information flow security 2
play

Information Flow Security (2) DD2460 Software Safety and Security: - PowerPoint PPT Presentation

Apr 14, 2023 •172 likes •394 views

Information Flow Security (2) DD2460 Software Safety and Security: Part III, lecture 3 Gurvan Le Guernic DD2460 (III, L3) February 24 th , 2012 V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP Outline Information Flow Security deals with

  1. Information Flow Security (2) DD2460 Software Safety and Security: Part III, lecture 3 Gurvan Le Guernic DD2460 (III, L3) February 24 th , 2012

  2. V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP Outline Information Flow Security deals with Confidentiality and Integrity related security policies. 1 Noninterference Variants 2 Enforcement Techniques 3 Conclusion / Wrap-up G. Le Guernic DD2460 (III, L3): Information Flow Security (2) 2/21

  3. V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP Noninterference Variants G. Le Guernic DD2460 (III, L3): Information Flow Security (2) 3/21

  4. V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP Termination (In)sensitive Noninterference Main idea: attacker is (un)able to observe ( O ) if execution terminated or not ∀ σ 1 , σ 2 : σ 1 = L σ 2 ⇒ O [[ σ 1 ⊢ P ]] = O [[ σ 2 ⊢ P ]] Sensitive: tag termination into observables Insensitive (1): observable prefixes of nonterminating executions � Insensitive (2): discard non-terminating executions ( σ ) G. Le Guernic DD2460 (III, L3): Information Flow Security (2) 4/21

  5. V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP Declassification Definition 1 (Noninterference modulo declassification φ ) A program is safe if and only if any executions, started with the same public inputs and agreeing on φ , output the same sequence. φ = secret is or is not yellow private input ? ? ? ? : public input program : as a function output : G. Le Guernic DD2460 (III, L3): Information Flow Security (2) 5/21

  6. V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP Taint Analysis Takes into account only (direct) explicit flows Weaker security guarantees, but more efficient enforcement mechanisms not efficient against malicious code, but OK against buggy code Examples: Python’s taint library Perl taint mode . . . G. Le Guernic DD2460 (III, L3): Information Flow Security (2) 6/21

  7. V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP Enforcement Techniques G. Le Guernic DD2460 (III, L3): Information Flow Security (2) 7/21

  8. V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP Noninterference Enforcement: Main Idea H inputs H outputs P H L inputs L outputs P L Process P G. Le Guernic DD2460 (III, L3): Information Flow Security (2) 8/21

  9. V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP Old Security Mechanism: Confined Processes Lampson’s 1973 notion of confinement Confined processes: are memoryless ( ⇒ side-effect free) call only confined processes, but can be called by unconfined processes have masked output belonging to a predefined set could extend to label verification Main concepts underlying sandboxing one of Java’s main security mechanisms G. Le Guernic DD2460 (III, L3): Information Flow Security (2) 9/21

  10. V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP Static Information Flow Analysis Principles: analyze IF before execution do nothing during execution Advantages: no runtime overhead run iff NI is proved old strong soundness culture Main drawback: can be too restrictive G. Le Guernic DD2460 (III, L3): Information Flow Security (2) 10/21

  11. V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP Dynamic Information Flow Analysis Principles: track flows at execution prevent data leak just before it occurs Advantages: enforce runtime policies more easily allow safe executions of unsafe programs may be more precise in some cases reduced space (not all executions) access to runtime values Main drawback: hard to spot all flows (implicit flows) G. Le Guernic DD2460 (III, L3): Information Flow Security (2) 11/21

  12. V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP Hybrid Information Flow Analysis Principles: mix of static and dynamic analyses dynamically analyze C 2 and C 3 for direct and explicit indirect flows if l statically analyze C 4 for implicit indirect flows C 1 C 2 C 2 dynamically analyze C 5 with results of C 3 and C 4 mixed if h Advantages: C 3 C 4 best of both worlds C 5 Main drawback: worst of both worlds higher complexity G. Le Guernic DD2460 (III, L3): Information Flow Security (2) 12/21

  13. V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP Is Detection Enough? What happens with an analysis which is sound with regard to information flow detection? Static analysis: Expert: “You should not use this program!” Dynamic analysis: ATM: “Oh, by the way, I probably sent your PIN code all over the web.” A user expects dynamic IF analyses to detect and correct information flows. G. Le Guernic DD2460 (III, L3): Information Flow Security (2) 13/21

