an information flow calculus
play

An information-flow calculus for the non-security expert Alejandro - PowerPoint PPT Presentation

Jan 21, 2023 •120 likes •328 views

An information-flow calculus for the non-security expert Alejandro Russo (russo@chalmers.se) Visiting Associate Professor, Stanford, CA, U.S.A. Chalmers, Gteborg, Sweden Work-in-progress with Pablo Buiras (Chalmers), Deian Stefan (Stanford),

  1. An information-flow calculus for the non-security expert Alejandro Russo (russo@chalmers.se) Visiting Associate Professor, Stanford, CA, U.S.A. Chalmers, Göteborg, Sweden Work-in-progress with Pablo Buiras (Chalmers), Deian Stefan (Stanford), and David Mazierès (Stanford)

  2. Information-flow Scenario Preserve confidentiality even in the presence of malicious code

  3. Motivation

  4. Security measures • Access control – State-of-the-art

  5. Security lattice • It specifies the allowed flows of information secret public

  6. Example of Rules Arrows for Secure Information Flow [Li, Zdancewic 10]

  7. Information-flow Scenario

  8. Towards a Monadic Calculus Reader Monad - The attacker might observe the systems data Writer Monad - The attacker writes input to the system Informatoin-flow control is almost just about controling reading and writing side-effects

  9. Towards a Monadic Calculus Security State (floating label) Restricted interface for the State monad!

  10. A Floating Label System [Stefan et al. 11] Taint Guard

  11. Example of Rules Arrows for Secure Information Flow [Li, Zdancewic 10] Guard

  12. Example of Rules Information-Flow Security for a Core of JavaScript [Hedin, Sabelfeld 12] Taint

  13. Designing IFC Systems Read effect Write effect  newIORef  readIORef  writeIORef   modifyIORef Read effect Write effect Guard newLIORef Taint readLIORef Guard writeLIORef Taint Guard modifyLIORef

  14. The IFC Monad [Swierstra 08] data ReadEffect l a where Taint :: l -> a -> ReadEffect l a data WriteEffect l a where Guard :: l -> a -> WriteEffect l a Free (ReadEffect l) a Free (WriteEffect l) a IFC l a = Free (WriteEffect l :+: ReadEffect l) a Types reflects the behavior w.r.t taint and guard!

  15. Label Creep [Stefan et al. 11][Breeze 13] • The floating label gets too high too soon!

  16. Label Creep [Stefan et al. 11][Breeze 13] • The floating label gets too high too soon! Fresh environment

  17. A specific Local (Reader Monad) data Env l a where Ask :: (l -> a) -> Env l a Put :: l -> Env l a Extended IFC l a = Free (WriteEffect l :+: ReadEffect l :+: Env l) a local :: forall l. Label l => IFC l () -> IFC l () local m = do (s :: l) <- IFC.ask m IFC.put s return ()

  18. Is it General Enough? LIO IFC LB-Monitors

  19. Final Remarks • IFC = controlling reading and writing side-effects + a notion of scope (local) type IFC l a = Free (ReadEffect l :+: WriteEffect l :+: Env l) a • A non-security expert can have a good impression of the security checks (taint/guard) • Floating label systems seems to be more convenient than traditional LB-monitors

  20. Interested in Details? https://github.com/alejandrorusso/ifc-wg2.8.git

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

May 15: Information Flow and Confinement Information flow for integrity policies Examples

May 15: Information Flow and Confinement Information flow for integrity policies Examples

May 15: Information Flow and Confinement Information flow for integrity policies Examples of information flow controls Android phone Firewalls Confinement Virtual machines May 15, 2017 ECS 235B Spring Quarter 2017 Slide

487 views • 32 slides
Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation) Boris Feigin Computer Laboratory, University of Cambridge PLID 2008 joint work with Alan Mycroft 1 / 22 Motivation Given suitable tools we

605 views • 33 slides
Lecture 1 : Lambda Calculus CS6202 Introduction 1 Lambda Calculus Lambda Calculus

Lecture 1 : Lambda Calculus CS6202 Introduction 1 Lambda Calculus Lambda Calculus

CS6202: Advanced Topics in Programming Languages and Systems Lecture 1 : Lambda Calculus CS6202 Introduction 1 Lambda Calculus Lambda Calculus Untyped Lambda Calculus Evaluation Strategy Techniques - encoding, extensions,

