 Statements, Kernel Language, Abstract Machine 31 Aug 2007 CS2104, Lecture 3 1 Reminder of last lecture Programming language definition: syntax, semantics
More informationVerifiable Security of Boneh-Franklin Identity-Based Encryption. Federico Olmedo Gilles Barthe Santiago Zanella Béguelin
Verifiable Security of Boneh-Franklin Identity-Based Encryption Federico Olmedo Gilles Barthe Santiago Zanella Béguelin IMDEA Software Institute, Madrid, Spain 5 th International Conference on Provable
More informationChapter 1 :: Bird s-eye View Approach to Algebra CHAPTER. Bird s-eye View Approach to Algebra
Chapter 1 :: Bird s-eye View Approach to Algebra CHAPTER 1 Bird s-eye View Approach to Algebra 23 Kim :: Advanced Math Workbook for the SAT 1.1 :: Factor Out! try it yourself Try these four sample questions
More informationHandling Encryption in an Analysis for Secure Information Flow
Handling Encryption in an Analysis for Secure Information Flow Peeter Laud peeter l@ut.ee Tartu Ülikool Cybernetica AS ESOP 2003, 7.-11.04.2003 p.1/15 Overview Some words about the overall approach. Definition
More information1. Consider the conditional E = p q r. Use de Morgan s laws to write simplified versions of the following : The negation of E : 5 points
Introduction to Discrete Mathematics 3450:208 Test 1 1. Consider the conditional E = p q r. Use de Morgan s laws to write simplified versions of the following : The negation of E : The inverse of E : The
More informationControl Flow Analysis of Security Protocols (I)
Control Flow Analysis of Security Protocols (I) Mikael Buchholtz 02913 F2005 Mikael Buchholtz p. 1 History of Protocol Analysis Needham-Schroeder 78 Dolev-Yao 81 Algebraic view of cryptography 02913 F2005
More informationLecture 2: Program Obfuscation - II April 1, 2009
Advanced Topics in Cryptography Lecture 2: Program Obfuscation - II April 1, 2009 Lecturer: S. Goldwasser, M. Naor Scribe by: R. Marianer, R. Rothblum Updated: May 3, 2009 1 Introduction Barak et-al[1]
More informationMultiparty Computation
Multiparty Computation Principle There is a (randomized) function f : ({0, 1} l ) n ({0, 1} l ) n. There are n parties, P 1,...,P n. Some of them may be adversarial. Two forms of adversarial behaviour:
More information18733: Applied Cryptography Anupam Datta (CMU) Course Overview
18733: Applied Cryptography Anupam Datta (CMU) Course Overview Logistics Introductions Instructor: Anupam Datta Office hours: SV Bldg 23, #208 + Google Hangout (id: danupam) Office hours: Mon 1:30-2:30
More informationImproving Helios with Everlasting Privacy Towards the Public Denise Demirel, Jeroen van de Graaf, Roberto Araújo
Improving Helios with Everlasting Privacy Towards the Public Denise Demirel, Jeroen van de Graaf, Roberto Araúo 15.08.2012 Fachbereich 20 CDC Denise Demirel 1 Helios Introduced 2008 by Ben Adida Web application
More informationPublic Key Cryptography
Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:
More informationMechanics of Static Analysis
Escuela 03 III / 1 Mechanics of Static Analysis David Schmidt Kansas State University www.cis.ksu.edu/~schmidt Escuela 03 III / 2 Outline 1. Small-step semantics: trace generation 2. State generation and
More informationMandatory Access Control (MAC)
CS 5323 Mandatory Access Control (MAC) Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 3 ravi.utsa@gmail.com www.profsandhu.com Ravi Sandhu 1 CS 5323 Lattice-Based Access Control (LBAC)
More informationExtensions to the Logic of All x are y: Verbs, Relative Clauses, and Only
1/53 Extensions to the Logic of All x are y: Verbs, Relative Clauses, and Only Larry Moss Indiana University Nordic Logic School August 7-11, 2017 2/53 An example that we ll see a few times Consider the
More informationReview. Principles of Programming Languages. Equality. The Diamond Property. The Church-Rosser Theorem. Corollaries. CSE 230: Winter 2007
CSE 230: Winter 2007 Principles of Programming Languages Lecture 12: The λ-calculus Ranjit Jhala UC San Diego Review The lambda calculus is a calculus of functions: e := x λx. e e 1 e 2 Several evaluation
More information5199/IOC5063 Theory of Cryptology, 2014 Fall
5199/IOC5063 Theory of Cryptology, 2014 Fall Homework 2 Reference Solution 1. This is about the RSA common modulus problem. Consider that two users A and B use the same modulus n = 146171 for the RSA encryption.
