Language-based Information Security. CS252r Spring 2012

Similar documents
Dynamic Noninterference Analysis Using Context Sensitive Static Analyses. Gurvan Le Guernic July 14, 2007

Towards a Practical Secure Concurrent Language

Information Security Theory vs. Reality

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

T Reactive Systems: Temporal Logic LTL

Discrete Mathematics for CS Spring 2007 Luca Trevisan Lecture 27

Towards information flow control. Chaire Informatique et sciences numériques Collège de France, cours du 30 mars 2011

DERIVING AND PROVING ABSTRACT NON-INTERFERENCE

A Cryptographic Decentralized Label Model

Lecture 10: Gentzen Systems to Refinement Logic CS 4860 Spring 2009 Thursday, February 19, 2009

Non-interference. Christoph Sprenger and Sebastian Mödersheim. FMSEC Module 11, v.2 November 30, Department of Computer Science ETH Zurich

CSE332: Data Structures & Parallelism Lecture 2: Algorithm Analysis. Ruth Anderson Winter 2019

CSE332: Data Structures & Parallelism Lecture 2: Algorithm Analysis. Ruth Anderson Winter 2018

Notes on BAN Logic CSG 399. March 7, 2006

Menu. Lecture 5: DES Use and Analysis. DES Structure Plaintext Initial Permutation. DES s F. S-Boxes 48 bits Expansion/Permutation

CSE332: Data Structures & Parallelism Lecture 2: Algorithm Analysis. Ruth Anderson Winter 2018

Proving Programs Correct

What happens to the value of the expression x + y every time we execute this loop? while x>0 do ( y := y+z ; x := x:= x z )

Great Theoretical Ideas in Computer Science. Lecture 7: Introduction to Computational Complexity

Turing Machines. Lecture 8

CS-E4320 Cryptography and Data Security Lecture 11: Key Management, Secret Sharing

Introduction to Cryptography Lecture 13

CS 6110 Lecture 21 The Fixed-Point Theorem 8 March 2013 Lecturer: Andrew Myers. 1 Complete partial orders (CPOs) 2 Least fixed points of functions

Algebraic Geometry

1.1 Administrative Stuff

Introduction to Axiomatic Semantics

Timo Latvala. February 4, 2004

Improved High-Order Conversion From Boolean to Arithmetic Masking

CS 154 Introduction to Automata and Complexity Theory

Menu. Lecture 2: Orders of Growth. Predicting Running Time. Order Notation. Predicting Program Properties

Trace semantics: towards a unification of parallel paradigms Stephen Brookes. Department of Computer Science Carnegie Mellon University

Dynamic Dependency Monitoring to Secure Information Flow

Announcements. CS243: Discrete Structures. Propositional Logic II. Review. Operator Precedence. Operator Precedence, cont. Operator Precedence Example

CS 301. Lecture 18 Decidable languages. Stephen Checkoway. April 2, 2018

Notes on Zero Knowledge

MathQuest: Linear Algebra. Answer: (False). We can write the third vector as a linear combination of the first two: v 3 = 3v 1 +2v 2.

Impact of Extending Side Channel Attack on Cipher Variants: A Case Study with the HC Series of Stream Ciphers

Some notes on streaming algorithms continued

CS632 Notes on Relational Query Languages I

Lecture 9 - Symmetric Encryption

PHYS Statistical Mechanics I Course Outline

an information-theoretic model for adaptive side-channel attacks

COP4020 Programming Languages. Introduction to Axiomatic Semantics Prof. Robert van Engelen

Security Models and Information Flow

Designing Information Devices and Systems I Fall 2018 Lecture Notes Note Introduction to Linear Algebra the EECS Way

Lecture 6. 2 Adaptively-Secure Non-Interactive Zero-Knowledge

CS558 Programming Languages

HW9 Concepts. Alex Alemi November 1, 2009

The next sequence of lectures in on the topic of Arithmetic Algorithms. We shall build up to an understanding of the RSA public-key cryptosystem.

Lecture 16 Chiu Yuen Koo Nikolai Yakovenko. 1 Digital Signature Schemes. CMSC 858K Advanced Topics in Cryptography March 18, 2004

Lecture Notes: Axiomatic Semantics and Hoare-style Verification

Mathematics-I Prof. S.K. Ray Department of Mathematics and Statistics Indian Institute of Technology, Kanpur. Lecture 1 Real Numbers

Lecture 2. 1 More N P-Compete Languages. Notes on Complexity Theory: Fall 2005 Last updated: September, Jonathan Katz

Designing Information Devices and Systems I Spring 2018 Lecture Notes Note Introduction to Linear Algebra the EECS Way

FORMAL LANGUAGES, AUTOMATA AND COMPUTABILITY

Lecture notes on Turing machines

Lecture: Workload Models (Advanced Topic)