791 views • 56 slides
IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX)

IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX)

IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX) elisa.boschi@hitachi-eu.com {boschi, zseby, mark, hirsch}@fokus.fraunhofer.de Outline Outline IPFIX Terminology Applicability Initial Goals

212 views • 19 slides
Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang

Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang

Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang Pennsylvania State University University Park, PA, USA {pzl129,zhang}@cse.psu.edu Background: Information Flow Analysis o Security enforcement to prevent

379 views • 24 slides
Relational Calculus Another Theoretical QL-Relational Calculus Comes in two flavors: Tuple

Relational Calculus Another Theoretical QL-Relational Calculus Comes in two flavors: Tuple

Relational Calculus Another Theoretical QL-Relational Calculus Comes in two flavors: Tuple relational calculus (TRC) and Domain relational calculus (DRC). Calculus has variables, constants, comparison ops , logical connectives and

513 views • 14 slides
Whats Calculus? Answer: Next semester! (Fundamental Theorem of Calculus, by Newton and

Whats Calculus? Answer: Next semester! (Fundamental Theorem of Calculus, by Newton and

Whats Calculus? Answer: Next semester! (Fundamental Theorem of Calculus, by Newton and Leibniz.) Virtually all of modern science uses calculus! Physics, engineering, statistics, biology (modeling), etc. This semester: Differential Calculus.

552 views • 17 slides
Flow Networks Flow Network: - digraph - weights, called capacities on edges - two

Flow Networks Flow Network: - digraph - weights, called capacities on edges - two

M AXIMUM F LOW How to do it... Why you want it... Where you find it... The Tao of Flow: Let your body go with the flow. -Madonna, Vogue Maximum flow...because youre worth it. -Loreal Go with the flow, Joe.

619 views • 20 slides
Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy

Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy

Secure Information Flow ! Protecting the confidentiality of secret information Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy Blood type: AB Birth date: 9/5/46 HIV: positive ! Access control and

399 views • 10 slides
Lecture 19: Flow and Confinement Examples of information flow applications The confinement

Lecture 19: Flow and Confinement Examples of information flow applications The confinement

Lecture 19: Flow and Confinement Examples of information flow applications The confinement problem Covert channels Isolation: virtual machines, sandboxes March 2, 2009 ECS 235B, Winter Quarter 2009 Slide #19-1 Matt Bishop, UC

322 views • 30 slides
Lusteral Uniform and Modular Composition of Data-flow &amp; Control-flow in the Lazy

Lusteral Uniform and Modular Composition of Data-flow &amp; Control-flow in the Lazy

Lusteral Uniform and Modular Composition of Data-flow &amp; Control-flow in the Lazy -Calculus joint work with Marc Pouzet M. Mendler, University of Bamberg Synchron 2008 CPL Aussois Synchron 2008 CPL Aussois 1 Constructive Data

491 views • 48 slides
-Calculus Christine Rizkallah CSE, UNSW (and data61) Term3 2019 1 -Calculus Church

-Calculus Christine Rizkallah CSE, UNSW (and data61) Term3 2019 1 -Calculus Church

-Calculus Church Encodings -Calculus Christine Rizkallah CSE, UNSW (and data61) Term3 2019 1 -Calculus Church Encodings -Calculus The term language we defined for Higher Order Abstract Syntax is almost a full featured programming

620 views • 32 slides
1 Side Track: Evaluation Order Evaluation Order, II Full -reduction: is Redex: Term

1 Side Track: Evaluation Order Evaluation Order, II Full -reduction: is Redex: Term

calculus Course 2D1453, 2006-07 Alonzo Church, 1903-1995 Church-Turing thesis First undecidability results Advanced Formal Methods Invented -calculus in 30s Lecture 2: Lambda calculus -Calculus

391 views • 6 slides
Information Flow Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security

Information Flow Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security

Information Flow Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security Information Flow 3 Many security requirements can be formulated as what information flow is allowed/disallowed E.g., confidential data should not

478 views • 27 slides
Part II: Lambda Calculus Lambda Calculus is a foundation for functional programs. Its an

Part II: Lambda Calculus Lambda Calculus is a foundation for functional programs. Its an

Part II: Lambda Calculus Lambda Calculus is a foundation for functional programs. Its an operational semantics, based on term rewriting. Lambda Calculus was developed by Alonzo Church in the 1930s and 40s as a theory of

