DERIVING AND PROVING ABSTRACT NON-INTERFERENCE
|
|
- Dwayne Wilkerson
- 6 years ago
- Views:
Transcription
1 DERIVING AND PROVING ABSTRACT NON-INTERFERENCE Roberto Giacobazzi and Isabella Mastroeni Dipartimento di Informatica Università di Verona Italy Paris, February 20th, 2004 Deriving and Proving Abstract Non-interference p.1/34
2 The Problem The problem: Protect data confidentiality from erroneous/malicious attacks while data are processed Attack = disclosing properties of confidential data Access control by declaring data privileges! Deriving and Proving Abstract Non-interference p.2/34
3 The Problem The problem: Protect data confidentiality from erroneous/malicious attacks while data are processed Access control methods do not put constraints on how the information is propagated! Deriving and Proving Abstract Non-interference p.2/34
4 The Problem The problem: Protect data confidentiality from erroneous/malicious attacks while data are processed Description of the problem: Typing of data (and variables) in private (H) and public (L); Non-Interference: to prevent the results of the computation from leaking even partial information about private inputs! Explicit flow: caused by directly passing private data to a public variable: l := 2 h; Implicit flow: arise from control structure of the program: while h do l := l + 1; h := h 1. We consider only terminating computations! Deriving and Proving Abstract Non-interference p.2/34
5 The Goal IT IS ESSENTIAL TO KNOW HOW MUCH AN ATTACKER MAY LEARN FROM A PROGRAM! Goal: Automatically generate certificates about secure information flows Design of accurate security polices Static program analysis & verification techniques (types,cfa,dfa,...) Deriving and Proving Abstract Non-interference p.3/34
6 The Goal IT IS ESSENTIAL TO KNOW HOW MUCH AN ATTACKER MAY LEARN FROM A PROGRAM! Goal: Automatically generate certificates about secure information flows State of the art: Standard non-interference is far too restrictive No sensitive information can be disclosed Any change upon confidential data has not to be revealed by public ones Rigid security policy: L can flow into H but H cannot flow into L [Denning and Denning 77] Deriving and Proving Abstract Non-interference p.3/34
7 The Goal IT IS ESSENTIAL TO KNOW HOW MUCH AN ATTACKER MAY LEARN FROM A PROGRAM! Goal: Automatically generate certificates about secure information flows State of the art: Standard non-interference is far too restrictive Question: Is there a way to characterize what kind of information flows? Characterize the secrecy degree of a program H can flow into L unless a given property of H is disclosed Weakening standard non-interference (a challenge in language-based security [Sabelfeld & Myers 03]) Deriving and Proving Abstract Non-interference p.3/34
8 IDEA: Attackers as Abstract Interpretations while h do (l := l + 2; h := h 1) Deriving and Proving Abstract Non-interference p.4/34
9 IDEA: Attackers as Abstract Interpretations while h do (l := l + 2; h := h 1) There is an (implicit/absolute) flow from h into l The parity of l is not affected by any change of h... no information flow for parity! Deriving and Proving Abstract Non-interference p.4/34
10 IDEA: Attackers as Abstract Interpretations while h do (l := l + 2; h := h 1) The idea: Abstract non-interference Attackers as program analyzers Attackers can analyze I/O behaviour of public data Attackers perform static program analyses Abstract interpretation is a general method for specifying approximate semantics of programs [Cousot & Cousot 77] Attackers are abstract interpretations of program semantics Deriving and Proving Abstract Non-interference p.4/34
11 IDEA: Attackers as Abstract Interpretations The idea: Abstract non-interference Main results: Generalizing non-interference relatively to the attacker s power Making non-interference parametric on the attacker s point of view Checking abstract non-interference by abstract interpretation Systematic method for deriving attackers for programs by modifying abstractions Abstract Robust Declassification Deriving and Proving Abstract Non-interference p.4/34
12 Related works Refining security policies by constraining attackers Characterizing released information Deriving and Proving Abstract Non-interference p.5/34
13 Complexity: Refining security policies by constraining attackers Related works Security levels corresponding to how complex is attacking the program [Lowe 02] Deriving and Proving Abstract Non-interference p.5/34
14 Related works Refining security policies by constraining attackers Complexity: Security levels corresponding to how complex is attacking the program [Lowe 02] Quantitative measure: An absolute (approximate) quantitative evaluation of information leakage (number of statistical tests to disclose properties) [Di Pierro et al. 02] Deriving and Proving Abstract Non-interference p.5/34
15 Related works Characterizing released information Quantitative measure: Quantification of the information flowed by information theory [D. Clark et al. 03] Deriving and Proving Abstract Non-interference p.5/34
16 Related works Characterizing released information Quantitative measure: Quantification of the information flowed by information theory [D. Clark et al. 03] Robust declassification: The observational capability of the attacker is characterized by equivalence relations, then the information released is identified and declassified. [Zdancewic and Myers 01] Deriving and Proving Abstract Non-interference p.5/34
17 Standard non-interference One group of users [...] is noninterfering with another group of users if what the first group does [...] has no effect on what the second group of users can see [Goguen & Meseguer 82] Standard non-interference l : L, h 1, h 2 : H. P (h 1, l) L = P (h 2, l) L Deriving and Proving Abstract Non-interference p.6/34
18 Standard non-interference Standard non-interference l : L, h 1, h 2 : H. P (h 1, l) L = P (h 2, l) L EXAMPLE: while h do (l := l + 2; h := h 1). Deriving and Proving Abstract Non-interference p.6/34
19 Standard non-interference Standard non-interference l : L, h 1, h 2 : H. P (h 1, l) L = P (h 2, l) L EXAMPLE: while h do (l := l + 2; h := h 1). h = 0, l = 1 l = 1 h = 1, l = 1 l = 3 h = n, l = 1 l = 1 + 2n Deriving and Proving Abstract Non-interference p.6/34
20 Standard non-interference Standard non-interference l : L, h 1, h 2 : H. P (h 1, l) L = P (h 2, l) L EXAMPLE: while h do (l := l + 2; h := h 1). h = 0, l = 1 l = 1 h = 1, l = 1 l = 3 h = n, l = 1 l = 1 + 2n If l is unchanged then h is 0! There is an information flow from h into l. Deriving and Proving Abstract Non-interference p.6/34
21 Standard non-interference Standard non-interference l : L, h 1, h 2 : H. P (h 1, l) L = P (h 2, l) L EXAMPLE: while h do (l := l + 2; h := h 1). h = 0, l = 1 l = 1 h = 1, l = 1 l = 3 h = n, l = 1 l = 1 + 2n If l is unchanged then h is 0! There is an information flow from h into l. Note that if the input l is even/odd then the output l is even/odd! Deriving and Proving Abstract Non-interference p.6/34
22 Consider α, η Abs( (V L )): Abstracting non-interference I Standard non-interference l : L, h 1, h 2 : H. P (h 1, l) L = P (h 2, l) L Deriving and Proving Abstract Non-interference p.7/34
23 Consider α, η Abs( (V L )): Abstracting non-interference I Standard non-interference l : L, h 1, h 2 : H. P (h 1, l) L = P (h 2, l) L Narrow (abstract) non-interference [η]p(α): η(l 1 ) = η(l 2 ) α( P (h 1, l 1 ) L ) = α( P (h 2, l 2 ) L ) No change of H values and η-equivalent L values may affect the α abstraction of L outputs. Possible deceptive interference due to η-undistinguished L values! The more η is precise the less deceptive interference appears Deriving and Proving Abstract Non-interference p.7/34
24 Consider α, η Abs( (V L )): Abstracting non-interference I Standard non-interference l : L, h 1, h 2 : H. P (h 1, l) L = P (h 2, l) L Narrow (abstract) non-interference [η]p(α): η(l 1 ) = η(l 2 ) α( P (h 1, l 1 ) L ) = α( P (h 2, l 2 ) L ) EXAMPLE: [id]p(par) P= while h do (l := l + 2; h := h 1). h = 0, l = 1 Par(l) = odd h = 1, l = 1 Par(l) = odd h = n, l = 1 Par(l) = odd Deriving and Proving Abstract Non-interference p.7/34
