auraconf a unified approach to authorization and
play

AuraConf: A Unified Approach to Authorization and Confidentiality - PowerPoint PPT Presentation

Oct 14, 2022 •11 likes •841 views

AuraConf: A Unified Approach to Authorization and Confidentiality Jeff Vaughan Department of Computer Science University of California, Los Angeles TLDI January 25, 2011 Some attackers dont play fair. playFor: (s: Song) (p: prin )

  1. AuraConf: A Unified Approach to Authorization and Confidentiality Jeff Vaughan Department of Computer Science University of California, Los Angeles TLDI January 25, 2011

  2. Some attackers don’t play fair. playFor: (s: Song) → (p: prin ) → pf (RecCo says (MayPlay p s)) → Mp3Of s 1/25

  3. Some attackers don’t play fair. playFor: (s: Song) → (p: prin ) → pf (RecCo says (MayPlay p s)) → Mp3Of s 1/25

  4. Some attackers don’t play fair. playFor: (s: Song) → (p: prin ) → pf (RecCo says (MayPlay p s)) → Mp3Of s 1/25

  5. A URA conf protects confidential data. Types provide a formal description of confidentiality policy. 2/25

  6. A URA conf protects confidential data. Types provide a formal description of confidentiality policy. Encryption provides an enforcement mechanism. 2/25

  7. A URA conf protects confidential data. Types provide a formal description of confidentiality policy. Encryption provides an enforcement mechanism. Blame mechanism allows audit of (some) failures. 2/25

  8. First thought: borrow someone else’s idea! Direct use of cryptography Applied Crytpo. [Schneier ’96] Language operations supporting cryptography Spi Calculus [Abadi+ ’98], λ seal [Sumii+ ’04] Type-based information flow Aura [Jia & Zdancewic ’09] Information flow + explicit cryptography Key-Based DLM [Chothia+ ’03], [Askarov+ ’06] Declarative policy enforcement by automatic encryption SImp [Vaughan & Zdancewic ’06] 3/25

  9. First thought: borrow someone else’s idea! Direct use of cryptography Applied Crytpo. [Schneier ’96] Language operations supporting cryptography Spi Calculus [Abadi+ ’98], λ seal [Sumii+ ’04] Type-based information flow Aura [Jia & Zdancewic ’09] Information flow + explicit cryptography Key-Based DLM [Chothia+ ’03], [Askarov+ ’06] Declarative policy enforcement by automatic encryption SImp [Vaughan & Zdancewic ’06] None of these are good fits with A URA . 3/25

  10. New mechanism, for types describe encrypted data. playForEnc: (s: Song) → (p: prin ) → pf (RecCo says MayPlay p s) → (Mp3Of s) for p 4/25

  11. New mechanism, for types describe encrypted data. 10111001 playForEnc: (s: Song) → (p: prin ) → pf (RecCo says MayPlay p s) → (Mp3Of s) for p 4/25

  12. New mechanism, for types describe encrypted data. 10111001 playForEnc: (s: Song) → (p: prin ) → pf (RecCo says MayPlay p s) → (Mp3Of s) for p 4/25

  13. New mechanism, for types describe encrypted data. 10111001 ? playForEnc: (s: Song) → (p: prin ) → pf (RecCo says MayPlay p s) → (Mp3Of s) for p 4/25

  14. Outline Introduction 1 Overview of for types 2 3 Feature design Language theory 4 Conclusion 5 5/25

  15. Overview of for types 6/25

  16. A URA conf represents confidentiality monadically: return. return Alice 42: int for Alice N.B. Monads are a common Haskell design pattern: return : creates an object run : consumes an object bind : composes objects 7/25

  17. A URA conf represents confidentiality monadically: return. return Alice 42: int for Alice � E (Alice, 42, 0x32A3) and some metadata N.B. Monads are a common Haskell design pattern: return : creates an object run : consumes an object bind : composes objects 7/25