Program Analysis Probably Counts

Introduction to Algorithms

A Logic for Information Flow Analysis with an Application to Forward Slicing of Simple Imperative Programs

Abstract Non-Interference - An Abstract Interpretation-based approach to Secure Information Flow

Physics 162b Quantum Mechanics

9 Knapsack Cryptography

CPSC 467b: Cryptography and Computer Security

Lecture Notes, Week 6

Impossibility Results for Universal Composability in Public-Key Models and with Fixed Inputs

Mandatory Access Control (MAC)

Reasoning About Imperative Programs. COS 441 Slides 10b

EDA045F: Program Analysis LECTURE 10: TYPES 1. Christoph Reichenbach

Umans Complexity Theory Lectures

Solar Data what can it show us?

Fast Probabilistic Simulation, Nontermination, and Secure Information Flow

Lecture 3,4: Multiparty Computation

Shared-Variable Concurrency

CS 188: Artificial Intelligence Spring Announcements

Recap from Last Time

Inference and Proofs (1.6 & 1.7)

Using Architecture to Reason about Information Security

Lecture 11: Hash Functions, Merkle-Damgaard, Random Oracle

Provable security. Michel Abdalla

Outline. policies for the first part. with some potential answers... MCS 260 Lecture 10.0 Introduction to Computer Science Jan Verschelde, 9 July 2014

Natural Logic Welcome to the Course!

Axiomatic Semantics. Lecture 9 CS 565 2/12/08

Calculating Quantitative Integrity and Security for Imperative Programs

Axiomatic Semantics: Verification Conditions. Review of Soundness and Completeness of Axiomatic Semantics. Announcements

Turing Machines, diagonalization, the halting problem, reducibility

Page 1 of 5 Printed: 2/4/09

Notes for Lecture 17

GIS Institute Center for Geographic Analysis

1 Probability Review. CS 124 Section #8 Hashing, Skip Lists 3/20/17. Expectation (weighted average): the expectation of a random quantity X is:

Topics in Complexity

17.1 Correctness of First-Order Tableaux

Pseudorandom Generators

CS151 Complexity Theory. Lecture 1 April 3, 2017

Notes on arithmetic. 1. Representation in base B

Lecture Notes, Week 10

Axiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 CSE

Lecture 9 Julie Staub Avi Dalal Abheek Anand Gelareh Taban. 1 Introduction. 2 Background. CMSC 858K Advanced Topics in Cryptography February 24, 2004

Calculus (Math 1A) Lecture 1

Lecture 5. 1 Review (Pairwise Independence and Derandomization)

Transcription:

Language-based Information Security CS252r Spring 2012

This course Survey of key concepts and hot topics in language-based information security The use of programming language abstractions and techniques to reason about and enforce information security guarantees Aim: understand, and contribute to, the research boundary of the field Prereq: CS 152 or equivalent 2

Class meetings Meet twice weekly Combination of lectures and paper presentation/discussion Lectures for background material/information not covered well by one or two papers Will often include additional/relevant/recommended reading Papers for recent research, case studies, exemplary approaches, Expect to present once (maybe twice) during semester Volunteers needed to present Thursday Feb 9 onwards Look at the schedule, and email me if you would like to present one of the papers. 3

Assessment Class participation Presentation/discussion Project Dig deep into one or more aspects of material covered in class Encourage to work in teams of 2 4 people From week 3 onwards, I will meet weekly with each team Project proposal due Tuesday Feb 21 (week 5) Project presentations April 17, 19, 24 Final report Thursday May 3 Auditors welcome We can discuss what level of participation is involved 4

Schedule See website Subject to change. Feel free to suggest papers/topics 5

Information flow Information flows through systems We want to both understand how this information flows, and possibly restrict it Input Output H L 6

Information flow Information flows through systems We want to both understand how this information flows, and possibly restrict it Input Output U T 7

Uses of information-flow control Information flow is really about dependency How does the output of a system depend on the input? How does the input of a system influence the output? Very general concept. Many possible uses: Stop confidential information from being released inappropriately Stop untrusted information from being used inappropriately SQL/command injection attacks, cross-site scripting attacks Integer vulnerabilities Provenance Record the history of information/computation Enables auditing, recomputation, querying,... 8

So, what s left to learn? How does information flow in a system? And why do we use language-level abstractions? Information-flow based semantic definitions What does it mean to be secure? What does it mean for information to flow or for an output to depend on an input? How do we enforce information-flow based notions of security? 9

What is information? For our purposes, bits in context E.g., consider following program x = input_from_user(); y = x + 1; z = y * -1; Suppose we know that the value in program variable z at the end of the program is integer -43. This allows us to work out the input supplied by user The value -43, without context, doesn t tell us much at all... 10