25 Consider α, η Abs( (V L )): Abstracting non-interference I Standard non-interference l : L, h 1, h 2 : H. P (h 1, l) L = P (h 2, l) L Narrow (abstract) non-interference [η]p(α): η(l 1 ) = η(l 2 ) α( P (h 1, l 1 ) L ) = α( P (h 2, l 2 ) L ) EXAMPLE: [id]p(par) P= while h do (l := l + 2; h := h 1). h = 0, l = 1 Par(l) = odd h = 1, l = 1 Par(l) = odd h = n, l = 1 Par(l) = odd If l is odd/even then, independently from h, after the execution l is odd/even! There is not an information flow from h into the parity of l. Deriving and Proving Abstract Non-interference p.7/34
26 Consider α, η Abs( (V L )): Abstracting non-interference I Standard non-interference l : L, h 1, h 2 : H. P (h 1, l) L = P (h 2, l) L Narrow (abstract) non-interference [η]p(α): η(l 1 ) = η(l 2 ) α( P (h 1, l 1 ) L ) = α( P (h 2, l 2 ) L ) EXAMPLE II: [Par]P(Sign) P = l := 2 l h 2. h = 3, l = 2 (Par( 2) = even) Sign(l) = h = 1, l = 4 (Par( 4) = even) Sign(l) = Deriving and Proving Abstract Non-interference p.7/34
27 Consider α, η Abs( (V L )): Abstracting non-interference I Standard non-interference l : L, h 1, h 2 : H. P (h 1, l) L = P (h 2, l) L Narrow (abstract) non-interference [η]p(α): η(l 1 ) = η(l 2 ) α( P (h 1, l 1 ) L ) = α( P (h 2, l 2 ) L ) EXAMPLE II: [Par]P(Sign) P = l := 2 l h 2. h = 1, l = 4 (Par(4) = even) Sign(l) = + h = 1, l = 4 (Par( 4) = even) Sign(l) = The sign of the output l depends on the sign of the input l! There is a DECEPTIVE FLOW! Deriving and Proving Abstract Non-interference p.7/34
28 Consider α, η Abs( (V L )): Abstracting non-interference I Standard non-interference l : L, h 1, h 2 : H. P (h 1, l) L = P (h 2, l) L Narrow (abstract) non-interference [η]p(α): η(l 1 ) = η(l 2 ) α( P (h 1, l 1 ) L ) = α( P (h 2, l 2 ) L ) EXAMPLE II: [Par]P(Sign) P = l := 2 l h 2. h = 1, l = 4 (Par(4) = even) Sign(l) = + h = 1, l = 4 (Par( 4) = even) Sign(l) = The sign of the output l depends on the sign of the input l! There is a DECEPTIVE FLOW! We compute the semantics on the concrete value of the input l! Deriving and Proving Abstract Non-interference p.7/34
29 Abstracting non-interference II Consider α, η Abs( (V L )): Narrow (abstract) non-interference [η]p(α): η(l 1 ) = η(l 2 ) α( P (h 1, l 1 ) L ) = α( P (h 2, l 2 ) L ) Deriving and Proving Abstract Non-interference p.8/34
30 Abstracting non-interference II Consider α, η Abs( (V L )): Narrow (abstract) non-interference [η]p(α): η(l 1 ) = η(l 2 ) α( P (h 1, l 1 ) L ) = α( P (h 2, l 2 ) L ) Abstracting non-interference (η)p(α): η(l 1 )=η(l 2 ) α( P (h 1, η(l 1 )) L )=α( P (h 2, η(l 2 )) L ) No change of H values may affect the α abstraction of L outputs. No deceptive interference due to L data Deriving and Proving Abstract Non-interference p.8/34
31 Abstracting non-interference II Consider α, η Abs( (V L )): Narrow (abstract) non-interference [η]p(α): η(l 1 ) = η(l 2 ) α( P (h 1, l 1 ) L ) = α( P (h 2, l 2 ) L ) Abstracting non-interference (η)p(α): η(l 1 )=η(l 2 ) α( P (h 1, η(l 1 )) L )=α( P (h 2, η(l 2 )) L ) EXAMPLE: (Par)P(Sign) P = l := 2 l h 2. h = 3, Par(l) = even Sign(l) = I don t know h = 1, Par(l) = even Sign(l) = I don t know Deriving and Proving Abstract Non-interference p.8/34
32 Abstracting non-interference II Consider α, η Abs( (V L )): Narrow (abstract) non-interference [η]p(α): η(l 1 ) = η(l 2 ) α( P (h 1, l 1 ) L ) = α( P (h 2, l 2 ) L ) Abstracting non-interference (η)p(α): η(l 1 )=η(l 2 ) α( P (h 1, η(l 1 )) L )=α( P (h 2, η(l 2 )) L ) EXAMPLE: (Par)P(Sign) P = l := 2 l h 2. h = 3, Par(l) = even Sign(l) = I don t know h = 1, Par(l) = even Sign(l) = I don t know There is not an information flow from h into the sign of l. Deriving and Proving Abstract Non-interference p.8/34
33 Abstracting non-interference II Consider α, η Abs( (V L )): Narrow (abstract) non-interference [η]p(α): η(l 1 ) = η(l 2 ) α( P (h 1, l 1 ) L ) = α( P (h 2, l 2 ) L ) Abstracting non-interference (η)p(α): η(l 1 )=η(l 2 ) α( P (h 1, η(l 1 )) L )=α( P (h 2, η(l 2 )) L ) EXAMPLE II: (id)p(par) P = l := l h 2. h = 2, l = 1 Par(l) = even h = 3, l = 1 Par(l) = odd h = n, l = 1 Par(l) = Par(n) Deriving and Proving Abstract Non-interference p.8/34
34 Abstracting non-interference II Consider α, η Abs( (V L )): Narrow (abstract) non-interference [η]p(α): η(l 1 ) = η(l 2 ) α( P (h 1, l 1 ) L ) = α( P (h 2, l 2 ) L ) Abstracting non-interference (η)p(α): η(l 1 )=η(l 2 ) α( P (h 1, η(l 1 )) L )=α( P (h 2, η(l 2 )) L ) EXAMPLE II: (id)p(par) P = l := l h 2. h = 2, l = 1 Par(l) = even h = 3, l = 1 Par(l) = odd h = n, l = 1 Par(l) = Par(n) The parity of h is flowing into l! Deriving and Proving Abstract Non-interference p.8/34
35 Abstracting non-interference II Consider α, η Abs( (V L )): Narrow (abstract) non-interference [η]p(α): η(l 1 ) = η(l 2 ) α( P (h 1, l 1 ) L ) = α( P (h 2, l 2 ) L ) Abstracting non-interference (η)p(α): η(l 1 )=η(l 2 ) α( P (h 1, η(l 1 )) L )=α( P (h 2, η(l 2 )) L ) EXAMPLE II: (id)p(par) P = l := l h 2. h = 2, l = 1 Par(l) = even h = 3, l = 1 Par(l) = odd h = n, l = 1 Par(l) = Par(n) The parity of h is flowing into l! We are looking for flows from any possible property of h into l! Deriving and Proving Abstract Non-interference p.8/34
36 Consider α, η Abs( (V L )) and φ Abs( (V H )): Abstracting non-interference (η)p(α): η(l 1 )=η(l 2 ) α( P (h 1, η(l 1 )) L )=α( P (h 2, η(l 2 )) L ) Abstracting non-interference III Deriving and Proving Abstract Non-interference p.9/34
37 Consider α, η Abs( (V L )) and φ Abs( (V H )): Abstracting non-interference (η)p(α): η(l 1 )=η(l 2 ) α( P (h 1, η(l 1 )) L )=α( P (h 2, η(l 2 )) L ) Abstracting non-interference III Abstract non-interference (η)p(φ []α): η(l 1 )=η(l 2 ) α( P (φ(h 1 ), η(l 1 )) L )=α( P (φ(h 2 ), η(l 2 )) L ) No change of φ-equivalent H values may affect the α abstraction of L outputs. No deceptive interference due to L data;...φ does not flow into what α can see on the output Deriving and Proving Abstract Non-interference p.9/34
38 Consider α, η Abs( (V L )) and φ Abs( (V H )): Abstracting non-interference (η)p(α): η(l 1 )=η(l 2 ) α( P (h 1, η(l 1 )) L )=α( P (h 2, η(l 2 )) L ) Abstracting non-interference III Abstract non-interference (η)p(φ []α): η(l 1 )=η(l 2 ) α( P (φ(h 1 ), η(l 1 )) L )=α( P (φ(h 2 ), η(l 2 )) L ) EXAMPLE: (id)p(sign []Par) P = l := l h 2. Sign(h) = +, l = 1 Par(l) = I don t know Sign(h) =, l = 1 Par(l) = I don t know Deriving and Proving Abstract Non-interference p.9/34
39 Consider α, η Abs( (V L )) and φ Abs( (V H )): Abstracting non-interference (η)p(α): η(l 1 )=η(l 2 ) α( P (h 1, η(l 1 )) L )=α( P (h 2, η(l 2 )) L ) Abstracting non-interference III Abstract non-interference (η)p(φ []α): η(l 1 )=η(l 2 ) α( P (φ(h 1 ), η(l 1 )) L )=α( P (φ(h 2 ), η(l 2 )) L ) EXAMPLE: (id)p(sign []Par) P = l := l h 2. Sign(h) = +, l = 1 Par(l) = I don t know Sign(h) =, l = 1 Par(l) = I don t know There is not an information flow from the sign of h into the parity of l. Deriving and Proving Abstract Non-interference p.9/34
40 Basic properties [η]p( ) [η]p(α) β η. [β]p(α) [η]p(α) β α. [η]p(β) i. [η]p(α i ) [η]p( α i ) i I Deriving and Proving Abstract Non-interference p.10/34
41 Basic properties [η]p( ) [η]p(α) β η. [β]p(α) [η]p(α) β α. [η]p(β) i. [η]p(α i ) [η]p( α i ) i I (η)p(φ [] ) (η)p(φ []α) β α. (η)p(φ []β) i. (η)p(φ []α i ) (η)p(φ [] i I α i ) Deriving and Proving Abstract Non-interference p.10/34
42 Basic properties [η]p( ) [η]p(α) β η. [β]p(α) [η]p(α) β α. [η]p(β) i. [η]p(α i ) [η]p( α i ) i I (η)p(φ [] ) (η)p(φ []α) β α. (η)p(φ []β) i. (η)p(φ []α i ) (η)p(φ [] i I α i ) Standard non-interference: [id]p(id) = (id)p(id []id) Deriving and Proving Abstract Non-interference p.10/34
43 Basic properties [η]p( ) [η]p(α) β η. [β]p(α) [η]p(α) β α. [η]p(β) i. [η]p(α i ) [η]p( α i ) i I (η)p(φ [] ) (η)p(φ []α) β α. (η)p(φ []β) i. (η)p(φ []α i ) (η)p(φ [] i I α i ) [id]p(id) (η)p(id []α) (η)p(φ []α) Deriving and Proving Abstract Non-interference p.10/34
44 Basic properties [η]p( ) [η]p(α) β η. [β]p(α) [η]p(α) β α. [η]p(β) i. [η]p(α i ) [η]p( α i ) i I (η)p(φ [] ) (η)p(φ []α) β α. (η)p(φ []β) i. (η)p(φ []α i ) (η)p(φ [] i I α i ) [η]p(α) (η)p(id []α) (η)p(φ []α) Deriving and Proving Abstract Non-interference p.10/34
45 Basic properties [η]p( ) [η]p(α) β η. [β]p(α) [η]p(α) β α. [η]p(β) i. [η]p(α i ) [η]p( α i ) i I (η)p(φ [] ) (η)p(φ []α) β α. (η)p(φ []β) i. (η)p(φ []α i ) (η)p(φ [] i I α i ) [id]p(id) [η]p(α) due to deceptive flows Deriving and Proving Abstract Non-interference p.10/34
46 Deriving output attackers Abstract interpretation provides advanced methods for designing abstractions (refinement, simplification, compression...) [Giacobazzi & Ranzato 97] Designing abstractions = designing attackers Deriving and Proving Abstract Non-interference p.11/34