  14. V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP The Correction Pitfall 1 Code block A outputs value 1: A 1 Analysis concludes: secret test public data: secret data: Sound detection does not imply sound (detection A B + correction) � dynamic analysis + “stop” correction “stop” correction with termination 1 3 0 1 insensitive NI proof G. Le Guernic DD2460 (III, L3): Information Flow Security (2) 14/21

  15. V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP Conclusion / Wrap-up G. Le Guernic DD2460 (III, L3): Information Flow Security (2) 15/21

  16. V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP 3 Most Important Points ∃ many information flow security policy variants termination sensitivity declassification . . . taint analyses Enforcement Static analyses: ( + ) soundness ( - ) usability (often too restrictive) Dynamic analyses: ( + ) usability ( - ) soundness Hybrid analyses: ( +/- ) soundness & usability ( - ) complexity Correction pitfall dynamic and hybrid analyses require correction mechanism sound detection �⇒ sound (detection + correction) G. Le Guernic DD2460 (III, L3): Information Flow Security (2) 16/21

  17. V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP IF Workshop Goal: simulate review of some existing IF security techniques you do not need to defend or kill your paper you need to: describe the enforcement technique used [and its implementation] (for reproducibility) evaluate the level of security provided describe advantages and limitations of the technique compare with other known techniques: workshop: type system + taint analysis report: type system + taint analysis + workshop techniques After the workshop and report, I/you should be able to pick up the best adapted tool/technique for a particular IF problem. G. Le Guernic DD2460 (III, L3): Information Flow Security (2) 17/21

  18. V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP Grading Workshop presentation is not graded per se (report is) [due 12/3] E: give a decent presentation (or at least additions/corrections session) be able to give an accurate description/summary of the paper at the course level C: (subsumes E) detail specific advantages and limitations of the paper’s technique A: (subsumes A) compare with the relevant techniques presented in class and in the other papers Level of learning of course material also reflected in the final grade if/where possible, report should contain proof of knowledge of channels, flows, labels, noninterference, enforcement, . . . G. Le Guernic DD2460 (III, L3): Information Flow Security (2) 18/21

  19. V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP Information Flow Wrap-up Enforcement Concepts Definitions Type System Taint Others lectures 1 & 3: basic lecture 3: lecture 2: type E IF policies, chan- static, dynamic, systems, nonin- nels, flows, labels, A terference, . . . hybrid, . . . C correction, . . . exercises 1 & 2: exercises 2: exercises 1: IF policies, timing workshop type systems, channels, flows, taint, . . . deeper Jif, . . . . . . G. Le Guernic DD2460 (III, L3): Information Flow Security (2) 19/21

  20. V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP Course Wrap-up Software safety and security: prevent bad behaviors causing system (base) and data (load) damage due to specification and/or implementation errors and/or weaknesses Formal methods: precise correctness guarantees often complex and expensive for critical systems and/or data 3 different techniques for software safety and security Temporal logic and model checking Hoare logic and VCG/symbolic execution Information flow and type system G. Le Guernic DD2460 (III, L3): Information Flow Security (2) 20/21

  21. V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP Announcements and Questions? Soon online: lab 2 booking course evaluation Questions? G. Le Guernic DD2460 (III, L3): Information Flow Security (2) 21/21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Information Flow Security DD2460 Software Safety and Security: Part III, lecture 1 Gurvan Le

Information Flow Security DD2460 Software Safety and Security: Part III, lecture 1 Gurvan Le

Information Flow Security DD2460 Software Safety and Security: Part III, lecture 1 Gurvan Le Guernic DD2460 (III, L1) February 14 th , 2012 C ONTEXT F ORMALIZATION C HANNELS , F LOWS AND L ABELS W RAP - UP Outline Information Flow Security deals

532 views • 35 slides
Course outline 1. Language-Based Security: motivation 2. Language-Based Information-Flow Security:

Course outline 1. Language-Based Security: motivation 2. Language-Based Information-Flow Security:

Course outline 1. Language-Based Security: motivation 2. Language-Based Information-Flow Security: the big picture 3. Dimensions and principles of declassification 4. Dynamic vs. static security enforcement 5. Tracking information flow in web

641 views • 30 slides
Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy

Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy

Secure Information Flow ! Protecting the confidentiality of secret information Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy Blood type: AB Birth date: 9/5/46 HIV: positive ! Access control and

399 views • 10 slides
Information Flow Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security

Information Flow Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security

Information Flow Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security Information Flow 3 Many security requirements can be formulated as what information flow is allowed/disallowed E.g., confidential data should not

478 views • 27 slides
Information Theory and Security: Quantitative Information Flow Pasquale Malacaria

Information Theory and Security: Quantitative Information Flow Pasquale Malacaria

Information Theory and Security: Quantitative Information Flow Pasquale Malacaria pm@dcs.qmul.ac.uk School of Electronic Engineering and Computer Science Queen Mary University of London Information Theory and Security: Quantitative Information

835 views • 54 slides
Information flow control for the web Prof. Frank PIESSENS Overview The web platform Web

Information flow control for the web Prof. Frank PIESSENS Overview The web platform Web

Information flow control for the web Prof. Frank PIESSENS Overview The web platform Web script security: threats and countermeasures A formal model of web scripts Information flow security Secure multi-execution The

2.25k views • 131 slides
Language-Based Information-Flow Security Presenter: Yiming Zhang Goal of this paper? This is a

Language-Based Information-Flow Security Presenter: Yiming Zhang Goal of this paper? This is a

Language-Based Information-Flow Security Presenter: Yiming Zhang Goal of this paper? This is a survey paper that studies the research on information-flow security, especially on work that uses static program analysis. Why language-based

585 views • 24 slides
RIFLE An Architectural Framework for User-Centric Information-Flow Security Vachharajani, N. and

RIFLE An Architectural Framework for User-Centric Information-Flow Security Vachharajani, N. and

RIFLE An Architectural Framework for User-Centric Information-Flow Security Vachharajani, N. and Bridges, M.J. and Chang, J. and Rangan, R. and Ottoni, G. and Blome, J.A. and Reis, G.A. and Vachharajani, M. and August, D.I. Information Flow

977 views • 19 slides
Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang

Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang

Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang Pennsylvania State University University Park, PA, USA {pzl129,zhang}@cse.psu.edu Background: Information Flow Analysis o Security enforcement to prevent

379 views • 24 slides
Computer Security environment, without compromising functionality or security? Three parts

Computer Security environment, without compromising functionality or security? Three parts

9/7/2013 Some topics Im working on Computing on encrypted data Information flow: Dynamic IFC in Haskell, web Sandboxing Untrusted JavaScript Third party web tracking and other web security stories Practical web security

572 views • 21 slides
Information Flow ( Chapter 5 of the lecture notes) Erik Poll Digital Security group Radboud

Information Flow ( Chapter 5 of the lecture notes) Erik Poll Digital Security group Radboud

Software Security Information Flow ( Chapter 5 of the lecture notes) Erik Poll Digital Security group Radboud University Nijmegen Motivating example Imagine using a mobile phone app to 1. locate nearest hotel using google 2. book a room

589 views • 45 slides
Timing-Sensitive Information-Flow Security Danfeng Zhang , Yao Wang, G. Edward Suh and Andrew C.

Timing-Sensitive Information-Flow Security Danfeng Zhang , Yao Wang, G. Edward Suh and Andrew C.

A Hardware Design Language for Timing-Sensitive Information-Flow Security Danfeng Zhang , Yao Wang, G. Edward Suh and Andrew C. Myers Cornell University ASPLOS 2015 Information Security via Isolation memory memory memory space 1 space 2

692 views • 35 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Lecture 17: Information Flow Basics and background Entropy Nonlattice flow policies

Lecture 17: Information Flow Basics and background Entropy Nonlattice flow policies

Lecture 17: Information Flow Basics and background Entropy Nonlattice flow policies Compiler-based mechanisms Execution-based mechanisms Examples Security Pipeline Interface Secure Network Server Mail Guard February

625 views • 44 slides
May 15: Information Flow and Confinement Information flow for integrity policies Examples

May 15: Information Flow and Confinement Information flow for integrity policies Examples

May 15: Information Flow and Confinement Information flow for integrity policies Examples of information flow controls Android phone Firewalls Confinement Virtual machines May 15, 2017 ECS 235B Spring Quarter 2017 Slide

487 views • 32 slides
Modelling Downgrading in Information Flow Security A. Bossi, C. Piazza, and S. Rossi Dipartimento

Modelling Downgrading in Information Flow Security A. Bossi, C. Piazza, and S. Rossi Dipartimento

Modelling Downgrading in Information Flow Security A. Bossi, C. Piazza, and S. Rossi Dipartimento di Informatica Universit` a Ca Foscari di Venezia bossi, piazza, srossi @dsi.unive.it Joint Meeting MYTHS/MIKADO/DART, Venice 2004.

309 views • 29 slides
Dynamic Geometry Processing EG 2012 Tutorial Will Chang, Hao Li, Niloy Mitra, Mark Pauly,

Dynamic Geometry Processing EG 2012 Tutorial Will Chang, Hao Li, Niloy Mitra, Mark Pauly,

Dynamic Geometry Processing EG 2012 Tutorial Will Chang, Hao Li, Niloy Mitra, Mark Pauly, Michael Wand Tutorial: Dynamic Geometry Processing 1 Eurographics 2012, Cagliari, Italy Articulated Global Registration Introduction and Overview

711 views • 58 slides
Introduction to Mobile Robotics Bayes Filter Extended Kalman Filter Wolfram Burgard, Cyrill

Introduction to Mobile Robotics Bayes Filter Extended Kalman Filter Wolfram Burgard, Cyrill

Introduction to Mobile Robotics Bayes Filter Extended Kalman Filter Wolfram Burgard, Cyrill Stachniss, Maren Bennewitz, Kai Arras 1 Bayes Filter Reminder bel ( x t ) = p ( z t | x t ) p ( x t | u t , x t 1 ) bel ( x t 1 )

745 views • 32 slides
Truncation Errors Numerical Integration Multiple Support Excitation Giacomo Boffi March 26,

Truncation Errors Numerical Integration Multiple Support Excitation Giacomo Boffi March 26,

Truncation Errors Numerical Integration Multiple Support Excitation Giacomo Boffi March 26, 2019 http://intranet.dica.polimi.it/people/boffi-giacomo Dipartimento di Ingegneria Civile Ambientale e Territoriale Politecnico di Milano Giacomo

1.16k views • 97 slides
A SHORT INTRODUCTION TO TWO-PHASE FLOWS 1D-time averaged models Herv e Lemonnier

A SHORT INTRODUCTION TO TWO-PHASE FLOWS 1D-time averaged models Herv e Lemonnier

A SHORT INTRODUCTION TO TWO-PHASE FLOWS 1D-time averaged models Herv e Lemonnier DM2S/STMF/LIEFT, CEA/Grenoble, 38054 Grenoble Cedex 9 Ph. +33(0)4 38 78 45 40 herve.lemonnier@cea.fr , herve.lemonnier.sci.free.fr/TPF/TPF.htm ECP, 2011-2012

420 views • 31 slides
Communication-Efficient Decentralized Learning Yuejie Chi EdgeComm Workshop, 2020

Communication-Efficient Decentralized Learning Yuejie Chi EdgeComm Workshop, 2020

Communication-Efficient Decentralized Learning Yuejie Chi EdgeComm Workshop, 2020 Acknowledgements Boyue Li Shicong Cen Yuxin Chen CMU CMU Princeton Communication-Efficient Distributed Optimization in Networks with Gradient Tracking and

627 views • 29 slides
Programming for the 0/1 Knapsack Problem Nirmal Prajapati Sanjay Rajopadhye Tarequl Islam Sifat

Programming for the 0/1 Knapsack Problem Nirmal Prajapati Sanjay Rajopadhye Tarequl Islam Sifat

Revisiting Sparse Dynamic Programming for the 0/1 Knapsack Problem Nirmal Prajapati Sanjay Rajopadhye Tarequl Islam Sifat Tarequl.Sifat@colostate.edu prajapati@lanl.gov Sanjay.Rajopadhye@colostate.edu Los Alamos National Laboratory

662 views • 45 slides
Analyzing Personality through Social Media Profile Picture Choice Leqi Liu , Daniel Preot

Analyzing Personality through Social Media Profile Picture Choice Leqi Liu , Daniel Preot

Analyzing Personality through Social Media Profile Picture Choice Leqi Liu , Daniel Preot iuc-Pietro, Zahra Riahi Mohsen E. Moghaddam, Lyle Ungar ICWSM 2016 Positive Psychology Center University of Pennsylvania 19 May 2016 Personality

853 views • 51 slides
dynamic spatial proteomic experiments European Bioconductor conference 2019 Mis-localisation is

dynamic spatial proteomic experiments European Bioconductor conference 2019 Mis-localisation is

Uncertainty quantification for dynamic spatial proteomic experiments European Bioconductor conference 2019 Mis-localisation is phenotypic in AP-4 deficiency syndrome Healthy Control AP-4 Deficiency A.K. Davies et al. Nat. Comms . 2018

312 views • 14 slides

More recommend