More informationLecture Summary. 2 Simplified Cramer-Shoup. CMSC 858K Advanced Topics in Cryptography February 26, Chiu Yuen Koo Nikolai Yakovenko
CMSC 858K Advanced Topics in Cryptography February 26, 2004 Lecturer: Jonathan Katz Lecture 10 Scribe(s): Jeffrey Blank Chiu Yuen Koo Nikolai Yakovenko 1 Summary We had previously begun to analyze the
More informationFast Cut-and-Choose Based Protocols for Malicious and Covert Adversaries
Fast Cut-and-Choose Based Protocols for Malicious and Covert Adversaries Yehuda Lindell Dept. of Computer Science Bar-Ilan University, Israel lindell@biu.ac.il February 8, 2015 Abstract In the setting
More informationLing 130 Notes: Syntax and Semantics of Propositional Logic
Ling 130 Notes: Syntax and Semantics of Propositional Logic Sophia A. Malamud January 21, 2011 1 Preliminaries. Goals: Motivate propositional logic syntax and inferencing. Feel comfortable manipulating
More informationIntelligent Agents. Pınar Yolum Utrecht University
Intelligent Agents Pınar Yolum p.yolum@uu.nl Utrecht University Logical Agents (Based mostly on the course slides from http://aima.cs.berkeley.edu/) Outline Knowledge-based agents Wumpus world Logic in
More informationProgramming Languages
CSE 230: Winter 2010 Principles of Programming Languages Lecture 10: Programming in λ-calculusc l l Ranjit Jhala UC San Diego Review The lambda calculus is a calculus of functions: e := x λx. e e 1 e 2
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474-01, Winter 2011 Lecture 7: Information flow control Eran Tromer 1 Slides credit: Max Krohn, MIT Ian Goldberg and Urs Hengartner, University of Waterloo
More informationToday s Topics. Methods of proof Relationships to logical equivalences. Important definitions Relationships to sets, relations Special functions
Today s Topics Set identities Methods of proof Relationships to logical equivalences Functions Important definitions Relationships to sets, relations Special functions Set identities help us manipulate
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Fun with Public-Key Tonight we ll Introduce some basic tools of public-key crypto Combine the tools to create more powerful tools Lay the ground work for substantial
More informationLynch 2017 Page 1 of 5. Math 150, Fall 2017 Exam 1 Form A Multiple Choice
Lynch 017 Page 1 of 5 Math 150, Fall 017 Exam 1 Form A Multiple Choice Last Name: First Name: Section Number: Student ID number: Directions: 1. No calculators, cell phones, or other electronic devices
More informationComputational Logic and the Quest for Greater Automation
Computational Logic and the Quest for Greater Automation Lawrence C Paulson, Distinguished Affiliated Professor for Logic in Informatics Technische Universität München (and Computer Laboratory, University
More informationLet f(x) = x, but the domain of f is the interval 0 x 1. Note
I.g Maximum and Minimum. Lagrange Multipliers Recall: Suppose we are given y = f(x). We recall that the maximum/minimum points occur at the following points: (1) where f = 0; (2) where f does not exist;
More informationAnnouncements. Today s Menu
Announcements Reading Assignment: > Nilsson chapters 13-14 Announcements: > LISP and Extra Credit Project Assigned Today s Handouts in WWW: > Homework 10-13 > Outline for Class 26 > www.mil.ufl.edu/eel5840
More informationCommitment Schemes and Zero-Knowledge Protocols (2011)
Commitment Schemes and Zero-Knowledge Protocols (2011) Ivan Damgård and Jesper Buus Nielsen Aarhus University, BRICS Abstract This article is an introduction to two fundamental primitives in cryptographic
More informationIdentity-based encryption
Identity-based encryption Michel Abdalla ENS & CNRS MPRI - Course 2-12-1 Michel Abdalla (ENS & CNRS) Identity-based encryption 1 / 43 Identity-based encryption (IBE) Goal: Allow senders to encrypt messages