47 Deriving output attackers Abstract interpretation provides advanced methods for designing abstractions (refinement, simplification, compression...) [Giacobazzi & Ranzato 97] Designing abstractions = designing attackers Characterize the most concrete α such that (η)p(φ []α) [The most powerful output attacker] Deriving and Proving Abstract Non-interference p.11/34
48 Deriving output attackers The following theorems hold: Consider η Abs( (V L )): We characterize the function λη. [η] P (id) whose result is { } β [η]p(β). Deriving and Proving Abstract Non-interference p.11/34
49 Deriving output attackers The following theorems hold: Consider η Abs( (V L )): We characterize the function λη. [η] P (id) whose result is { } β [η]p(β). Consider η Abs( (V L )) and φ Abs( (V H )): We characterize the function λη. (η) P (φ []id) whose result is { } β (η)p(φ []β). Deriving and Proving Abstract Non-interference p.11/34
50 Deriving output attackers The following theorems hold: Consider η Abs( (V L )): We characterize the function λη. [η] P (id) whose result is { } β [η]p(β). Consider η Abs( (V L )) and φ Abs( (V H )): We characterize the function λη. (η) P (φ []id) whose result is { } β (η)p(φ []β). This would provide a certificate for security with a fixed input observation. Skip details Deriving and Proving Abstract Non-interference p.11/34
51 Characterizing Attackers Let η uco( (V L )), φ uco( (V H )): WHICH POINTS GUARANTEE NON-INTERFERENCE? Deriving and Proving Abstract Non-interference p.12/34
52 Characterizing Attackers Let η uco( (V L )), φ uco( (V H )): WHICH POINTS GUARANTEE NON-INTERFERENCE? Indistinguishable elements: Υ η { def } (l) = P (h, y) L P η(y) = η(l), h V H ; Υ η, φ { def } (l) = P (φ(h), η(l)) L P h V H Deriving and Proving Abstract Non-interference p.12/34
53 Characterizing Attackers Let η uco( (V L )), φ uco( (V H )): WHICH POINTS GUARANTEE NON-INTERFERENCE? Indistinguishable elements: Υ η { def } (l) = P (h, y) L P η(y) = η(l), h V H ; Υ η, φ { def } (l) = P (φ(h), η(l)) L P h V H Secret elements: Secr ε P (X) iff l V L. ( Z Υ ε P (l). Z X W Υε P (l). W X) Deriving and Proving Abstract Non-interference p.12/34
54 Graphically Consider X, Y (V L ), and Secr ε P of both: X Y Υ ε P (l 1) Υ ε P (l 3) Deriving and Proving Abstract Non-interference p.13/34
55 Graphically Consider X, Y (V L ), and Secr ε P of both: X Y Υ ε P (l 1) Υ ε P (l 3) Deriving and Proving Abstract Non-interference p.13/34
56 Graphically Consider X, Y (V L ), and Secr ε P of both: X Y Υ ε P (l 1) Υ ε P (l 3) Secr ε P (X) and Secrε P (Y) Deriving and Proving Abstract Non-interference p.13/34
57 Characterizing Attackers II Consider a program P, η uco( (V L )) and φ uco( (V H )) S η P ( (VL )) = { X (V L ) Secr η P (X) } is the most concrete domain K such that [η]p(k) Deriving and Proving Abstract Non-interference p.14/34
58 Characterizing Attackers II Consider a program P, η uco( (V L )) and φ uco( (V H )) S η P ( (VL )) = { X (V L ) Secr η P (X) } is the most concrete domain K such that [η]p(k) S η, φ { P ( (V L )) = X (V L ) Secr η,φ } P (X) is the most concrete domain K such that (η)p(φ []K) Deriving and Proving Abstract Non-interference p.14/34
59 Characterizing Attackers II Consider a program P, η uco( (V L )) and φ uco( (V H )) S η P ( (VL )) = { X (V L ) Secr η P (X) } is the most concrete domain K such that [η]p(k) S η, φ { P ( (V L )) = X (V L ) Secr η,φ } P (X) is the most concrete domain K such that (η)p(φ []K) The canonical attacker is obtained by a fix-point process! Deriving and Proving Abstract Non-interference p.14/34
60 Deriving Attackers I Let η uco( (V L )), φ uco( (V H )), P a program and η(l 1 ) = η(l 2 ): D P (η) WHICH ELEMENTS ARE ALWAYS NOT SECRET? Narrow (abstract) Non-Interference P (V H, η(l 1 )) P (h 1, l 1 ) P (h 2, l 2 ) Deriving and Proving Abstract Non-interference p.15/34
61 Deriving Attackers I Let η uco( (V L )), φ uco( (V H )), P a program and η(l 1 ) = η(l 2 ): WHICH ELEMENTS ARE ALWAYS NOT SECRET? D P (η) Narrow (abstract) Non-Interference P (V H, η(l 1 )) ρ( P (h 1, l 1 )) = ρ( P (h 2, l 2 )) ρ( P (h 1, l 1 )) ρ( P (h 2, l 2 )) X P (h 1, l 1 ) P (h 2, l 2 ) Deriving and Proving Abstract Non-interference p.15/34
62 Deriving Attackers I Let η uco( (V L )), φ uco( (V H )), P a program and η(l 1 ) = η(l 2 ): WHICH ELEMENTS ARE ALWAYS NOT SECRET? D P (η). Narrow (abstract) Non-Interference P (V H, η(l 1 )) ρ( P (h 1, l 1 )) = ρ( P (h 2, l 2 )) ρ( P (h 1, l 1 )) ρ( P (h 2, l 2 )) X P (h 1, l 1 ) P (h 2, l 2 ) Deriving and Proving Abstract Non-interference p.15/34
63 Deriving Attackers I Let η uco( (V L )), φ uco( (V H )), P a program and η(l 1 ) = η(l 2 ): WHICH ELEMENTS ARE ALWAYS NOT SECRET? D P (η). Abstract Non-Interference P (V H, η(l 1 )) ρ( P (φ(h 1 ), η(l 1 ))) ρ( P (φ(h 2 ), η(l 2 ))) ρ( P (φ(h 1 ), η(l 1 ))) = ρ( P (φ(h 2 ), η(l 2 ))) X P (φ(h 1 ), η(l 1 )) P (φ(h 2 ), η(l 2 )) P (h 1, η(l 1 )) P (h 2, η(l 2 )) P (h 1, l 1 ) P (h 2, l 2 ) Deriving and Proving Abstract Non-interference p.15/34
64 Deriving Attackers II Let η uco( (V L )), φ uco( (V H )), P a program and η(l 1 ) = η(l 2 ): FOR WHICH ELEMENTS WE HAVE TO VERIFY SECRECY? D P (η). Deriving and Proving Abstract Non-interference p.16/34
65 Deriving Attackers II Let η uco( (V L )), φ uco( (V H )), P a program and η(l 1 ) = η(l 2 ): FOR WHICH ELEMENTS WE HAVE TO VERIFY SECRECY? D P (η). P (V H, η(l 1 )) P (V H, η(l 2 )) P (φ(h 1 ), η(l 1 )) P (φ(h 2 ), η(l 1 )) P (φ(h 1 ), η(l 2 )) Deriving and Proving Abstract Non-interference p.16/34
66 Graphically Let η uco( (V L )), η(l 1 ) η(l 2 ): S ε P ( )D P (η). d 1 d 3 d 4 D P (η) d 2 Υ ε P (l 1) Υ ε P (l 2) Υ ε P (l 3) Υ ε P (l 4) Deriving and Proving Abstract Non-interference p.17/34
67 Graphically Let η uco( (V L )), η(l 1 ) η(l 2 ): S ε P () D P (η). d 1 d 3 d 4 D P (η) d 2 Υ ε P (l 1) Υ ε P (l 2) Υ ε P (l 3) Υ ε P (l 4) Deriving and Proving Abstract Non-interference p.17/34
68 Graphically Let η uco( (V L )), η(l 1 ) η(l 2 ): S ε P () D P (η). d 1 d 3 d 4 D P (η) d 2 Υ ε P (l 1) Υ ε P (l 2) Υ ε P (l 3) Υ ε P (l 4) Deriving and Proving Abstract Non-interference p.17/34
69 Graphically Let η uco( (V L )), η(l 1 ) η(l 2 ): S ε P ( D P (η)). d 1 d 3 d 4 D P (η) d 2 Υ ε P (l 1) Υ ε P (l 2) Υ ε P (l 3) Υ ε P (l 4) Deriving and Proving Abstract Non-interference p.17/34
70 Deriving Attackers III Let η uco( (V L )), φ uco( (V H )), φ(h 1 ) φ(h 2 ) and η(l 1 ) η(l 2 ): WHICH ELEMENTS ARE ALWAYS SECRET? Irr P (φ, η). Secr P (V H, η(l 1 )) P (V H, η(l 1 )) P (φ(h 2 ), η(l 1 )) P (φ(h 1 ), η(l 1 )) P (φ(h 1 ), η(l 2 )) Deriving and Proving Abstract Non-interference p.18/34
71 Deriving canonical attackers Abstract interpretation provides advanced methods for designing abstractions (refinement, simplification, compression...) [Giacobazzi & Ranzato 97] Transforming abstractions = transforming attackers Deriving and Proving Abstract Non-interference p.19/34
72 Deriving canonical attackers Abstract interpretation provides advanced methods for designing abstractions (refinement, simplification, compression...) [Giacobazzi & Ranzato 97] Transforming abstractions = transforming attackers Characterize the most concrete δ such that (δ)p(φ []δ) [The most powerful canonical attacker] This would provide a certificate for security. Deriving and Proving Abstract Non-interference p.19/34
73 Deriving canonical attackers λx. [X] P (id) is monotone on Abs( (V L )). [α]p(α) α = [α] P (id). lfp(λx. [X] P (id)) is the most concrete secure attacker for P for narrow abstract non-interference. Deriving and Proving Abstract Non-interference p.19/34
74 Deriving canonical attackers λx. [X] P (id) is monotone on Abs( (V L )). [α]p(α) α = [α] P (id). lfp(λx. [X] P (id)) is the most concrete secure attacker for P for narrow abstract non-interference. (α)p(φ []α) α = (α) P (φ []id) λx. (X) P (φ []id) X is extensive on Abs( (V L )). fix(λx. (X) P (φ []id) X) is a secure attacker for P for abstract non-interference. Deriving and Proving Abstract Non-interference p.19/34
75 Deriving canonical attackers EXAMPLE: P = while h do (l := l 2; h := h 1)... we derive a secure attacker π = { } ( n{2} N n 2N + 1 {{0}}): (π) P (id []π) h = 0, π(l) = 3{2} N h = 2, π(l) = 3{2} N π(l) = 3{2} N π(l) = 3{2} N In the program l is always multiplied by 2! Deriving and Proving Abstract Non-interference p.19/34
76 Consider a program P and its finite computations. Abstract robust declassification A passive attacker may be able to learn some information by observing the system but, by assumption, that information leakage is allowed by the security policy. [Zdancewic and Myers 2001] Deriving and Proving Abstract Non-interference p.20/34