  18. A URA conf represents confidentiality monadically: run. run ( return Alice 42): int 8/25

  19. A URA conf represents confidentiality monadically: run. run ( return Alice 42): int � 42 8/25

  20. A URA conf represents confidentiality monadically: run. run ( return Alice 42): int � 42 run can fail on “bad” ciphertext. wrong decryption key ill-formed/ill-typed payload plaintext corrupt ciphertext e ′ blames p . run e � e ′ where 8/25

  21. A URA conf represents confidentiality monadically: bind. bind (int for Alice) ( return Alice 21) ( λ { } x: int . return Alice (2 ∗ x)) : int for Alice 9/25

  22. A URA conf represents confidentiality monadically: bind. bind (int for Alice) ( return Alice 21) ( λ { } x: int . return Alice (2 ∗ x)) : int for Alice � E (Alice, ( λ { } x: int . return 2 ∗ x) ( run E (Alice, 21, 0x32A4)) 0x32A3) and some metadata 9/25

  23. A URA conf represents confidentiality monadically: bind. bind (int for Alice) ( return Alice 21) ( λ { } x: int . return Alice (2 ∗ x)) : int for Alice � E (Alice, ( λ { } x: int . return 2 ∗ x) ( run E (Alice, 21, 0x32A4)) 0x32A3) and some metadata ≈ E (Alice, 42, 0x32A5) and some metadata 9/25

  24. A URA conf represents confidentiality monadically: bind. bind (int for Alice) ( return Alice 21) ( λ { } x: int . return Alice (2 ∗ x)) : int for Alice � E (Alice, ( λ { } x: int . return 2 ∗ x) ( run E (Alice, 21, 0x32A4)) 0x32A3) and some metadata ≈ E (Alice, 42, 0x32A5) and some metadata This is mobile code 9/25

  25. Static and dynamic static coupled by for types Programs may dynamically load data or code with run Dynamic type-checking needed to catch errors Ciphertexts may be paired with digitally signed proofs describing their contents In case of emergency, evaluation “blames” such proofs Well-typed clients create values that don’t cause blame Typing of bind makes sure mobile expressions can be correctly decrypted by the receiver Receiver’s dynamic resources are modeled by sender’s typechecker 10/25

  26. Feature design 11/25

  27. The tension in A URA conf ’s design. Suppose expression e contains secrets. A client analyzing e is: 12/25

  28. The tension in A URA conf ’s design. Suppose expression e contains secrets. A client analyzing e is: Good! Type Theorist 12/25

  29. The tension in A URA conf ’s design. Suppose expression e contains secrets. A client analyzing e is: Good! Bad! Type Theorist Cryptographer 12/25

  30. Challenge 1: Typing is relative. 13/25

  31. Challenge 1: Typing is relative. 13/25

  32. Challenge 1: Typing is relative. 13/25

  33. Challenge 1: Typing is relative. 13/25

  34. Challenge 1: Typing is relative. 13/25

  35. Challenge 1: Typing is relative. 13/25

  36. Challenge 1: Typing is relative. 13/25

  37. Challenge 1: Typing is relative. 13/25

  38. Challenge 1: Typing is relative. 13/25

  39. Challenge 1: Typing is relative. 13/25

  40. Metadata casts guide typing of ciphertexts. True cast cast E (a, e, n) to ( int for Alice): int for Alice Possible if typechecker can statically decrypt E (a,e,n). Also possible if the typechecker has a prerecorded fact , attesting to the form of E (a,e,n). 14/25

  41. Metadata casts guide typing of ciphertexts. True cast cast E (a, e, n) to ( int for Alice): int for Alice Possible if typechecker can statically decrypt E (a,e,n). Also possible if the typechecker has a prerecorded fact , attesting to the form of E (a,e,n). Justified cast cast E (a, e, n) to ( int for Alice) blaming p: int for Alice Valid when p: c says ( E (a,e,n) isa ( int for Alice)). Proof p can be blamed for decryption or typing failures. 14/25

  42. Decryption failures may be audited with justified casts. 15/25

  43. Decryption failures may be audited with justified casts. Evidence: ill-formed Action: ignore message Evidence: mentions Mal Action: blame Mal Evidence: mentions Alice Action: blame Alice 1111111 15/25