More informationPrivate and Verifiable Interdomain Routing Decisions. Proofs of Correctness
Technical Report MS-CIS-12-10 Private and Verifiable Interdomain Routing Decisions Proofs of Correctness Mingchen Zhao University of Pennsylvania Andreas Haeberlen University of Pennsylvania Wenchao Zhou
More informationSponsored by: UGA Math Department and UGA Math Club. Ciphering Round / 2 minutes per problem October 21, 2017 WITH SOLUTIONS
Sponsored by: UGA Math Department and UGA Math Club Ciphering Round / 2 minutes per problem October 2, 207 WITH SOLUTIONS Problem. In a recent football game, team A had three times as many points as team
More informationLecture 10: Zero-Knowledge Proofs
Lecture 10: Zero-Knowledge Proofs Introduction to Modern Cryptography Benny Applebaum Tel-Aviv University Fall Semester, 2011 12 Some of these slides are based on note by Boaz Barak. Quo vadis? Eo Romam
More informationLTL Model Checking. Wishnu Prasetya.
LTL Model Checking Wishnu Prasetya wishnu@cs.uu.nl www.cs.uu.nl/docs/vakken/pv Overview This pack : Abstract model of programs Temporal properties Verification (via model checking) algorithm Concurrency
More informationPropositional Logic: Semantics and an Example
Propositional Logic: Semantics and an Example CPSC 322 Logic 2 Textbook 5.2 Propositional Logic: Semantics and an Example CPSC 322 Logic 2, Slide 1 Lecture Overview 1 Recap: Syntax 2 Propositional Definite
More informationCPSC 467b: Cryptography and Computer Security
Outline Authentication CPSC 467b: Cryptography and Computer Security Lecture 18 Michael J. Fischer Department of Computer Science Yale University March 29, 2010 Michael J. Fischer CPSC 467b, Lecture 18
More informationMathematical Foundations of Programming. Nicolai Kraus. Draft of February 15, 2018
Very short lecture notes: Mathematical Foundations of Programming University of Nottingham, Computer Science, module code G54FOP, Spring 2018 Nicolai Kraus Draft of February 15, 2018 What is this? This
More informationMath 2 Variable Manipulation Part 7 Absolute Value & Inequalities
Math 2 Variable Manipulation Part 7 Absolute Value & Inequalities 1 MATH 1 REVIEW SOLVING AN ABSOLUTE VALUE EQUATION Absolute value is a measure of distance; how far a number is from zero. In practice,
More informationEXP. LOGIC: M.Ziegler PSPACE. NPcomplete. School of Computing PSPACE CH #P PH. Martin Ziegler 박세원신승우조준희 ( 박찬수 ) complete. co- P NP. Re a ) Computation
EXP PSPACE complete PSPACE CH #P PH conpcomplete NPcomplete co- NP P NP P L NP School of Computing Martin Ziegler 박세원신승우조준희 ( 박찬수 ) Complexity and Re a ) Computation Please ask questions! Informal Logic
More informationLanguage-based Information Security. CS252r Spring 2012
Language-based Information Security CS252r Spring 2012 This course Survey of key concepts and hot topics in language-based information security The use of programming language abstractions and techniques
More informationAppalachian State University. Outline
Discrete Mathematics: Venn Diagrams and Logic 2 February 11, 2003 Jeff Hirst Appalachian State University 1 Outline Venn Diagrams: Representing unions and intersections Venn diagrams and Eulerian diagrams
More informationMath 10 - Unit 5 Final Review - Polynomials
Class: Date: Math 10 - Unit 5 Final Review - Polynomials Multiple Choice Identify the choice that best completes the statement or answers the question. 1. Factor the binomial 44a + 99a 2. a. a(44 + 99a)
More informationRoy L. Crole. Operational Semantics Abstract Machines and Correctness. University of Leicester, UK
Midlands Graduate School, University of Birmingham, April 2008 1 Operational Semantics Abstract Machines and Correctness Roy L. Crole University of Leicester, UK Midlands Graduate School, University of