820 views • 42 slides
Lecture 17: Information Flow Basics and background Entropy Nonlattice flow policies

Lecture 17: Information Flow Basics and background Entropy Nonlattice flow policies

Lecture 17: Information Flow Basics and background Entropy Nonlattice flow policies Compiler-based mechanisms Execution-based mechanisms Examples Security Pipeline Interface Secure Network Server Mail Guard February

625 views • 44 slides
Outline 31st IEEE Symposium on Security &amp; Privacy Introduction TaintScope: A

Outline 31st IEEE Symposium on Security &amp; Privacy Introduction TaintScope: A

Outline 31st IEEE Symposium on Security &amp; Privacy Introduction TaintScope: A Checksum-Aware Background Directed Fuzzing Tool for Automatic Motivation Software Vulnerability Detection TaintScope Intuition Tielei Wang 1 ,

427 views • 5 slides
RIPS RIPS A static source code analyser NDS Seminar for vulnerabilities in PHP scripts A

RIPS RIPS A static source code analyser NDS Seminar for vulnerabilities in PHP scripts A

RIPS RIPS A static source code analyser NDS Seminar for vulnerabilities in PHP scripts A static source code analyser A static source code analyser for vulnerabilities in PHP scripts for vulnerabilities in PHP scripts 1 Johannes Dahse

803 views • 35 slides
Securing web applications is not nearly as easy! 3 4 5 6

Securing web applications is not nearly as easy! 3 4 5 6

GuardRails GuardRails Web applications are easier to create A Data-Centric Web Application Security Framework than ever! Jonathan Burket, Patrick Mutchler, Michael Weaver, Muzzammil Zaveri, and David Evans University of Virginia

113 views • 8 slides
Protecting Mobile Devices from Physical Memory Attacks with Targeted Encryption Le Guan , Chen

Protecting Mobile Devices from Physical Memory Attacks with Targeted Encryption Le Guan , Chen

Protecting Mobile Devices from Physical Memory Attacks with Targeted Encryption Le Guan , Chen Cao, Sencun Zhu, Jingqiang Lin, Peng Liu, Yubin Xia, and Bo Luo Why do Physical-space Threats Concern for SmartPhones? Why do Physical-space Threats

318 views • 31 slides
Pointers char *a = hi; ! Solution exists: ( char *)*p = &amp;a; ! = =

Pointers char *a = hi; ! Solution exists: ( char *)*p = &amp;a; ! = =

Pointers char *a = hi; ! Solution exists: ( char *)*p = &amp;a; ! = = untainted ! ( char *)*q = p; ! char *b = fgets(); ! = = tainted *q = b; &quot; printf(*p); untainted Misses illegal flow! !

634 views • 13 slides
EthPloit : From Fuzzing to Efficient Exploit Generation against Smart Contracts Qingzhao Zhang 1,2

EthPloit : From Fuzzing to Efficient Exploit Generation against Smart Contracts Qingzhao Zhang 1,2

EthPloit : From Fuzzing to Efficient Exploit Generation against Smart Contracts Qingzhao Zhang 1,2 , Yizhuo Wang 1 , Juanru Li 1 , Siqi Ma 3 1 Shanghai Jiao Tong University , China 2 University of Michigan , America 3 Data 61, CSIRO , Australia

918 views • 38 slides
Modelgen: Mining Explicit Information Flow Specifications from Concrete Executions Lazaro Clapp,

Modelgen: Mining Explicit Information Flow Specifications from Concrete Executions Lazaro Clapp,

Modelgen: Mining Explicit Information Flow Specifications from Concrete Executions Lazaro Clapp, Saswat Anand, Alex Aiken Stanford University I Why mine specifications? Whole-program static analysis Application Whole-program static

992 views • 84 slides
PointlessTain,ng? Evalua,ngthePrac,calityofPointer Tain,ng

PointlessTain,ng? Evalua,ngthePrac,calityofPointer Tain,ng

PointlessTain,ng? Evalua,ngthePrac,calityofPointer Tain,ng AsiaSlowinska,HerbertBos VrijeUniversiteitAmsterdam Whypointertain,ng? AFacks Exploitlowlevelmemoryerrors

1.41k views • 65 slides

More recommend