77 Consider a program P and its finite computations. Abstract robust declassification A passive attacker may be able to learn some information by observing the system but, by assumption, that information leakage is allowed by the security policy. [Zdancewic and Myers 2001] We want to characterize the most concrete flow-irredundant property such that (η)p(φ α) [The maximal amount of information disclosed] This would provide a certificate for disclosed secrets. Deriving and Proving Abstract Non-interference p.20/34
78 Abstract robust declassification Consider the program P = l := l + (h mod 3) The transition system is such that < h, l > < h, l + (h mod 3) >. Consider η( (Z)) = {Z, [2, 4], [5, 8], {5}, } and α = id. Deriving and Proving Abstract Non-interference p.20/34
79 Abstract robust declassification Consider the program P = l := l + (h mod 3) The transition system is such that < h, l > < h, l + (h mod 3) >. Consider η( (Z)) = {Z, [2, 4], [5, 8], {5}, } and α = id. The flow is revealed when h 1 and h 2 differs in the values h 1 mod 3 and h 2 mod 3 φ = ({3Z, 3Z + 1, 3Z + 2}) is the maximal amount of information disclosed! Deriving and Proving Abstract Non-interference p.20/34
80 Proving Abstract Non-Interference We introduce a compositional proof-system for certifying abstract non-interference; Deriving and Proving Abstract Non-interference p.21/34
81 Proving Abstract Non-Interference We introduce a compositional proof-system for certifying abstract non-interference; PROOF-SYSTEM OF INVARIANTS I: {ρ} L c {ρ} L means that c is ρ-observably equivalent to the statement nil: {ρ} L c {ρ} L iff ρ( c (h, l) L ) = ρ(l) Deriving and Proving Abstract Non-interference p.21/34
82 Proving Abstract Non-Interference We introduce a compositional proof-system for certifying abstract non-interference; PROOF-SYSTEM OF INVARIANTS I: {ρ} L c {ρ} L means that c is ρ-observably equivalent to the statement nil: {ρ} L c {ρ} L iff ρ( c (h, l) L ) = ρ(l) PROOF-SYSTEM FOR DETERMINISTIC NARROW NON-INTERFERENCE N det : Syntax-driven certification of narrow non-interference for deterministic languages; PROOF-SYSTEM FOR NON-DETERMINISTIC NARROW NON-INTERFERENCE N Deriving and Proving Abstract Non-interference p.21/34
83 Proving Abstract Non-Interference We introduce a compositional proof-system for certifying abstract non-interference; PROOF-SYSTEM OF INVARIANTS I: {ρ} L c {ρ} L means that c is ρ-observably equivalent to the statement nil: {ρ} L c {ρ} L iff ρ( c (h, l) L ) = ρ(l) PROOF-SYSTEM FOR DETERMINISTIC NARROW NON-INTERFERENCE N det : Syntax-driven certification of narrow non-interference for deterministic languages; PROOF-SYSTEM FOR NON-DETERMINISTIC NARROW NON-INTERFERENCE N PROOF-SYSTEM FOR NON-DETERMINISTIC ABSTRACT NON-INTERFERENCE A: Syntax-driven certification of abstract non-interference for non-deterministic languages. Deriving and Proving Abstract Non-interference p.21/34
84 The invariants proof-system I I1: { } L c { } L I2: {ρ} L nil {ρ} L I3: x : H {ρ} L x := e {ρ} L I4: {ρ} e, x {ρ}, x : L {ρ} L x := e {ρ} L I5: {ρ} L c 1 {ρ} L, {ρ} L c 2 {ρ} L {ρ} L c 1 ; c 2 {ρ} L I6: {ρ} L c {ρ} L {ρ} L while x do c endw {ρ} L I7: {ρ } L c {ρ } L, ρ ρ {ρ} L c {ρ} L I8: i I. {ρ i } L c i {ρ i } L { i I ρ i} L i c i { i I ρ i} L Next Table Deriving and Proving Abstract Non-interference p.22/34
85 The assignment {ρ} e, x {ρ}, x : L {ρ} L x := e {ρ} L where {ρ} e, x {ρ} iff ρ(e [e](h, l)) = ρ(l x ). Deriving and Proving Abstract Non-interference p.23/34
86 The assignment {ρ} e, x {ρ}, x : L {ρ} L x := e {ρ} L where {ρ} e, x {ρ} iff ρ(e [e](h, l)) = ρ(l x ). EXAMPLE: Let e = l + 2. Then = {Sign} e, l {Sign} since if l = 1 Sign(l + 2) = Sign(1) = + Sign(l) = Deriving and Proving Abstract Non-interference p.23/34
87 The assignment {ρ} e, x {ρ}, x : L {ρ} L x := e {ρ} L where {ρ} e, x {ρ} iff ρ(e [e](h, l)) = ρ(l x ). EXAMPLE: Let e = l + 2. We have = {Par} e, l {Par}. Consider c = l := l + 2, we obtain that {Par} L l := l + 2 {Par} L Return Deriving and Proving Abstract Non-interference p.23/34
88 The sequential composition {ρ} L c 1 {ρ} L, {ρ} L c 2 {ρ} L {ρ} L c 1 ; c 2 {ρ} L Deriving and Proving Abstract Non-interference p.24/34
89 The sequential composition {ρ} L c 1 {ρ} L, {ρ} L c 2 {ρ} L {ρ} L c 1 ; c 2 {ρ} L EXAMPLE: Let c = l := l + 2; h := h + 1. { = {Par} L l := l + 2 {Par} L by Rule I4 = {Par} L h := h + 1 {Par} L by Rule I3 Deriving and Proving Abstract Non-interference p.24/34
90 The sequential composition {ρ} L c 1 {ρ} L, {ρ} L c 2 {ρ} L {ρ} L c 1 ; c 2 {ρ} L EXAMPLE: Let c = l := l + 2; h := h + 1. { = {Par} L l := l + 2 {Par} L by Rule I4 = {Par} L h := h + 1 {Par} L by Rule I3 = {Par} L l := l + 2; h := h + 1 {Par} L Return Deriving and Proving Abstract Non-interference p.24/34
91 The proof-system N det N1: [η] c (id) ρ [η]c(ρ) N2: [η]c( ) N3: [η]nil(ρ) N4: [η]e(ρ), [Π(η) Π(ρ)], x : L [η]x := e(ρ) N5: x : H, Π(η) Π(ρ) [η]x := e(ρ) N6: [η]c 1 (ρ), [ρ]c 2 (β) [η]c 1 ; c 2 (β) N7: {ρ} L c {ρ} L [ρ]while x do c endw(ρ) N8: i I. [η]c(ρ i ) [η]c( i I ρ i) N9: i I. [η]c(ρ i ) [η]c( i I ρ i) N10: [η ]c(ρ ), η η, ρ ρ [η]c(ρ) Next Table Deriving and Proving Abstract Non-interference p.25/34
92 The low assignment [η]e(ρ), [Π(η) Π(ρ)], x : L [η]x := e(ρ) where [η]e(ρ) iff ρ(e [e](h 1, l 1 )) = ρ(e [e](h 2, l 2 )). Deriving and Proving Abstract Non-interference p.26/34
93 The low assignment [η]e(ρ), [Π(η) Π(ρ)], x : L [η]x := e(ρ) where [η]e(ρ) iff ρ(e [e](h 1, l 1 )) = ρ(e [e](h 2, l 2 )). EXAMPLE: Let c = l 1 := 2 h l 2. Then = [ ]l 1 := 2 h l 2 (Par) since Par( l 1 := 2 h l 2 (h, l 1, 3 ) L ) = even, odd Par( l 1 := 2 h l 2 (h, l 1, 2 ) L ) = even, even This because (2) = (3) but Par(2) Par(3). Deriving and Proving Abstract Non-interference p.26/34
94 The low assignment [η]e(ρ), [Π(η) Π(ρ)], x : L [η]x := e(ρ) where [η]e(ρ) iff ρ(e [e](h 1, l 1 )) = ρ(e [e](h 2, l 2 )). NOTE: If there s only one low variable the condition Π(η) Π(ρ) is not necessary. EXAMPLE: Consider c = l := 2 h [ ]2 h(par) [ ]l := 2 h(par) Return Deriving and Proving Abstract Non-interference p.26/34
95 The high assignment x : H, Π(η) Π(ρ) [η]x := e(ρ) Deriving and Proving Abstract Non-interference p.27/34
96 The high assignment x : H, Π(η) Π(ρ) [η]x := e(ρ) EXAMPLE: Let c = h := h + 1. Then ρ( h := h + 1 (h 1, l 1 ) L ) = ρ(l 1 ) ρ( h := h + 1 (h 2, l 2 ) L ) = ρ(l 2 ) Therefore [η]h := h + 1(ρ) (η(l 1 ) = η(l 2 ) ρ(l 1 ) = ρ(l 2 )) Π(η) Π(ρ) Return Deriving and Proving Abstract Non-interference p.27/34
97 The proof-system N N1: [η] c (id) ρ [η]c(ρ) N2: [η]c( ) N3: [η]nil(ρ) N4: [η]e(ρ), [Π(η) Π(ρ)], x : L [η]x := e(ρ) N5: x : H, Π(η) Π(ρ) [η]x := e(ρ) N6: [η]c 1 ( (ρ)), [ρ]c 2 ( (β)) [η]c 1 ; c 2 ( (β)) N7: {ρ} L c {ρ} L [ρ]while x do c endw(ρ) N8: i I. [η]c(ρ i ) [η]c( i I ρ i) N9: i I. [η]c(ρ i ) [η]c( i I ρ i) N10: [η ]c(ρ ), η η, ρ ρ [η]c(ρ) N11: i I. [η i ]c i (ρ i ) [ i I η i] i c i ( i I ρ i) Next Table Deriving and Proving Abstract Non-interference p.28/34
98 The non-deterministic concatenation [η]c 1 ( (ρ)), [ρ]c 2 ( (β)) [η]c 1 ; c 2 ( (β)) Deriving and Proving Abstract Non-interference p.29/34
99 The non-deterministic concatenation [η]c 1 ( (ρ)), [ρ]c 2 ( (β)) [η]c 1 ; c 2 ( (β)) EXAMPLE: Let ρ = {Z, 4Z, 4Z + 1, 4Z + 2, 4Z + 3, } and c = c 1 ; c 2 = [ l := 1 (h mod 2) l := 2 (h mod 2) + 2 (1 (h mod 2)); l := (l mod 2) 4h + (1 (l mod 2)) (4h + 1) then h 2Z ρ( c 1 (h, l) L ) = ρ({1, 2}) = Z h 2Z + 1 ρ( c 1 (h, l) L ) = ρ({0, 2}) = Z [ ]c 1 (ρ) Deriving and Proving Abstract Non-interference p.29/34
100 The non-deterministic concatenation [η]c 1 ( (ρ)), [ρ]c 2 ( (β)) [η]c 1 ; c 2 ( (β)) EXAMPLE: Let ρ = {Z, 4Z, 4Z + 1, 4Z + 2, 4Z + 3, } and c = c 1 ; c 2 = [ [ ]c 1 (ρ) and l := 1 (h mod 2) l := 2 (h mod 2) + 2 (1 (h mod 2)); l := (l mod 2) 4h + (1 (l mod 2)) (4h + 1) l 2Z ρ( c 2 (h, l) L ) = ρ({4h + 1}) = 4Z + 1 l 2Z + 1 ρ( c 2 (h, l) L ) = ρ({4h}) = 4Z [ρ]c 2 (ρ) Deriving and Proving Abstract Non-interference p.29/34
101 The non-deterministic concatenation [η]c 1 ( (ρ)), [ρ]c 2 ( (β)) [η]c 1 ; c 2 ( (β)) EXAMPLE: Let ρ = {Z, 4Z, 4Z + 1, 4Z + 2, 4Z + 3, } and c = c 1 ; c 2 = [ [ ]c 1 (ρ) and [ρ]c 2 (ρ), but l := 1 (h mod 2) l := 2 (h mod 2) + 2 (1 (h mod 2)); l := (l mod 2) 4h + (1 (l mod 2)) (4h + 1) h 2Z ρ( c 1 ; c 2 (h, l) L ) = ρ({4h, 4h + 1}) = Z h 2Z + 1 ρ( c 1 ; c 2 (h, l) L ) = ρ({4h + 1}) = 4Z + 1 Return = [ ]c(ρ) Deriving and Proving Abstract Non-interference p.29/34