More informationDeclarative Computation Model. Conditional. Case statement. Procedure values (2) Procedure values. Sequential declarative computation model
Declarative Computation Model Kernel language semantics revisited (VRH.4.5) From kernel to practical language (VRH.6) Exceptions (VRH.7) Carlos Varela RPI October 0, 009 Adapted with permission from: Seif
More informationPositive Results and Techniques for Obfuscation
Positive Results and Techniques for Obfuscation Benjamin Lynn Stanford University Manoj Prabhakaran Princeton University February 28, 2004 Amit Sahai Princeton University Abstract Informally, an obfuscator
More informationRegister machines L2 18
Register machines L2 18 Algorithms, informally L2 19 No precise definition of algorithm at the time Hilbert posed the Entscheidungsproblem, just examples. Common features of the examples: finite description
More informationMath.3336: Discrete Mathematics. Combinatorics: Basics of Counting
Math.3336: Discrete Mathematics Combinatorics: Basics of Counting Instructor: Dr. Blerina Xhabli Department of Mathematics, University of Houston https://www.math.uh.edu/ blerina Email: blerina@math.uh.edu
More information1 Propositional Logic
CS 2800, Logic and Computation Propositional Logic Lectures Pete Manolios Version: 384 Spring 2011 1 Propositional Logic The study of logic was initiated by the ancient Greeks, who were concerned with
More informationTDDD08 Tutorial 1. Who? From? When? 6 september Victor Lagerkvist (& Wªodek Drabent)
TDDD08 Tutorial 1 Who? From? Victor Lagerkvist (& Wªodek Drabent) Theoretical Computer Science Laboratory, Linköpings Universitet, Sweden When? 6 september 2015 1 / 18 Preparations Before you start with
More information- Why aren t there more quantum algorithms? - Quantum Programming Languages. By : Amanda Cieslak and Ahmana Tarin
- Why aren t there more quantum algorithms? - Quantum Programming Languages By : Amanda Cieslak and Ahmana Tarin Why aren t there more quantum algorithms? there are only a few problems for which quantum
More informationIntroduction to Axiomatic Semantics
Introduction to Axiomatic Semantics Meeting 9, CSCI 5535, Spring 2009 Announcements Homework 3 is out, due Mon Feb 16 No domain theory! Homework 1 is graded Feedback attached 14.2 (mean), 13 (median),
More informationA Practical Universal Circuit Construction and Secure Evaluation of Private Functions
A Practical Universal Circuit Construction and, Bell Labs, Murray Hill, NJ, USA http://www.cs.toronto.edu/~vlad/, University of Erlangen-Nuremberg, Germany http://thomaschneider.de Financial Cryptography
More informationExam 1. March 12th, CS525 - Midterm Exam Solutions
Name CWID Exam 1 March 12th, 2014 CS525 - Midterm Exam s Please leave this empty! 1 2 3 4 5 Sum Things that you are not allowed to use Personal notes Textbook Printed lecture notes Phone The exam is 90
More informationChapter 4: Computation tree logic
INFOF412 Formal verification of computer systems Chapter 4: Computation tree logic Mickael Randour Formal Methods and Verification group Computer Science Department, ULB March 2017 1 CTL: a specification
More informationCSE 200 Lecture Notes Turing machine vs. RAM machine vs. circuits
CSE 200 Lecture Notes Turing machine vs. RAM machine vs. circuits Chris Calabro January 13, 2016 1 RAM model There are many possible, roughly equivalent RAM models. Below we will define one in the fashion
More information1 Introduction. 2 Recap The Typed λ-calculus λ. 3 Simple Data Structures
CS 6110 S18 Lecture 21 Products, Sums, and Other Datatypes 1 Introduction In this lecture, we add constructs to the typed λ-calculus that allow working with more complicated data structures, such as pairs,
More information