  44. Decryption failures may be audited with justified casts. Evidence: ill-formed Action: ignore message Evidence: mentions Mal Action: blame Mal Evidence: mentions Alice Action: blame Alice 1111111 15/25

  45. Decryption failures may be audited with justified casts. Evidence: ill-formed Action: ignore message Evidence: mentions Mal Action: blame Mal Evidence: mentions Alice Action: blame Alice 1111111 15/25

  46. Decryption failures may be audited with justified casts. Evidence: ill-formed Action: ignore message Evidence: mentions Mal Action: blame Mal Evidence: mentions Alice Action: blame Alice 1111111 15/25

  47. Decryption failures may be audited with justified casts. Evidence: ill-formed Action: ignore message Evidence: mentions Mal Action: blame Mal Evidence: mentions Alice Action: blame Alice 1111111 15/25

  48. Decryption failures may be audited with justified casts. Evidence: ill-formed Action: ignore message Evidence: mentions Mal Action: blame Mal Evidence: mentions Alice Action: blame Alice 1111111 15/25

  49. Challenge 2: Keys affect static & dynamic semantics. Dynamic semantics Keys are required at runtime to implement run (and say ). Type-and-effect analysis tracks these keys. FX [Lucassen+ ’88], foundations [Talpin+ ’92] Static semantics True casts need keys at compile time for typechecking. Tracked using ideas from modal type systems. Modal Proofs as Distributed Programs [Jia+ 04], ML5 [Murphy ’08] Combining these analyses is interesting! 16/25

  50. Challenge 3: Typing exhibits history-dependence. 1000101 Consider Bob preparing a confidential message for Alice return Alice 3 � cast E ( − ) to int for Alice Naively: Bob lacks Alice’s private key—he can’t typecheck this. Solution Evaluation semantics creates new facts to guide the typechecker. This ensures types are preserved at runtime and programs don’t “go wrong.” 17/25

  51. Language theory 18/25

  52. Evaluation tracks fact generation and authority. Σ; F 0 ; W ⊢ {| e , n |} → {| e ′ , n ′ |} learning F 19/25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Unified Authentication, Authorization, and User Administration An Open Source Approach Ted

Unified Authentication, Authorization, and User Administration An Open Source Approach Ted

Unified Authentication, Authorization, and User Administration An Open Source Approach Ted C. Cheng, Howard Chu, Matthew Hardin Symas Corporation Outline Evolution of Related Technologies Unified AAA Architecture Provisioning AAA

396 views • 27 slides
Streamlining & Adapting: A Unified Approach A Unified Approach G. Scott Weese IT

Streamlining & Adapting: A Unified Approach A Unified Approach G. Scott Weese IT

conference & convention enabling the next generation of networks & services Streamlining & Adapting: A Unified Approach A Unified Approach G. Scott Weese IT International Telecom conference & convention enabling the next

287 views • 15 slides
Molina Healthcare Prior Authorization Prior Authorization is a request for prospective review. It

Molina Healthcare Prior Authorization Prior Authorization is a request for prospective review. It

Molina Healthcare Prior Authorization Prior Authorization is a request for prospective review. It is designed to : Assist in benefit determination Prevent unanticipated denials of coverage Create a collaborative approach to

187 views • 18 slides
Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without authorization Authorization in Oxford Advanced Learner's Dictionary Object-oriented Databases authorization is the concept of allowing

70 views • 6 slides
Socially Constructed Trust for Distributed Authorization Steve Barker, Kings College London

Socially Constructed Trust for Distributed Authorization Steve Barker, Kings College London

Socially Constructed Trust for Distributed Authorization Steve Barker, Kings College London Valerio Genovese, University of Torino, Italy Socially Constructed Trust for Distributed Authorization p.1/17 An Approach A common approach to

631 views • 17 slides
Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably

Authorization We will use the terms authorization and access control interchangeably Authorization answers the question who is allowed to do what ? A first step in the development of an access control system is the

651 views • 53 slides
A unified continuum mechanical approach for the computer age About the course Hans Petter

A unified continuum mechanical approach for the computer age About the course Hans Petter

Mathematical Modeling of Flow, Heat Transfer, and Deformation A unified continuum mechanical approach for the computer age About the course Hans Petter Langtangen Simula Research Laboratory and Dept. of Informatics University of Oslo

1.05k views • 82 slides
Classical Sabermetrics vs. Formal Statistical Inference: Towards a Unified Approach to

Classical Sabermetrics vs. Formal Statistical Inference: Towards a Unified Approach to

Classical Sabermetrics vs. Formal Statistical Inference: Towards a Unified Approach to Quantitative Baseball Research Patrick Kilgo, Brian Schmotzer, Hillary Superak, Paul Weiss, Jeff Switchenko, Lisa Elon, Jason Lee, and Lance Waller

632 views • 48 slides
1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel

1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel

1 Travel Authorization and Expense Process 1. Introduction 2. Travel Authorization 3. Travel Expense 4. Travel Regulations 2 Travel Authorization (See Next Slide for Detailed Steps) 2. Trip Information goes here 1. Budgetary Coding goes

319 views • 11 slides
Specialization Is for Insects Polymorphous Architectures: A Unified Approach for Extracting

Specialization Is for Insects Polymorphous Architectures: A Unified Approach for Extracting

Specialization Is for Insects Polymorphous Architectures: A Unified Approach for Extracting Concurrency of Different Granularities Karu Sankaralingam Computer Architecture and Technology Laboratory Department of Computer Sciences The

512 views • 49 slides
A Unified Approach to Related-Key Attacks Orr Dunkelman Katholieke Universitiet Leuven, Dept.

A Unified Approach to Related-Key Attacks Orr Dunkelman Katholieke Universitiet Leuven, Dept.

A Unified Approach to Related-Key Attacks Orr Dunkelman Katholieke Universitiet Leuven, Dept. of Electrical Engineering ESAT- SCD/COSIC joint work with Eli Biham and Nathan Keller 1/46 Outline of the Talk Previous Results: Original

600 views • 46 slides
ECMs and Institutional Repositories: The Case for a Unified Enterprise Approach to Content

ECMs and Institutional Repositories: The Case for a Unified Enterprise Approach to Content

ECMs and Institutional Repositories: The Case for a Unified Enterprise Approach to Content Management Malcolm Wolski (Presenter) Associate Director (eResearch and Academic Resource Development Services), Information Services Joanna

696 views • 15 slides
Work Authorization Documents Work Authorization Document Control Account Information Control

Work Authorization Documents Work Authorization Document Control Account Information Control

Work Authorization Documents https://cametoolbox.fnal.gov/Project/WADReports?ProjectName=HL-L... Work Authorization Documents Work Authorization Document Control Account Information Control Account Manager: 10629N Nobrega, Fred Control

56 views • 5 slides
Unified Business System Provider Training Presented By: Karla Lubinski, Gaye Cosgrove, and

Unified Business System Provider Training Presented By: Karla Lubinski, Gaye Cosgrove, and

Unified Business System Provider Training Presented By: Karla Lubinski, Gaye Cosgrove, and Carolyn Schulein June 2018 OVERVIEW Authorization and Payment Specialized Processes Provider Portal Claims Submission Provider

468 views • 29 slides
Enterprise GRC Framework p Unified Approach to Address Silo Cyber Security Landscape

Enterprise GRC Framework p Unified Approach to Address Silo Cyber Security Landscape

Ministry of Science, People First, Performance Now Technology and Innovation Enterprise GRC Framework p Unified Approach to Address Silo Cyber Security Landscape Ramaguru Ramasubbu and Rahul Moondra 7 th November 2012 h Ministry of

404 views • 37 slides
A unified approach to performance modelling and verification Stephen Gilmore and Le la Kloul

A unified approach to performance modelling and verification Stephen Gilmore and Le la Kloul

