6/20/2015 11:09 PM Information Flow James Hook CS 591: Introduction to Computer Security.

Slides:



Advertisements
Similar presentations
Challenges for Information-flow Security* Steve Zdancewic University of Pennsylvania * This talk is an attempt to be provocative and controversial.
Advertisements

CS107 Introduction to Computer Science Lecture 3, 4 An Introduction to Algorithms: Loops.
Making Choices in C if/else statement logical operators break and continue statements switch statement the conditional operator.
Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.
Untrusted Hosts and Confidentiality: Secure Program Partitioning Steve Zdancewic Lantian Zheng Nathaniel Nystrom Andrew Myers Cornell University.
Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
Getting started with ML ML is a functional programming language. ML is statically typed: The types of literals, values, expressions and functions in a.
Type checking © Marcelo d’Amorim 2010.
 2008 Pearson Education, Inc. All rights reserved JavaScript: Control Statements I.
Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu
Language-based Security: Information Flow Control 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.
CS107 Introduction to Computer Science Loops. Instructions Pseudocode Assign values to variables using basic arithmetic operations x = 3 y = x/10 z =
Information Flow, Security and Programming Languages Steve Steve Zdancewic.
Steve Zdancewic ESOP011 Secure Information Flow and CPS Steve Zdancewic Joint work with Andrew Myers Cornell University.
1 Enforcing Confidentiality in Low-level Programs Andrew Myers Cornell University.
6/18/2015 4:21 AM Information Flow James Hook CS 591: Introduction to Computer Security.
Decentralized Robustness Stephen Chong Andrew C. Myers Cornell University CSFW 19 July 6 th 2006.
Chapter 2 Basic Elements of Fortan
Slides prepared by Rose Williams, Binghamton University Chapter 3 Flow of Control Loops in Java.
Polyglot: An Extensible Compiler Framework for Java Nathaniel Nystrom, Michael R. Clarkson, and Andrew C. Myers Presentation by Aaron Kimball & Ben Lerner.
C++ for Engineers and Scientists Third Edition
Prof. Bodik CS 164 Lecture 16, Fall Global Optimization Lecture 16.
Automatic Implementation of provable cryptography for confidentiality and integrity Presented by Tamara Rezk – INDES project - INRIA Joint work with: Cédric.
CONTROL STATEMENTS Lakhbir Singh(Lect.IT) S.R.S.G.P.C.G. Ludhiana.
CS0007: Introduction to Computer Programming Introduction to Arrays.
ALGORITHMS AND FLOWCHARTS
Intro-Sound-part21 Introduction to Processing Digital Sounds part 2 Barb Ericson Georgia Institute of Technology Oct 2009.
CC0002NI – Computer Programming Computer Programming Er. Saroj Sharan Regmi Week 7.
High-Level Programming Languages: C++
Secure Web Applications via Automatic Partitioning Stephen Chong, Jed Liu, Andrew C. Meyers, Xin Qi, K. Vikram, Lantian Zheng, Xin Zheng. Cornell University.
CH Programming An introduction to programming concepts.
Language-Based Information-Flow Security Richard Mancusi CSCI 297.
Containment and Integrity for Mobile Code Security policies as types Andrew Myers Fred Schneider Department of Computer Science Cornell University.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Language-Based Information- Flow Security Andrei Sabelfeld.
1 Chapter 4: Selection Structures. In this chapter, you will learn about: – Selection criteria – The if-else statement – Nested if statements – The switch.
Class Review. Basic Unix Commands list files in a directory: ls list files in a directory: ls remove files: rm remove files: rm rename files: mv rename.
SECURE WEB APPLICATIONS VIA AUTOMATIC PARTITIONING S. Chong, J. Liu, A. C. Myers, X. Qi, K. Vikram, L. Zheng, X. Zheng Cornell University.
© 2006 Pearson Education 1 More Operators  To round out our knowledge of Java operators, let's examine a few more  In particular, we will examine the.
Propositional Calculus CS 270: Mathematical Foundations of Computer Science Jeremy Johnson.
Loops (cont.). Loop Statements  while statement  do statement  for statement while ( condition ) statement; do { statement list; } while ( condition.
Lecture 2 Conditional Statement. chcslonline.org Conditional Statements in PHP Conditional Statements are used for decision making. Different actions.
12/9/20151 Programming Languages and Compilers (CS 421) Elsa L Gunter 2112 SC, UIUC Based in part on slides by Mattox.
CMSC 330: Organization of Programming Languages Lambda Calculus and Types.
Introduction to JavaScript CSc 2320 Fall 2014 Disclaimer: All words, pictures are adopted from “Simple JavaScript”by Kevin Yank and Cameron Adams and also.
Controlling Program Flow with Decision Structures.
CMPSC 16 Problem Solving with Computers I Spring 2014 Instructor: Tevfik Bultan Lecture 4: Introduction to C: Control Flow.
Certification of Programs for Secure Information Flow Dorothy & Peter Denning Communications of the ACM (CACM) 1977.
CISC105 – General Computer Science Class 4 – 06/14/2006.
Control structures in C by Dr P.Padmanabham Professor (CSE)&Director Bharat Institute of Engineering &Technology Hyderabad Mobile
3/14/2016 8:37 PM Information Flow Epilog James Hook CS 591: Introduction to Computer Security.
CS Class 04 Topics  Selection statement – IF  Expressions  More practice writing simple C++ programs Announcements  Read pages for next.
Language-Based Information- Flow Security (Sabelfeld and Myers) “Practical methods for controlling information flow have eluded researchers for some time.”
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style JFlow: Practical Mostly-Static Information Flow Control.
4 - Conditional Control Structures CHAPTER 4. Introduction A Program is usually not limited to a linear sequence of instructions. In real life, a programme.
In this session, you will learn to: Create and manage views Implement a full-text search Implement batches Objectives.
C++ for Engineers and Scientists Second Edition Chapter 4 Selection Structures.
Programming Languages and Compilers (CS 421)
SSD951: Secure Software Development Language-based Security
Paper Reading Group:. Language-Based Information-Flow Security. A
UNIT-4 BLACKBOX AND WHITEBOX TESTING
ALGORITHMS AND FLOWCHARTS
Information Security CS 526
ALGORITHMS AND FLOWCHARTS
Information Security CS 526
Flowcharts and Pseudo Code
Javascript Chapter 19 and 20 5/3/2019.
More JavaScript B. Ramamurthy 5/7/2019.
Information Security CS 526
Introduction to Python
UNIT-4 BLACKBOX AND WHITEBOX TESTING
Presentation transcript:

6/20/ :09 PM Information Flow James Hook CS 591: Introduction to Computer Security

6/20/ :09 PM Background Denning and Denning, Certification of Programs for Secure Information Flow, CACM 20(7), July 1977 Presentation summarized in Bishop Chapter 15

6/20/ :09 PM Program analysis What if we try to track information flow within a program? We have access control for files, processes and users –what about variables?

6/20/ :09 PM Explicit flows x := 17 l := h h := l

6/20/ :09 PM Implicit flows How can we write l:=h? Assume l and h are Booleans –if h then l:= true else l:= false –l := true; if not h then l:= false else skip –l := false; while h do l:= true

6/20/ :09 PM Simple “while” language –Sabelfeld and Myers Figures 2 and 3 C ::= skip | var := exp | C1; C2 |if exp then C1 else C2 |while exp do C

6/20/ :09 PM Type system Judgment forms: Every variable in exp is at or below level |- exp: level Every assignment in C is at or above pc [pc] |- C

6/20/ :09 PM Inference Rules

6/20/ :09 PM What is a flow? A variable of confidential input does not cause a variation of public output

6/20/ :09 PM Simple Program Multiplication by repeated addition {a,b >= 0} x := a; r := 0; while (x>0) do x := x -1; r := r + b {r = a*b} Direct Flows: a -> x b -> r Indirect Flow: x -> r

6/20/ :09 PM Exercise 1.h := not l 2.h := if l then false else true 3.if l then h := false else h := true 4.h := true; if l then h := false else skip 5. l := not h 6. l := if h then false else true 7. if h then l := false else l := true 8. l := true; if h then l := false else skip

6/20/ :09 PM Theoretical results Volpano, Irvine and Smith (JCS ‘96) showed Soundness –“If an expression e can be given a type  in our system, then Simple Security says … that only variables at level  or lower in e will have their contents read when e is evaluated (no read up)…. –On the other hand, if a command c can be given a type  [  ] |- c then Confinement says … that no variable below level  is updated in c (no write down).”

6/20/ :09 PM Information Flow Languages Two serious implementations of information-flow languages –Jif = Java + Information Flow Andrew Myers and others, Cornell –FlowCaml Vincent Simonet

6/20/ :09 PM FlowCaml An ML-style language with type inference Windows executable flowcaml gives an interactive type checker –Note: It does not execute the programs, batch compiler flowcamlc compiles them

6/20/ :09 PM Declaring values let x = 1;; let x1 : !alice int = 42;; let x2 : !bob int = 53;;

6/20/ :09 PM Anonymous functions and lists let succ = function x -> x + 1;; let half = function x -> x lsr 1;; let l1 = [1; 2; 3; 4];; let l2 = [x1; x2];;

6/20/ :09 PM Defining functions let rec length = function [] -> 0 | _ :: tl -> 1 + length tl;; let rec mem0 = function [] -> false | hd :: tl -> hd = 0 || mem0 tl ;;

6/20/ :09 PM Demo

6/20/ :09 PM Does it work? In practice it is not broadly adopted –Technical issue is the complexity of managing policy –I suspect there are social issues as well … the technical issues are not show stoppers

6/20/ :09 PM Recall Consider an example (in no particular language) Assume H is high and L is Low H = readHighDatabase() L = readLowUserInput() If f(H,L) then printLow “Success” else printLow “Fail”

6/20/ :09 PM But!!! Consider an example (in no particular language) We do this every day! H = readHighDatabase(“passwd”) L = readLowUserInput() If checkPassword(H,L) then printLow “Success” else printLow “Fail”

6/20/ :09 PM Password checking paradox Why shouldn’t we allow someone to write the password program? Why should we?

6/20/ :09 PM Policy The password paradox is solved by explicit policy Similar issues arise with crypto algorithms –LoCypher = encrypt (HighClear, goodKey) Cf. –LoCypher = encrypt (HighClear, badKey)

6/20/ :09 PM FlowCaml and Policy FlowCaml solves the policy problem by dividing the program into two parts: –Flow caml portion (.fml), with all flows checked –Regular caml portion with an annotated interface The downgrading of encryption or password validation queries is not done within the flow-checked portion

6/20/ :09 PM Policy Zdancewic uses other techniques, including explicit downgrade assertions for confidentiality Basic philosophy: uniform enforcement with explicit escape mechanism –Focus analysis on the exceptions

6/20/ :09 PM Further reading Dorothy E. Denning and Peter J. Denning, Certification of Programs for Secure Information Flow, Dennis Volpano, Geoffrey Smith, and Cynthia Irvine, A Sound Type System for Secure Flow Analysis, Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, and Andrew C. Myers, Secure Program Partitioning, Andrei Sabelfeld and Andrew C. Myers, Language-based Information- Flow Security, jsac03.pdf jsac03.pdf Peng Li and Steve Zdancewic, Downgrading Policies and Relaxed Noninterference,

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.