102 The proof-system A A1: (η) c (id) ρ (η)c(ρ) A2: (η)c( ) A3: (η)nil(ρ) A4: (η)e(ρ), x : L (η)x := e(ρ) A5: x : H (η)x := e(ρ) A6: (η)c 1 ( (ρ)), [ρ]c 2 ( (β)) (η)c 1 ; c 2 ( (β)) A7: {ρ} L c {ρ} L, x : H (ρ)while x do c endw(ρ) A8: (ρ)c(ρ), x : L (ρ)while x do c endw(ρ) A9: i I. (η)c i (ρ i ) (η) i c i ( i I ρ i) A10: (η)c(ρ ), ρ ρ (η)c(ρ) A11: i I. (η)c(ρ i ) (η)c( i I ρ i) A12: i I. (η)c(ρ i ) (η)c( i I ρ i) Theorems Deriving and Proving Abstract Non-interference p.30/34
103 The high assignment x : H (η)x := e(ρ) Deriving and Proving Abstract Non-interference p.31/34
104 The high assignment x : H (η)x := e(ρ) EXAMPLE: Let c = h := h + 1. Then Therefore ρ( h := h + 1 (h 1, η(l 1 )) L ) = ρ(η(l 1 )) ρ( h := h + 1 (h 2, η(l 2 )) L ) = ρ(η(l 2 )) [η]h := h + 1(ρ) (η(l 1 ) = η(l 2 ) ρ(η(l 1 )) = ρ(η(l 2 ))) Return Deriving and Proving Abstract Non-interference p.31/34
105 The concatenation (η)c 1 ( (ρ)), [ρ]c 2 ( (β)) (η)c 1 ; c 2 ( (β)) Deriving and Proving Abstract Non-interference p.32/34
106 The concatenation (η)c 1 ( (ρ)), [ρ]c 2 ( (β)) (η)c 1 ; c 2 ( (β)) EXAMPLE: Let ρ = {Z, 4Z, 4Z + 1, 4Z + 2, 4Z + 3, } and c = c 1 ; c 2 = [ l := (h mod 2)(2l mod 4) + (1 (h mod 2))(l mod 2 + 1); l := (l mod 2) 4h + (1 (l mod 2)) (4h + 1) then h 2Z ρ( c 1 (h, Z) L ) = ρ({1, 2}) = Z h 2Z + 1 ρ( c 1 (h, Z) L ) = ρ({0, 2}) = Z ( )c 1 (ρ) Deriving and Proving Abstract Non-interference p.32/34
107 The concatenation (η)c 1 ( (ρ)), [ρ]c 2 ( (β)) (η)c 1 ; c 2 ( (β)) EXAMPLE: Let ρ = {Z, 4Z, 4Z + 1, 4Z + 2, 4Z + 3, } and c = c 1 ; c 2 = ( )c 1 (ρ) and [ l := (h mod 2)(2l mod 4) + (1 (h mod 2))(l mod 2 + 1); l := (l mod 2) 4h + (1 (l mod 2)) (4h + 1) l 2Z ρ( c 2 (h, l) L ) = ρ({4h + 1}) = 4Z + 1 l 2Z + 1 ρ( c 2 (h, l) L ) = ρ({4h}) = 4Z [ρ]c 2 (ρ) Deriving and Proving Abstract Non-interference p.32/34
108 The concatenation (η)c 1 ( (ρ)), [ρ]c 2 ( (β)) (η)c 1 ; c 2 ( (β)) EXAMPLE: Let ρ = {Z, 4Z, 4Z + 1, 4Z + 2, 4Z + 3, } and c = c 1 ; c 2 = [ ( )c 1 (ρ) and [ρ]c 2 (ρ), but l := (h mod 2)(2l mod 4) + (1 (h mod 2))(l mod 2 + 1); l := (l mod 2) 4h + (1 (l mod 2)) (4h + 1) h 2Z ρ( c 1 ; c 2 (h, Z) L ) = ρ({4h, 4h + 1}) = Z h 2Z + 1 ρ( c 1 ; c 2 (h, Z) L ) = ρ({4h + 1}) = 4Z + 1 Return = ( )c(ρ) Deriving and Proving Abstract Non-interference p.32/34
109 Theorems T 1) The system I is correct. Deriving and Proving Abstract Non-interference p.33/34
110 Theorems T 1) The system I is correct. T 2) The system N det is complete but N det {N1} is correct. EXAMPLE: Let ρ = {2Z} { {n} n 2Z + 1 } and P = l := 4 h 2 + 4; c where c = while h do l := l mod 4; h := 0 endw. We have [ ]l := 4 h 2 + 4(ρ) and [ ]P(ρ) But = [ρ]while h do l := l mod 4; h := 0 endw(ρ): ρ( c (0, 5) L ) = 5 ρ( c (1, 5) L ) = 1 Deriving and Proving Abstract Non-interference p.33/34
111 Theorems T 1) The system I is correct. T 2) The system N det is complete but N det {N1} is correct. T 3) The system N is complete but N {N1} is correct. Deriving and Proving Abstract Non-interference p.33/34
112 Theorems T 1) The system I is correct. T 2) The system N det is complete but N det {N1} is correct. T 3) The system N is complete but N {N1} is correct. T 4) The system A is complete but A {A1} is correct. EXAMPLE: Let ρ = {Z, 2Z, 4Z, } and P = while h do l := (l mod 4) (l 4); h := 0 endw Then (ρ)p(ρ): But = {ρ} L P {ρ} L : ρ( P (h, 2Z) L ) = 2Z ρ( c (1, 2) L ) = ρ(0) = 4Z ρ(2) = 2Z Deriving and Proving Abstract Non-interference p.33/34
113 Theorems T 1) The system I is correct. T 2) The system N det is complete but N det {N1} is correct. T 3) The system N is complete but N {N1} is correct. T 4) The system A is complete but A {A1} is correct. T 5) The system N is stronger than A. EXAMPLE: Then = [Sign]P(Par) but N [Sign]P(Par) : P = h := h + 1; l := 2 h Sign(2) = Sign(3) and Par( h := h + 1 (h, 3) L ) = Par(3) = odd Par( h := h + 1 (h, 2) L ) = Par(2) = even Deriving and Proving Abstract Non-interference p.33/34
114 Theorems T 1) The system I is correct. T 2) The system N det is complete but N det {N1} is correct. T 3) The system N is complete but N {N1} is correct. T 4) The system A is complete but A {A1} is correct. T 5) The system N is stronger than A. EXAMPLE: P = h := h + 1; l := 2 h Then = [Sign]P(Par) but N [Sign]P(Par) while A (Sign)P(Par) Deriving and Proving Abstract Non-interference p.33/34
115 Discussion We map security of programs into the lattice of abstract interpretations: systematic methods for designing attackers and certificates security degrees compared in the lattice checking abstract non-interference by static program analysis Deriving and Proving Abstract Non-interference p.34/34
116 Discussion We map security of programs into the lattice of abstract interpretations: systematic methods for designing attackers and certificates security degrees compared in the lattice checking abstract non-interference by static program analysis Abstract non-interference is a semantics property the method is language independent (as any abstract interpretation) refined semantics may refine security: covert channels (termination, non-determinism, synchronization, probabilistic, etc...) is a matter of semantics! Deriving and Proving Abstract Non-interference p.34/34
117 Discussion We map security of programs into the lattice of abstract interpretations: systematic methods for designing attackers and certificates security degrees compared in the lattice checking abstract non-interference by static program analysis Abstract non-interference is a semantics property the method is language independent (as any abstract interpretation) refined semantics may refine security: covert channels (termination, non-determinism, synchronization, probabilistic, etc...) is a matter of semantics! How far is any practical application? program slicing may help in checking program secrecy! Construction of a PCC architecture. Deriving and Proving Abstract Non-interference p.34/34
Abstract Non-Interference - An Abstract Interpretation-based approach to Secure Information Flow
Isabella Mastroeni Abstract Non-Interference - An Abstract Interpretation-based approach to Secure Information Flow Ph.D. Thesis 31 Marzo 2005 Università degli Studi di Verona Dipartimento di Informatica
More informationDynamic Noninterference Analysis Using Context Sensitive Static Analyses. Gurvan Le Guernic July 14, 2007
Dynamic Noninterference Analysis Using Context Sensitive Static Analyses Gurvan Le Guernic July 14, 2007 1 Abstract This report proposes a dynamic noninterference analysis for sequential programs. This
More informationProgram Analysis Probably Counts
Probably Counts 1 c.hankin@imperial.ac.uk joint work with Alessandra Di Pierro 2 and Herbert Wiklicky 1 1 Department of Computing, 2 Dipartimento di Informatica, Università di Verona Computer Journal Lecture,
More informationTransforming Abstract Interpretations by Abstract Interpretation
Transorming Abstract Interpretations by Abstract Interpretation New Challenges in Language-based Security Roberto Giacobazzi and Isabella Mastroeni Dipartimento di Inormatica - Università di Verona - Verona,
More informationHigher-Order Abstract Non-Interference
Higher-Order Abstract Non-Interference Damiano Zanardini Dipartimento di Informatica, Università di Verona Strada Le Grazie 15, I-37134 Verona, Italy zanardini@sci.univr.it Abstract. This work proposes
More informationWeak Relative Pseudo-Complements of Closure Operators
Weak Relative Pseudo-Complements of Closure Operators Roberto Giacobazzi Catuscia Palamidessi Francesco Ranzato Dipartimento di Informatica, Università di Pisa Corso Italia 40, 56125 Pisa, Italy giaco@di.unipi.it
More informationLanguage-based Information Security. CS252r Spring 2012
Language-based Information Security CS252r Spring 2012 This course Survey of key concepts and hot topics in language-based information security The use of programming language abstractions and techniques
More informationA Cryptographic Decentralized Label Model
A Cryptographic Decentralized Label Model Jeffrey A. Vaughan and Steve Zdancewic Department of Computer and Information Science University of Pennsylvania IEEE Security and Privacy May 22, 2007 Information
More informationComplementing Logic Program Semantics
Complementing Logic Program Semantics Roberto Giacobazzi Francesco Ranzato Dipartimento di Informatica, Università di Pisa Corso Italia 40, 56125 Pisa, Italy giaco@di.unipi.it Dipartimento di Matematica
More informationProbabilistic Program Analysis
Probabilistic Program Analysis Data Flow Analysis and Regression Alessandra Di Pierro University of Verona, Italy alessandra.dipierro@univr.it Herbert Wiklicky Imperial College London, UK herbert@doc.ic.ac.uk
More informationRapporto di Ricerca CS
UNIVERSITÀ CA FOSCARI DI VENEZIA Dipartimento di Informatica Technical Report Series in Computer Science Rapporto di Ricerca CS-2009-6 Giugno 2009 M. Centenaro, R. Focardi, F.L. Luccio, G. Steel Type-based
More informationTowards information flow control. Chaire Informatique et sciences numériques Collège de France, cours du 30 mars 2011
Towards information flow control Chaire Informatique et sciences numériques Collège de France, cours du 30 mars 2011 Mandatory access controls and security levels DAC vs. MAC Discretionary access control
More informationPartial model checking via abstract interpretation
Partial model checking via abstract interpretation N. De Francesco, G. Lettieri, L. Martini, G. Vaglini Università di Pisa, Dipartimento di Ingegneria dell Informazione, sez. Informatica, Via Diotisalvi
More informationFormal Avenue for Chasing Metamorphic Malware
Formal Avenue for Chasing Metamorphic Malware Mila Dalla Preda University of Verona, Italy Joint work with Roberto Giacobazzi, Saumya Debray, Arun Lakhotia presented by Isabella Mastroeni CREST, May 30th
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474-01, Winter 2011 Lecture 7: Information flow control Eran Tromer 1 Slides credit: Max Krohn, MIT Ian Goldberg and Urs Hengartner, University of Waterloo
More informationHiding Information in Completeness Holes
Hiding Information in Completeness Holes New perspectives in code obfuscation and watermarking Roberto Giacobazzi Dipartimento di Informatica Università degli Studi di Verona Strada Le Grazie 15, 37134
More informationFast Probabilistic Simulation, Nontermination, and Secure Information Flow
Fast Probabilistic Simulation, Nontermination, and Secure Information Flow Geoffrey Smith Rafael Alpízar Florida International University {smithg,ralpi00}@cis.fiu.edu Abstract In secure information flow
More informationA Logic for Information Flow Analysis with an Application to Forward Slicing of Simple Imperative Programs
A Logic for Information Flow Analysis with an Application to Forward Slicing of Simple Imperative Programs Torben Amtoft and Anindya Banerjee a,1,2 a Department of Computing and Information Sciences Kansas
More informationTyping Noninterference for Reactive Programs
Typing Noninterference for Reactive Programs Ana Almeida Matos, Gérard Boudol and Ilaria Castellani June 7, 2004 Abstract We propose a type system to enforce the security property of noninterference in
More informationComplementation in Abstract Interpretation
Complementation in Abstract Interpretation Agostino Cortesi Gilberto Filé Roberto Giacobazzi Catuscia Palamidessi Francesco Ranzato Abstract. The reduced product of abstract domains is a rather well known
More informationAngelo Troina. Joint work with: Ruggero Lanotte (University of Insubria at Como) Andrea Maggiolo Schettini (University of Pisa)
Angelo Troina Dipartimento di Informatica, Università di Pisa, Italy Probabilistic Joint work with: Ruggero Lanotte (University of Insubria at Como) Andrea Maggiolo Schettini (University of Pisa) 1/23
More informationNon-interference. Christoph Sprenger and Sebastian Mödersheim. FMSEC Module 11, v.2 November 30, Department of Computer Science ETH Zurich
Non-interference Christoph Sprenger and Sebastian Mödersheim Department of Computer Science ETH Zurich FMSEC Module 11, v.2 November 30, 2009 Outline 1 Basic Non-interference Unwinding Access Control Interpretations
More informationA Certified Denotational Abstract Interpreter (Proof Pearl)
A Certified Denotational Abstract Interpreter (Proof Pearl) David Pichardie INRIA Rennes David Cachera IRISA / ENS Cachan (Bretagne) Static Analysis Static Analysis Static analysis by abstract interpretation
More informationThe Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security
The Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security Carlos Olarte and Frank D. Valencia INRIA /CNRS and LIX, Ecole Polytechnique Motivation Concurrent
More informationFoundations of Abstract Interpretation
Escuela 03 II / 1 Foundations of Abstract Interpretation David Schmidt Kansas State University www.cis.ksu.edu/~schmidt Escuela 03 II / 2 Outline 1. Lattices and continuous functions 2. Galois connections,
More informationCompositionality in SLD-derivations and their abstractions Marco Comini, Giorgio Levi and Maria Chiara Meo Dipartimento di Informatica, Universita di
Compositionality in SLD-derivations and their abstractions Marco Comini Giorgio Levi and Maria Chiara Meo Dipartimento di Informatica Universita di Pisa Corso Italia 40 56125 Pisa Italy fcomini levi meog@di.unipi.it
More informationIit Istituto di Informatica e Telematica
C Consiglio Nazionale delle Ricerche Specification and Analysis of Information Flow Properties for Distributed Systems R. Gorreri, F. Martinelli, I. Matteucci IIT TR-12/2010 Technical report Febbraio 2010
More informationSemantics and Verification
Semantics and Verification Lecture 2 informal introduction to CCS syntax of CCS semantics of CCS 1 / 12 Sequential Fragment Parallelism and Renaming CCS Basics (Sequential Fragment) Nil (or 0) process
More informationTrace semantics: towards a unification of parallel paradigms Stephen Brookes. Department of Computer Science Carnegie Mellon University
Trace semantics: towards a unification of parallel paradigms Stephen Brookes Department of Computer Science Carnegie Mellon University MFCSIT 2002 1 PARALLEL PARADIGMS State-based Shared-memory global
More informationPolicy Framings for Access Control
Policy Framings for Access Control Massimo Bartoletti Dipartimento di Informatica Università di Pisa, Italy bartolet@di.unipi.it Pierpaolo Degano Dipartimento di Informatica Università di Pisa, Italy degano@di.unipi.it
More informationStatic Program Analysis using Abstract Interpretation
Static Program Analysis using Abstract Interpretation Introduction Static Program Analysis Static program analysis consists of automatically discovering properties of a program that hold for all possible
More informationNon-Inference: An Information Flow Control Model for Location-based Services
Non-Inference: An Information Flow Control Model for Location-based Services Nishkam Ravi, Marco Gruteser* and Liviu Iftode Department of Computer Science, Rutgers University *WINLAB, ECE Department, Rutgers
More informationMaking Abstract Interpretations Complete
Making Abstract Interpretations Complete ROBERTO GIACOBAZZI Università di Verona, Verona, Italy FRANCESCO RANZATO Università di Padova, Padova, Italy AND FRANCESCA SCOZZARI École Polytechnique, Palaiseau,
More informationMandatory Access Control (MAC)
CS 5323 Mandatory Access Control (MAC) Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 3 ravi.utsa@gmail.com www.profsandhu.com Ravi Sandhu 1 CS 5323 Lattice-Based Access Control (LBAC)
More informationPublic Key Exchange by Neural Networks
Public Key Exchange by Neural Networks Zahir Tezcan Computer Engineering, Bilkent University, 06532 Ankara zahir@cs.bilkent.edu.tr Abstract. This work is a survey on the concept of neural cryptography,
More informationSecurity: Foundations, Security Policies, Capabilities
Department of Computer Science, Institute of Systems Architecture, Operating Systems Group Distributed Operating Systems Lecture 2014 Marcus Völp / Hermann Härtig Can you trust your system? to protect
More informationUsing Architecture to Reason about Information Security
Using Architecture to Reason about Information Security Ron van der Meyden (University of New South Wales Sydney, Australia) Joint work with Stephen Chong (Harvard) December 3, 2012 Overview Motivation:
More informationON DEFINING PROOFS OF KNOWLEDGE IN THE BARE PUBLIC-KEY MODEL
1 ON DEFINING PROOFS OF KNOWLEDGE IN THE BARE PUBLIC-KEY MODEL GIOVANNI DI CRESCENZO Telcordia Technologies, Piscataway, NJ, USA. E-mail: giovanni@research.telcordia.com IVAN VISCONTI Dipartimento di Informatica
More informationA Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols
ASIAN 07 A Formal Analysis for Capturing Replay Attacks in Cryptographic s Han Gao 1, Chiara Bodei 2, Pierpaolo Degano 2, Hanne Riis Nielson 1 Informatics and Mathematics Modelling, Technical University
More informationCollaborative Planning with Privacy
Collaborative Planning with Privacy Protocol exchange May 7, 2007 Max Kanovich 1, Paul Rowe 2, Andre Scedrov 2 1 Quenn Mary, University of London 2 University of Pennsylvania Context Many examples of collaboration
More informationDiscrete Fixpoint Approximation Methods in Program Static Analysis
Discrete Fixpoint Approximation Methods in Program Static Analysis P. Cousot Département de Mathématiques et Informatique École Normale Supérieure Paris
More informationQuantifying Information Flow with Beliefs
Quantifying Information Flow with Beliefs Michael R. Clarkson Andrew C. Myers Fred B. Schneider Department of Computer Science Cornell University {clarkson,andru,fbs}@cs.cornell.edu Abstract To reason
More informationDistributed Knowledge and Information Flow Security
Distributed Knowledge and Information Flow Security School of Computer Science and Engineering, University of New South Wales Sydney, Australia meyden@cse.unsw.edu.au http://www.cse.unsw.edu.au/ meyden
More informationSecure and Practical Identity-Based Encryption
Secure and Practical Identity-Based Encryption David Naccache Groupe de Cyptographie, Deṕartement d Informatique École Normale Supérieure 45 rue d Ulm, 75005 Paris, France david.nacache@ens.fr Abstract.
More informationInvariant Generation for Parametrized Systems using Self-Reflection
Invariant Generation for Parametrized Systems using Self-Reflection Alejandro Sánchez 1 César Sánchez 1,3 Sriram Sankaranarayanan 2 Bor-Yuh Evan Chang 2 1 IMDEA Software Institute, Spain 2 University of
More informationTopics in Model-Based Reasoning
Towards Integration of Proving and Solving Dipartimento di Informatica Università degli Studi di Verona Verona, Italy March, 2014 Automated reasoning Artificial Intelligence Automated Reasoning Computational
More informationRevisiting Cryptographic Accumulators, Additional Properties and Relations to other Primitives
S C I E N C E P A S S I O N T E C H N O L O G Y Revisiting Cryptographic Accumulators, Additional Properties and Relations to other Primitives David Derler, Christian Hanser, and Daniel Slamanig, IAIK,
More informationClasses and conversions
Classes and conversions Regular expressions Syntax: r = ε a r r r + r r Semantics: The language L r of a regular expression r is inductively defined as follows: L =, L ε = {ε}, L a = a L r r = L r L r
More informationGroupe de travail. Analysis of Mobile Systems by Abstract Interpretation
Groupe de travail Analysis of Mobile Systems by Abstract Interpretation Jérôme Feret École Normale Supérieure http://www.di.ens.fr/ feret 31/03/2005 Introduction I We propose a unifying framework to design
More informationQuantitative analysis of secure information flow via Probabilistic Semantics
Quantitative analysis of secure information flow via Probabilistic Semantics Chunyan Mu Department of Computer Science King s College London The Strand, London WCR LS Email: Chunyan.Mu@kcl.ac.uk David
More informationQuantifying Information Flow for Dynamic Secrets
Quantifying Information Flow for Dynamic Secrets Piotr (Peter) Mardziel, Mário S. Alvim, + Michael Hicks, and Michael R. Clarkson University of Maryland, College Park, + Universidade Federal de Minas Gerais,
More informationThe Quasi-Synchronous Approach to Distributed Control Systems
The Quasi-Synchronous Approach to Distributed Control Systems Paul Caspi caspi@imag.fr Verimag Laboratory http://www-verimag.imag.fr Crisys Esprit Project http://borneo.gmd.de/ ap/crisys/ The Quasi-Synchronous
More informationLecture 9 - Symmetric Encryption
0368.4162: Introduction to Cryptography Ran Canetti Lecture 9 - Symmetric Encryption 29 December 2008 Fall 2008 Scribes: R. Levi, M. Rosen 1 Introduction Encryption, or guaranteeing secrecy of information,
More informationEAHyper: Satisfiability, Implication, and Equivalence Checking of Hyperproperties
EAHyper: Satisfiability, Implication, and Equivalence Checking of Hyperproperties Bernd Finkbeiner, Christopher Hahn, and Marvin Stenger Saarland Informatics Campus, Saarland University, Saarbrücken, Germany
More informationBringing class diagrams to life
Bringing class diagrams to life Luis S. Barbosa & Sun Meng DI-CCTC, Minho University, Braga & CWI, Amsterdam UML & FM Workshop 2009 Rio de Janeiro 8 December, 2009 Formal Methods proofs problems structures
More informationProperty Checking of Safety- Critical Systems Mathematical Foundations and Concrete Algorithms
Property Checking of Safety- Critical Systems Mathematical Foundations and Concrete Algorithms Wen-ling Huang and Jan Peleska University of Bremen {huang,jp}@cs.uni-bremen.de MBT-Paradigm Model Is a partial
More informationVerifiable Security of Boneh-Franklin Identity-Based Encryption. Federico Olmedo Gilles Barthe Santiago Zanella Béguelin
Verifiable Security of Boneh-Franklin Identity-Based Encryption Federico Olmedo Gilles Barthe Santiago Zanella Béguelin IMDEA Software Institute, Madrid, Spain 5 th International Conference on Provable
More informationComplexity of automatic verification of cryptographic protocols
Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017 Vincent Cheval Equipe Pesto, INRIA, Nancy 1 Cryptographic protocols Communication on public network Cryptographic
More informationInformation Flow Analysis via Path Condition Refinement
Information Flow Analysis via Path Condition Refinement Mana Taghdiri, Gregor Snelting, Carsten Sinz Karlsruhe Institute of Technology, Germany FAST September 16, 2010 KIT University of the State of Baden-Wuerttemberg
More informationNotes on Abstract Interpretation
Notes on Abstract Interpretation Alexandru Sălcianu salcianu@mit.edu November 2001 1 Introduction This paper summarizes our view of the abstract interpretation field. It is based on the original abstract
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA: Review and Properties Factoring Algorithms Trapdoor One Way Functions PKC Based on Discrete Logs (Elgamal) Signature Schemes Lecture 8 Tel-Aviv University
More informationImproved High-Order Conversion From Boolean to Arithmetic Masking
Improved High-Order Conversion From Boolean to Arithmetic Masking Luk Bettale 1, Jean-Sébastien Coron 2, and Rina Zeitoun 1 1 IDEMIA, France luk.bettale@idemia.com, rina.zeitoun@idemia.com 2 University
More informationMonotonic Abstraction in Parameterized Verification
Monotonic Abstraction in Parameterized Verification Parosh Aziz Abdulla 1 Department of Information Technology Uppsala University Sweden Giorgio Delzanno 2 Dipartimento Informatica e Scienze dell Informazione
More informationHoming and Synchronizing Sequences
Homing and Synchronizing Sequences Sven Sandberg Information Technology Department Uppsala University Sweden 1 Outline 1. Motivations 2. Definitions and Examples 3. Algorithms (a) Current State Uncertainty
More informationG54FOP: Lecture 17 & 18 Denotational Semantics and Domain Theory III & IV
G54FOP: Lecture 17 & 18 Denotational Semantics and Domain Theory III & IV Henrik Nilsson University of Nottingham, UK G54FOP: Lecture 17 & 18 p.1/33 These Two Lectures Revisit attempt to define denotational
More informationSynthesis of Adaptive Side-Channel Attacks
Synthesis of Adaptive Side-Channel Attacks MALACARIA, P; Phan, Q-S; Pasareanu, C; Bang, L; Bultan, T; 2017 IEEE Computer Security Foundations Symposium (CSF) For additional information about this publication
More informationSpecifying and Verifying Systems of Communicating Agents in a Temporal Action Logic
Specifying and Verifying Systems of Communicating Agents in a Temporal Action Logic Laura Giordano 1, Alberto Martelli 2, Camilla Schwind 3 1 Dipartimento di Informatica, Università del Piemonte Orientale,
More informationNormalization by Evaluation
Normalization by Evaluation Andreas Abel Department of Computer Science and Engineering Chalmers and Gothenburg University PhD Seminar in Mathematical Engineering EAFIT University, Medellin, Colombia 9
More informationStatic Program Analysis
Static Program Analysis Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ss-18/spa/ Recap: Interprocedural Dataflow Analysis Outline of
More informationCommunicating Parallel Processes. Stephen Brookes
Communicating Parallel Processes Stephen Brookes Carnegie Mellon University Deconstructing CSP 1 CSP sequential processes input and output as primitives named parallel composition synchronized communication
More informationCours M.2-6 «Interprétation abstraite: applications à la vérification et à l analyse statique» Examen partiel. Patrick Cousot.
Master Parisien de Recherche en Informatique École normale supérieure Année scolaire 2010/2011 Cours M.2-6 «Interprétation abstraite: applications à la vérification et à l analyse statique» Examen partiel
More informationLecture 4 Chiu Yuen Koo Nikolai Yakovenko. 1 Summary. 2 Hybrid Encryption. CMSC 858K Advanced Topics in Cryptography February 5, 2004
CMSC 858K Advanced Topics in Cryptography February 5, 2004 Lecturer: Jonathan Katz Lecture 4 Scribe(s): Chiu Yuen Koo Nikolai Yakovenko Jeffrey Blank 1 Summary The focus of this lecture is efficient public-key
More informationProcess Algebras and Concurrent Systems
Process Algebras and Concurrent Systems Rocco De Nicola Dipartimento di Sistemi ed Informatica Università di Firenze Process Algebras and Concurrent Systems August 2006 R. De Nicola (DSI-UNIFI) Process
More informationModel Checking & Program Analysis
Model Checking & Program Analysis Markus Müller-Olm Dortmund University Overview Introduction Model Checking Flow Analysis Some Links between MC and FA Conclusion Apology for not giving proper credit to
More informationCompilers. Lexical analysis. Yannis Smaragdakis, U. Athens (original slides by Sam
Compilers Lecture 3 Lexical analysis Yannis Smaragdakis, U. Athens (original slides by Sam Guyer@Tufts) Big picture Source code Front End IR Back End Machine code Errors Front end responsibilities Check
More informationHigh-Order Conversion From Boolean to Arithmetic Masking
High-Order Conversion From Boolean to Arithmetic Masking Jean-Sébastien Coron University of Luxembourg jean-sebastien.coron@uni.lu Abstract. Masking with random values is an effective countermeasure against
More informationInformation Flow Inference for ML
POPL 02 INRIA Rocquencourt Projet Cristal Francois.Pottier@inria.fr http://cristal.inria.fr/~fpottier/ Vincent.Simonet@inria.fr http://cristal.inria.fr/~simonet/ Information flow analysis account number
More informationAutomatic determination of numerical properties of software and systems
Automatic determination of numerical properties of software and systems Eric Goubault and Sylvie Putot Modelling and Analysis of Interacting Systems, CEA LIST MASCOT-NUM 2012 Meeting, March 21-23, 2012
More informationAn Independence Relation for Sets of Secrets
Sara Miner More Pavel Naumov An Independence Relation for Sets of Secrets Abstract. A relation between two secrets, known in the literature as nondeducibility, was originally introduced by Sutherland.
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Previously on COS 433 Takeaway: Crypto is Hard Designing crypto is hard, even experts get it wrong Just because I don t know
More informationThe Underlying Semantics of Transition Systems
The Underlying Semantics of Transition Systems J. M. Crawford D. M. Goldschlag Technical Report 17 December 1987 Computational Logic Inc. 1717 W. 6th St. Suite 290 Austin, Texas 78703 (512) 322-9951 1
More informationA Humble Introduction to DIJKSTRA S A A DISCIPLINE OF PROGRAMMING
A Humble Introduction to DIJKSTRA S A A DISCIPLINE OF PROGRAMMING Do-Hyung Kim School of Computer Science and Engineering Sungshin Women s s University CONTENTS Bibliographic Information and Organization
More informationComputational security & Private key encryption
Computational security & Private key encryption Emma Arfelt Stud. BSc. Software Development Frederik Madsen Stud. MSc. Software Development March 2017 Recap Perfect Secrecy Perfect indistinguishability
More informationQuantitative Approaches to Information Protection
Quantitative Approaches to Information Protection Catuscia Palamidessi INRIA Saclay 1 LOCALI meeting, Beijin 06/11/2013 Plan of the talk Motivations and Examples A General Quantitative Model Quantitative
More informationArtificial Intelligence. Non-deterministic state model. Model for non-deterministic problems. Solutions. Blai Bonet
Artificial Intelligence Blai Bonet Non-deterministic state model Universidad Simón Boĺıvar, Caracas, Venezuela Model for non-deterministic problems Solutions State models with non-deterministic actions
More informationGeneralized Strong Preservation by Abstract Interpretation
Generalized Strong Preservation by Abstract Interpretation FRANCESCO RANZATO FRANCESCO TAPPARO Dipartimento di Matematica Pura ed Applicata, Università di Padova Via Belzoni 7, 35131 Padova, Italy francesco.ranzato@unipd.it
More informationSecret Sharing CPT, Version 3
Secret Sharing CPT, 2006 Version 3 1 Introduction In all secure systems that use cryptography in practice, keys have to be protected by encryption under other keys when they are stored in a physically
More informationWhite-Box Security Notions for Symmetric Encryption Schemes
White-Box Security Notions for Symmetric Encryption Schemes Cécile Delerablée 1 Tancrède Lepoint 1,2 Pascal Paillier 1 Matthieu Rivain 1 CryptoExperts 1, École Normale Supérieure2 SAC 2013 Outline 1 What
More informationBASIC CONCEPTS OF ABSTRACT INTERPRETATION
BASIC CONCEPTS OF ABSTRACT INTERPRETATION Patrick Cousot École Normale Supérieure 45 rue d Ulm 75230 Paris cedex 05, France Patrick.Cousot@ens.fr Radhia Cousot CNRS & École Polytechnique 91128 Palaiseau
More information«ATutorialon Abstract Interpretation»
«ATutorialon Abstract Interpretation» Patrick Cousot École normale supérieure 45 rue d Ulm 75230 Paris cedex 05, France Patrick.Cousot@ens.fr www.di.ens.fr/~cousot VMCAI 05 Industrial Day VMCAI 05 Industrial
More informationNewtonian Program Analysis
Newtonian Program Analysis Javier Esparza Technische Universität München Joint work with Stefan Kiefer and Michael Luttenberger From programs to flowgraphs proc X 1 proc X 2 proc X 3 a c d f X 1 b
More informationTemporal logics and explicit-state model checking. Pierre Wolper Université de Liège
Temporal logics and explicit-state model checking Pierre Wolper Université de Liège 1 Topics to be covered Introducing explicit-state model checking Finite automata on infinite words Temporal Logics and
More informationTesting Distributed Systems
Testing Distributed Systems R. M. Hierons Brunel University, UK rob.hierons@brunel.ac.uk http://people.brunel.ac.uk/~csstrmh Work With Jessica Chen Mercedes Merayo Manuel Nunez Hasan Ural Model Based Testing
More informationRandomized Component and Group Oriented (t,m,n)-secret Sharing
Randomized Component and Group Oriented (t,m,n)-secret Sharing Miao Fuyou School of Computer Sci. & Tech.,USTC 2016.4.10 Outline (t,n)-secret Sharing 2 Attacks Against (t,n)-ss Randomized Component (t,m,n)-group
More informationIntroduction to Abstract Interpretation. ECE 584 Sayan Mitra Lecture 18
Introduction to Abstract Interpretation ECE 584 Sayan Mitra Lecture 18 References Patrick Cousot,RadhiaCousot:Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction
More informationControlling probabilistic systems under partial observation an automata and verification perspective
Controlling probabilistic systems under partial observation an automata and verification perspective Nathalie Bertrand, Inria Rennes, France Uncertainty in Computation Workshop October 4th 2016, Simons
More informationLinear Discrimination Functions
Laurea Magistrale in Informatica Nicola Fanizzi Dipartimento di Informatica Università degli Studi di Bari November 4, 2009 Outline Linear models Gradient descent Perceptron Minimum square error approach
More informationarxiv: v2 [cs.cr] 21 May 2018
Article A Game-Theoretic Approach to Information-Flow Control via Protocol Composition arxiv:1803.10042v2 [cs.cr] 21 May 2018 Mário S. Alvim 1 ID, Konstantinos Chatzikokolakis 2,3 ID, Yusuke Kawamoto 4
More informationPublic Key Cryptography
Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:
More informationDifferential Privacy and Verification. Marco Gaboardi University at Buffalo, SUNY
Differential Privacy and Verification Marco Gaboardi University at Buffalo, SUNY Given a program P, is it differentially private? P Verification Tool yes? no? Proof P Verification Tool yes? no? Given a
More information