A unified approach to performance modelling and verification Stephen Gilmore and Le la Kloul Laboratory for Foundations of Computer Science The University of Edinburgh SAFECOMP, Sept 2003 Stephen Gilmore DEGAS project, LFCS, Edinburgh 1

761 views • 47 slides
EMIN Romanian Na6onal Conference Bucure6, 26 septembrie

EMIN Romanian Na6onal Conference Bucure6, 26 septembrie

European Minimum Income Network (EMIN) EMIN Romanian Na6onal Conference Bucure6, 26 septembrie 2014 Palatul Parlamentului - Sala Mihai Viteazul

224 views • 8 slides
Physical Conditions in YSO Jets OVERVIEW (Focus on atomic lines) I. Radiative Shocks II.

Physical Conditions in YSO Jets OVERVIEW (Focus on atomic lines) I. Radiative Shocks II.

Department of Physics and Astronomy Rice University ALMA, Charlottesville Patrick Hartigan March 2, 2012 Physical Conditions in YSO Jets OVERVIEW (Focus on atomic lines) I. Radiative Shocks II. Electron Densities, Temperatures, Ionization

444 views • 22 slides
Geing Started with Purr Data Albert Grf <aggraef@gmail.com> June 2018 . . . . .

Geing Started with Purr Data Albert Grf <aggraef@gmail.com> June 2018 . . . . .

Geing Started with Purr Data Albert Grf <aggraef@gmail.com> June 2018 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Agenda auxiliary materials:

456 views • 17 slides
12/30/2013 This Weeks Learning Objectives You will be able to Develop a foundation for

12/30/2013 This Weeks Learning Objectives You will be able to Develop a foundation for

12/30/2013 This Weeks Learning Objectives You will be able to Develop a foundation for better understanding of the onsite session. Students will be able to describe: Guidelines for Early Intervention after confirmation 1 of infant

358 views • 12 slides
1 DISCLAIMER This document, any attachments and the oral presentation on the slides (together the

1 DISCLAIMER This document, any attachments and the oral presentation on the slides (together the

1 DISCLAIMER This document, any attachments and the oral presentation on the slides (together the "Presentation") have been prepared and are being supplied to you by Aura Energy Limited (the "Company") solely for information

1.03k views • 38 slides
SUBJECT PROPERTY: 234 WEST 139TH STREET, NEW YORK, NEW YORK, 10030 PAGE 1 DATE: 05.22.2018

SUBJECT PROPERTY: 234 WEST 139TH STREET, NEW YORK, NEW YORK, 10030 PAGE 1 DATE: 05.22.2018

HISTORIC VIEW OF THE PRIVATE ALLEYWAY THE KING MODEL HOUSES RECORD & GUIDE PUBLICATION (pub. 1892) SUBJECT PROPERTY: 234 WEST 139TH STREET, NEW YORK, NEW YORK, 10030 PAGE 1 DATE: 05.22.2018 ARCHETYPE 224 W. 79TH ST. NEW YORK, NEW

471 views • 26 slides
Monitoring Lung Disease using Electronic Stethoscope Arrays Kyle Mulligan, Andy Adler, Rafik

Monitoring Lung Disease using Electronic Stethoscope Arrays Kyle Mulligan, Andy Adler, Rafik

Monitoring Lung Disease using Electronic Stethoscope Arrays Kyle Mulligan, Andy Adler, Rafik Goubran Department of Systems and Computer Engineering Carleton University CMBEC32 Calgary, AB 23 May 2009 Agenda Background Motivation

612 views • 22 slides
Contribution by Angola Guidelines and Tools for Implementation, Coordination and Regulation of

Contribution by Angola Guidelines and Tools for Implementation, Coordination and Regulation of

THE UNITED NATIONS COMMISSION ON SCIENCE AND TECHNOLOGY FOR DEVELOPMENT 15 TH SESSION 21 25 May 2012 Geneva Contribution by Angola Guidelines and Tools for Implementation, Coordination and Regulation of Science, Technology and Innovation

494 views • 26 slides

More recommend