Presentation is loading. Please wait.

Presentation is loading. Please wait.

Steve Zdancewic ESOP011 Secure Information Flow and CPS Steve Zdancewic Joint work with Andrew Myers Cornell University.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Steve Zdancewic ESOP011 Secure Information Flow and CPS Steve Zdancewic Joint work with Andrew Myers Cornell University."— Presentation transcript:

1 Steve Zdancewic ESOP011 Secure Information Flow and CPS Steve Zdancewic Joint work with Andrew Myers Cornell University

2 Steve Zdancewic ESOP012 Valuable Data On-line Internet and Connectivity –banks/brokerage firms –e-mail services –applets, plugins, etc. –… Creates problem of protection

3 Steve Zdancewic ESOP013 Protect It! Confidentiality –Data doesn't escape –Does my accounting software transmit my private information? Integrity –Trustworthiness of data –Does my accounting software use “bad” information to compute taxes?

4 Steve Zdancewic ESOP014 Information Flow Policies on information End-to-End –Once data is released to a program, must ensure that policy is obeyed. Need static analysis

5 Steve Zdancewic ESOP015 Security-Typed Languages Statically enforce security policies in an extended type system –Smith & Volpano [SVI96, SV98,...] –Heintze & Riecke [HR98, ABHR99] –Myers [ML97,My99,...] –Sabelfeld & Sands [SS99, SS00] –Pottier & Conchon [PC00,...]

6 Steve Zdancewic ESOP016 Noninterference "Low-security behavior of the program is not affected by any high-security data." Goguen & Messeguer 1982 H1L1 L2H2 H3L1 L2H4 LL

7 Steve Zdancewic ESOP017 Our Goal Study information flow in rich language –Higher-order functions –State Noninterference proof

8 Steve Zdancewic ESOP018 Continuation Passing Style Useful representation of low-level code – verify output of the compiler. Main complication: explicit control and interaction with effects

9 Steve Zdancewic ESOP019 Outline Motivating Example Problem with Naïve CPS translation Ordered Linear Continuations Wrap up

10 Steve Zdancewic ESOP0110 Security Types A lattice L of labels –order  L  H –join  L  H = H Types have labels: int H or bool L

11 Steve Zdancewic ESOP0111 Example if0 (x:int H ){ y := 1; } else { y := 2; } z := 3;

12 Steve Zdancewic ESOP0112 Example if0 (x:int H ){ y := 1; } else { y := 2; } z := 3; pc:L

13 Steve Zdancewic ESOP0113 Example if0 (x:int H ){ y := 1; } else { y := 2; } z := 3; pc:H pc:L

14 Steve Zdancewic ESOP0114 if0 (x:int H ){ y := 1; // y:int H } else { y := 2; } z := 3; Example pc:L pc:H

15 Steve Zdancewic ESOP0115 Example if0 (x:int H ){ y := 1; // y:int H } else { y := 2; } z := 3; pc:L pc:H

16 Steve Zdancewic ESOP0116 Example if0 (x:int H ){ y := 1; // y:int H } else { y := 2; } z := 3; pc:L pc:H

17 Steve Zdancewic ESOP0117 Example if0 (x:int H ){ y := 1; // y:int H } else { y := 2; } z := 3; // z:int L pc:L pc:H pc:L

18 Steve Zdancewic ESOP0118 PC Label Side-effects are bounded by PC label. x := e x:  s refe:  r (p  r)  spc:p

19 Steve Zdancewic ESOP0119 What about functions? Effects inside a function must also be bounded by PC label. f(e) f:  r p  rpc:p e: 

20 Steve Zdancewic ESOP0120 Naive CPS let k = (). z := 3; if0 (x:int H ){ y := 1; k(); } else { y := 2; k(); }

21 Steve Zdancewic ESOP0121 Naive CPS let k = (). z := 3; if0 (x:int H ){ y := 1; k(); } else { y := 2; k(); } pc:H

22 Steve Zdancewic ESOP0122 Naive CPS let k = (). z := 3; //z:int H if0 (x:int H ){ y := 1; k(); } else { y := 2; k(); } pc:H

23 Steve Zdancewic ESOP0123 Linear Continuations let k = (). z := 3; //z:int H if0 (x:int H ){ y := 1; k(); } else { y := 2; k(); } k is used linearly!

24 Steve Zdancewic ESOP0124 Main Idea Use linear continuations to express the control-flow properties of the source language via types But...not quite enough

25 Steve Zdancewic ESOP0125 Order of Evaluation Order the continuations are invoked is also important! Can observe the order via side effects So...ordered linear continuations

26 Steve Zdancewic ESOP0126 What Are They? Linear continuations: First-class postdominators of control flow graph Ordered linear continuations: Encode the control stack

27 Steve Zdancewic ESOP0127 Target CPS Language Includes regular continuations and ordered linear continuations Careful manipulation of context:  | k n,…,k 1 [pc]  e Ordered list encodes stack

28 Steve Zdancewic ESOP0128 Noninterference If x:  H |[L]  e : int L  v 1,v 2 :  H (M,e{v 1 /x})  * (M 1,n 1 ) (M,e{v 2 /x})  * (M 2,n 2 ) Then M 1  L M 2 and n 1 = n 2

29 Steve Zdancewic ESOP0129 Results Formalize ordered linear continuations in the type system Prove that the CPS language enjoys noninterference –Proof hinges on ordering property –First proof for such a rich language Expressive enough as a target

30

31 Steve Zdancewic ESOP0131 Other Connections Linearity of control also plays a role in security typed versions of -calculus. [Honda et. al.] Linear control is interesting in its own right

Download ppt "Steve Zdancewic ESOP011 Secure Information Flow and CPS Steve Zdancewic Joint work with Andrew Myers Cornell University."

Similar presentations

ICFP 19991 Principals in Programming Languages: A Syntactic Proof Technique Steve Zdancewic Dan Grossman and Greg Morrisett Cornell University.

ICFP Principals in Programming Languages: A Syntactic Proof Technique Steve Zdancewic Dan Grossman and Greg Morrisett Cornell University.
Security of Multithreaded Programs by Compilation Tamara Rezk INDES Project, INRIA Sophia Antipolis Mediterranee Joint work with Gilles Barthe, Alejandro.

Security of Multithreaded Programs by Compilation Tamara Rezk INDES Project, INRIA Sophia Antipolis Mediterranee Joint work with Gilles Barthe, Alejandro.
Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
Challenges for Information-flow Security* Steve Zdancewic University of Pennsylvania * This talk is an attempt to be provocative and controversial.

Challenges for Information-flow Security* Steve Zdancewic University of Pennsylvania * This talk is an attempt to be provocative and controversial.
SSA and CPS CS153: Compilers Greg Morrisett. Monadic Form vs CFGs Consider CFG available exp. analysis: statement gen's kill's x:=v 1 p v 2 x:=v 1 p v.

SSA and CPS CS153: Compilers Greg Morrisett. Monadic Form vs CFGs Consider CFG available exp. analysis: statement gen's kill's x:=v 1 p v 2 x:=v 1 p v.
Building Secure Distributed Systems The CIF model : Component Information Flow Lilia Sfaxi DCS Days - 26/03/2009.

Building Secure Distributed Systems The CIF model : Component Information Flow Lilia Sfaxi DCS Days - 26/03/2009.
Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.

Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.
Untrusted Hosts and Confidentiality: Secure Program Partitioning Steve Zdancewic Lantian Zheng Nathaniel Nystrom Andrew Myers Cornell University.

Untrusted Hosts and Confidentiality: Secure Program Partitioning Steve Zdancewic Lantian Zheng Nathaniel Nystrom Andrew Myers Cornell University.
Towards Static Flow-based Declassification for Legacy and Untrusted Programs Bruno P. S. Rocha Sruthi Bandhakavi Jerry den Hartog William H. Winsborough.

Towards Static Flow-based Declassification for Legacy and Untrusted Programs Bruno P. S. Rocha Sruthi Bandhakavi Jerry den Hartog William H. Winsborough.
CS412/413 Introduction to Compilers Radu Rugina Lecture 37: DU Chains and SSA Form 29 Apr 02.

CS412/413 Introduction to Compilers Radu Rugina Lecture 37: DU Chains and SSA Form 29 Apr 02.
Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.

Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.
Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu

Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu
IFC Inside: Retrofitting Languages with Dynamic Information Flow Control Stefan Heule, Deian Stefan, Edward Z. Yang, John C. Mitchell, Alejandro Russo.

IFC Inside: Retrofitting Languages with Dynamic Information Flow Control Stefan Heule, Deian Stefan, Edward Z. Yang, John C. Mitchell, Alejandro Russo.
Code Shape III Booleans, Relationals, & Control flow Copyright 2003, Keith D. Cooper, Ken Kennedy & Linda Torczon, all rights reserved. Students enrolled.

Code Shape III Booleans, Relationals, & Control flow Copyright 2003, Keith D. Cooper, Ken Kennedy & Linda Torczon, all rights reserved. Students enrolled.
1 CS 312 – Lecture 28 Continuations –Probably the most confusing thing you’ve seen all semester… Course summary –Life after CS 312.

1 CS 312 – Lecture 28 Continuations –Probably the most confusing thing you’ve seen all semester… Course summary –Life after CS 312.
Information Flow, Security and Programming Languages Steve Steve Zdancewic.

Information Flow, Security and Programming Languages Steve Steve Zdancewic.
Survey of Typed Assembly Language (TAL) Introduction and Motivation –Conventional untyped compiler < Typed intermediate languages –Typed intermediate language.

Survey of Typed Assembly Language (TAL) Introduction and Motivation –Conventional untyped compiler < Typed intermediate languages –Typed intermediate language.
Typed Memory Management in a Calculus of Capabilities David Walker (with Karl Crary and Greg Morrisett)

Typed Memory Management in a Calculus of Capabilities David Walker (with Karl Crary and Greg Morrisett)
1 Enforcing Confidentiality in Low-level Programs Andrew Myers Cornell University.

1 Enforcing Confidentiality in Low-level Programs Andrew Myers Cornell University.
6/18/2015 4:21 AM Information Flow James Hook CS 591: Introduction to Computer Security.

6/18/2015 4:21 AM Information Flow James Hook CS 591: Introduction to Computer Security.

Similar presentations

Ads by Google