How does information flow? Explicit flow Flow through copying data or computation on data e.g., y = x Knowing the bits in y at that program point tells us exactly the bits in x at that program point e.g., y = x+1 Ditto e.g., y = x mod 8 Knowing the bits in y at that program point tells us something about the bits in x at that program point (the last 3 bits) Non example: y = x * 0 11

How does information flow? Implicit flow (control flow channels) e.g., if (x == true) else y = true y = false At end of this statement, value in y is the same as value in x at beginning of statement e.g., y = 0; while (x > 0) { y++; x--; } Ditto 12

How does information flow? Termination channels Whether the program (or part of a program) terminates may reveal information e.g., while (x > 0) { skip }; output Hello! If Hello! is output, we know that x 0 Timing channels How long a program (or part of a program) takes to execute may reveal information e.g., output start ; while (x > 0) { x--; }; output stop How long between outputs may reveal information about initial value of x Other covert channels Often not at a PL level of abstraction Power consumption, processor noise, temperature,... 13

Why use language-level abstractions? Information-flow control at programming language level of abstraction Fine-grained Can soundly control implicit flows Clean semantics Language techniques Coarser levels of abstraction cannot distinguish reliably distinguish sensitive bits from non-sensitive bits Language-level approaches provide finer-grained, human meaningful contexts 14

Semantic definitions of security Noninterference Intuitively, confidential inputs do not influence (or interfere with ) public outputs Integrity version: untrusted inputs do not influence trusted outputs Availability version: outputs that should be highly available do not depend on inputs that are not highly available Some problems and issues with noninterference We will consider these in later classes 15

Formally defining noninterference Goguen and Messeguer 1982 define noninterference in terms of sets of users. Users U are noninterfering with users V if the commands issued by U does not change the observations made by V. 16

Formally defining noninterference More common modern formulation is using pairs of executions Definition: Program c is noninterfering if for all states σ 0, σ 1, σ 0, σ 1 : if σ 0 L σ 1 and [[c]]σ 0 = σ 0 and [[c]]σ 1 = σ 1 then σ 0 L σ 1 Here L is observational equivalence σ L σ iff x ObsVars. σ(x) = σ (x) 17

Observational model An explicit observational model helps us understand the semantic security condition What can the attacker observe? Memory locations? Outputs? Throughout execution? At beginning and end of execution? What about termination? What about timing information? Input Output H L 18

Interactive model Interactive programming models provide a more realistic model of observational behavior e ::= v x e 1 e 2 c ::= skip x := e c 1 ; c 2 if e then c 1 else c 2 while e do c Channels are how the system interacts with its external environment input x from output e to setpolicy( ) An attacker observes one or more channels 19

Interactive model semantics hx := e, m, wi m(e) =v! hskip,m[x 7! v],wi hc 1, m, wi! hc 0 1,m 0,w 0 i hc 1 ; c 2, m, wi! hc 0 1; c 2,m 0,w 0 i hskip; c, m, wi! hc, m, wi m(e) =i hif e then c 1 else c 2, m, wi! hc i, m, wi hwhile e do c, m, wi! hif e then (c; while e do c) else skip, m, wi hinput x from `, m, wi w(`) =v : vs! i(v,`) hskip,m[x 7! v],w[` 7! vs]i houtput e to `, m, wi m(e) =v! o(v,`) hskip, m, wi Figure 2. Language semantics ( ω is input strategy: function from channels to input streams ` = ( (t `) ( t) ` = t ` h if 2 E(`) if 62 E(`). i h 0 0 0 i emits trace on channel (written hc 0,m 0,w 0 i+` t if there are k configurations hc i,m i,w i i for i 2 0..k such that hc i 1,m i 1,w i 1 i! i hc i,m i,w i i for all i 2 1..k, and t =( 1... k ) `., and 6. 20

Knowledge-based definitions The pairs of execution definitions are somewhat unintuitive Trying to capture the idea that an attacker cannot distinguish executions that differ only on secret values, and thus cannot learn the secret. Why not express this more directly? Knowledge-based definitions explicitly define attacker knowledge, and define security in terms of attacker knowledge. 21

Knowledge Attacker knowledge k(c,, t) is the set of input strategies that could have resulted in trace t being emitted on channel k(c, `,t)={w hc, m init,wi+` t} k(c,, t) is the set of input strategies that an observer of channel believes are possible after observing trace t Smaller set = more precise knowledge 22

Knowledge-based security Define ω ω if. ω( ) = ω( ) i.e., ω and ω agree on all inputs Program c is satisfies noninterference for channel if for all input strategies ω, if then c, m init, ω t k(c,,t) {ω ω ω } 23

Next class Enforcing noninterference Static, dynamic, and hybrid techniques Lattice based policies 24

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback