language based security fosad 2008
play

Language-based Security FOSAD 2008 Steve Zdancewic University of - PowerPoint PPT Presentation

Dec 05, 2023 •162 likes •1.18k views

Language-based Security FOSAD 2008 Steve Zdancewic University of Pennsylvania Confidential Data Networked information systems: PCs store passwords, e-mail, finances,... Businesses rely on computing infrastructure Military &

  1. Modeling I/O  λ -calculus does not have input/output  Only observable behavior is the output of the program.  Inputs to the program are its free variables.  A substitution γ maps variables to values  Given e, write γ (e) for the term obtained by substituting γ (x) for free occurences of x in e, for each x in the dom( γ ). Zdancewic 33

  2. How can information leak?  Substitution γ 1 (x) = true γ 2 (x) = false  Explicit flow (trivial):  Program e = x  So: γ 1 (e) = γ 1 (x) = true  And: γ 2 (e) = γ 2 (x) = false  Implicit flow (slightly less trivial):  Program e = if x then false else true  So: γ 1 (e) = if true then false else true → false  And: γ 2 (e) = if false then false else true → true Zdancewic 34

  3. Static Semantics  Static semantics  Lattice lifted to a subtyping relation  “Standard” information-flow type system  Heintze & Riecke’s SLam calculus POPL’98  Pottier & Conchon ICFP’0  Many variants  E.g. DCC Zdancewic 35

  4. Types for Information Flow  Basic idea: assign types that include security labels.  Use the type system to track the flow of information.  Prove that the type system is sound with respect to the model of I/O we just saw. Zdancewic 36

  5. Simply-typed secure language λ sec L ∈ L labels t ::= bool | s → s types s ::= t{L} secure types v ::= x | true | false values | λ x:s.e e ::= v values | (e e) application | if e then e else e conditional Zdancewic 37

  6. Type System (1) Γ ::= . | Γ ,x:s T ype environments Γ  e : s T ype judgments: “e has security type s” x:s ∈ Γ Γ  x : s Γ  true : bool{L} Γ  false : bool{L} Zdancewic 38

  7. Type System (2) Γ , x:s 1  e : s 2 Γ  λ x:s 1 . e : (s 1 → s 2 ){L} Γ  e 1 : (s 2 → s){L} Γ  e 2 : s 2 Γ  (e 1 e 2 ) : s  L Note: t{L 1 }  L 2 = t{L 1  L 2 } Zdancewic 39

  8. Type System (3) Γ  e : bool{L} Γ  e 1 ,e 2 : t{L} Γ  if e then e 1 else e 2 : t{L} Γ  e : s 1 s 1 ≤ s 2 Γ  e : s 2 Zdancewic 40

  9. Subtyping Relations t 1 ≤ t 2 t 2 ≤ t 3 t 1 ≤ t 3 t ≤ t s 1 ’ ≤ s 1 s 2 ≤ s 2 ’ s 1 → s 2 ≤ s 1 ’ → s 2 ’ t 1 ≤ t 2 L 1  L 2 t 1 {L 1 } ≤ t 2 {L 2 } Zdancewic 41

  10. Type safety properties  Preservation: If Γ  e : s and e → e’ then Γ  e’ : s.  Progress: If .  e : s then either:  e is a value, or  There exists e’ such that e → e’ Zdancewic 42

  11. Basic Lemmas  Substitution: If Γ 1 , x:s 1 , Γ 2  e 2 : s 2 and Γ 1  e 1 : s 1 then Γ 1 , Γ 2  e 2 {e 1 /x} : s 2 .  Canonical forms:  If .  v : bool{L} then v = true or v = false  If .  v : (s 1 → s 2 ){L} then v = λ x:s 3 . e where s 1 ≤ s 3 Zdancewic 43

  12. Noninterference Theorem x:t{hi}  e : bool{low} If  v 1 , v 2 : t {hi} hi  low then e{v 1 /x} → * v iff e{v 2 /x} → * v Zdancewic 44

  13. Proof  Uses a logical relations argument  Relations defined inductively over the structure of types  Two terms are related at a security level L if they “look the same” to observer at level L  Define logical relations  Subtyping lemma  Substitution lemma Zdancewic 45

  14. Logical Relations (1)  Recall the structure of types: t ::= bool | s → s types s ::= t{L} secure types  Note: assume all terms mentioned are well typed  Define 3 relations on this structure:  v 1 ~ L v 2 : bool iff v1 = v2 = true or v1 = v2 = false  v 1 ~ L v 2 : s 1 → s 2 iff forall u 1 ~ L u 2 : s 1 , (v 1 u 1 ) ≈ L (v 2 u 2 ) : s 2 Zdancewic 46

  15. Logical Relations (2)  v 1 ~ L v 2 : t{L’} iff  L’  L implies v 1 ~ L v 2 : t  e 1 ≈ L e 2 : s iff  e 1 → * v 1  e 2 → * v 2  v 1 ~ L v 2 : s Zdancewic 47

  16. Examples  true ~ low true : bool{low}  true ~ low false : bool{low}  true ~ low false : bool{hi}  λ x:bool{low}. x ~ low λ x:bool{low}. not(x) Are low-related at the types : (bool{low} → bool{hi}){low} : (bool{low} → bool{low}){hi} But not at the type : (bool{low} → bool{low}){low} Zdancewic 48

  17. Subtyping Lemma  If v 1 ~ L v 2 : t and t ≤ t’ then v 1 ~ L v 2 : t’.  If v 1 ~ L v 2 : s and s ≤ s’ then v 1 ~ L v 2 : s’.  If e 1 ≈ L e 2 : s and s ≤ s’ then e 1 ≈ L e 2 : s’.  Proof: By mutual induction on structure of types t and s, with an auxiliary induction to handle transitivity. Zdancewic 49

  18. Related Substitutions  Need to extend the logical relation to programs with free variables.  Write γ 1 ~ L γ 2 : Γ to mean:  dom( γ 1 ) = dom( γ 2 ) = dom( Γ )  For all x ∈ dom( Γ ), γ 1 (x) ~ L γ 2 (x) : Γ (x) Zdancewic 50

  19. Fundamental Lemma  If Γ  e : s and γ 1 ~ L γ 2 : Γ then γ 1 (e) ≈ L γ 2 (e) : s.  Proof: By induction on the derivation that Γ  e : s. Zdancewic 51

  20. Back to Noninterference x:t{hi}  e : bool{low} If  v 1 , v 2 : t {hi} hi  low then e{v 1 /x} → * v iff e{v 2 /x} → * v Zdancewic 52

  21. Back to Noninterference If x:t{hi}  e : bool{low}  v 1 , v 2 : t {hi} hi  low then let γ 1 (x) = v 1 , γ 2 (x) = v 2 and observe that γ 1 ∼ low γ 2 : x:t{hi} So, γ 1 (e) ≈ low γ 2 (e) : bool{low} Zdancewic 53

  22. Other Proof Techniques  Information-flow is a property of two runs of the program.  It talks about correlating two different possible runs  Proof techniques relate two runs:  Nonstandard operational semantics [Pottier & Simonet]  Bisimulation techniques  Self composition – reduce the problem to a property on a single execution, but run the program twice. Zdancewic 54

  23. Outline  Defining information flow formally  A simple language for information-flow security  One proof of noninterference  Scaling up the language: features  Language-based security in practice  Secure program partitioning Zdancewic 55

  24. Scaling Up  Polymorphism & Inference  Sums  State and effects  Simple state  References  Termination & Timing Zdancewic 56

  25. Polymorphism & Inference  Add quantification over security levels  ∀ L::label. (bool{L} → bool{L}){L}  Reuse code at multiple security levels.  Inference of security labels  Type system generates a set of lattice inequalities  Equations have the form l  l 1  …  l 2  Constraint of this form can be solved efficiently Zdancewic 57

  26. Polymorphism in Flow Caml  Lists in Flow Caml [Vincent Simonet & François Pottier ’02,’03]  Base types parameterized by security level bool{low} is written low bool  Type of lists also parameterized: ∀ ’a::type. ∀ ’L::label. (‘a, ‘L) list x1 : hi int [1;2;3;4] : ('L int, 'M) list [x1; x1] : (hi int, 'L) list Zdancewic 58

  27. Example: List Length  Length does not depend on contents of list: let rec length l = match l with | [] -> 0 | _ :: tl -> 1 + length tl : (‘a, 'M) list -> 'M int Zdancewic 59

  28. Example: has0  Lookup depends on both contents and structure of the list: let rec has0 l = match l with | [] -> false | hd :: tl -> hd = 0 || has0 tl : ('L int, 'L) list -> 'L bool Zdancewic 60

  29. Sums & Datatypes  In general: destructors reveal information  Accuracy of information-flow analysis is important [Vincent Simonet CSFW’02]  Suppose x:bool{L 1 }, y:bool{L 2 }, z:bool{L 3 } type t = A | B | C let v = if x then (if y then A else B) else (if z then A else C) let i = match v with | A | B -> 1 | C -> 0  What is label of i? Zdancewic 61

  30. Simple State & Implicit Flows int{high} a; int{low} b; PC Label ... {low} if (a>0) { {low}  {high}={high} b := 4; } {low} Zdancewic 62

  31. Simple State & Implicit Flows int{high} a; int{low} b; PC Label ... {low} if (a>0) { {low}  {high}={high} b := 4; } {low} To assign to variable with label L, must have PC  L. Zdancewic 63

  32. Full References: Aliasing h:int{high} let lr = ref 3 in let hr = lr in hr := h Information leaks through aliasing: Both the pointer and data pointed to can cause leaks. Zdancewic 64

  33. Two more leaks h:int{high} let lr1 = ref 3 in let lr2 = ref 4 in let lr = if h then lr1 else lr2 in l := !lr let lr1 = ref 3 in let lr2 = ref 4 in let lr = if h then lr1 else lr2 in lr := 2 Zdancewic 65

  34. Secure References t ::= … | s ref types s ::= t{L} secure types v ::= … | r heap pointers e ::= … | ref e reference alloc. | !e dereference | e := e assignment Zdancewic 66

  35. Type System for State  Modified type system for effects [Jouvelot & Gifford ’91]  pc label approximates control-flow info. Γ [pc]  e : s  Notation: lblof(t{L}) = L  Invariant of this type system: Γ [pc]  e : s ⇒ pc  lblof(s) Zdancewic 67

  36. Typing Rules for State (1) Γ [pc]  true : bool{pc} Γ [pc]  e : bool{L} Γ [pc  L ]  e 1 ,e 2 : s Γ [pc]  if e then e 1 else e 2 : s Zdancewic 68

  37. Typing Rules for State (2)  Prevent information leaks through assignment.  Recall that pc  L Γ [pc]  e 1 : s ref{L} L  lblof(s) Γ [pc]  e 2 : s Γ [pc]  e 1 := e 2 : unit{pc} Zdancewic 69

  38. Typing Rules for State (3) Γ [pc]  e : s ref{L} Γ [pc]  !e : s  L Γ [pc]  e : s Γ [pc]  ref e : s ref{pc} Zdancewic 70

  39. Function Calls int{high} a; int{low} b; PC Label ... {low} if (a>0) { {low}  {high}={high} f(4); } {low} Zdancewic 71

  40. Function Calls int{high} a; int{low} b; PC Label ... {low} if (a>0) { {low}  {high}={low} f(4); } {low} To call a function with effects bounded by L must have PC  L. Zdancewic 72

  41. Effect Types for Functions t ::= … | [pc]s → s types Γ ,x:s 1 [pc’]  e : s 2 Γ [pc]  λ x:s 1 .e : ( [pc’] s 1 → s 2 ) {pc} Zdancewic 73

  42. Typing Application L  pc’ Γ [pc]  e 2 : s 1 Γ [pc]  e 1 : ( [pc’] s 1 → s 2 ) {L} Γ [pc]  e 1 e 2 : s 2  L Zdancewic 74

  43. More Effects  Exceptions  Very important to track accurately  Related to sums  Termination & Timing  Is termination observable?  For practicality, we sometimes want to allow termination channels.  Timing behavior can be regulated by padding (but is expensive!) [Agat’00] Zdancewic 75

  44. Outline  Defining information flow formally  A simple language for information-flow security  One proof of noninterference  Scaling up the language: features  Language-based security in practice  Secure program partitioning Zdancewic 76

  45. Practicality  Expressiveness  Full implementations: Flow Caml & Jif  Decentralized label model  Downgrading & Declassification Zdancewic 77

  46. Expressiveness  Languages are still Turing complete  Just program at one level of security  How to formalize expressiveness?  … I don’t know! (Try to write programs…)  Agat & Sands ’01:  Considered strong noninterference with timing constraints  Algorithms take worst-case running time  Heapsort more efficient than quicksort!  Relax to probabilistic noninterference to allow use of randomized algorithms Zdancewic 78

  47. Jif: Java+Information Flow [Myers, Nystrom, Zdancewic, Zheng] Java   With some restrictions Policy Language:   Principals, Labels, Authority  Principal Hierarchy (delegation)  Confidentiality & Integrity constraints  Robust Declassification & Endorsement  Language features (i.e. polymorphism) http://www.cs.cornell.edu/jif  79

  48. Parameterized Classes  Jif allows classes to be parameterized by labels and principals  Code reuse  e.g. Containers parameterized by labels  class MyClass[label L] { int{L} x; } Zdancewic 80

  49. Decentralized Labels [Myers & Liskov '97, '00]  Simple Component {owner: readers}  {Alice: Bob, Eve} “Alice owns this data and she permits Bob & Eve to read it.”  Compound Labels  {Alice: Charles; Bob: Charles} “Alice & Bob own this data but only Charles can read it.” Zdancewic 81

  50. Decentralized Label Lattice T  Order … … … …  Join {Alice:} Labels higher in the lattice are more restrictive. … … {Alice:Bob}  … … {Alice:Bob,Charles} {Alice: Bob,Eve} {} Zdancewic 82

  51. Integrity Constraints  Specify who can write to a piece of data  {Alice? Bob} “Alice owns this data and she permits Bob to change it.”  Both kinds of constraints  {Alice: Bob; Alice?} Zdancewic 83

  52. Integrity/Confidentiality Duality  Confidentiality policies constrain where data can flow to .  Integrity policies constrain where data can flow from .  Confidentiality: Public  Secret Untainted  Tainted  Integrity: Zdancewic 84

  53. Weak Integrity  Integrity, if treated dually to confidentiality is weak .  Guarantee about the source of the data  No guarantee about the quality of the data  In practice, probably want stronger policies on data:  Data satisfies an invariant  Data only modified in appropriate ways by permitted principals Zdancewic 85

  54. Richer Security Policies  More complex policies: "Alice will release her data to Bob, but only after he has paid $10."  Noninterference too restrictive  In practice programs do leak some information  Rate of info. leakage too slow to matter  Justification lies outside the model (i.e. cryptography) Zdancewic 86

  55. Declassification int{Alice:} a; int Paid; ... // compute Paid if (Paid==10) { int{Alice:Bob} b = declassify(a, {Alice:Bob}); ... } “down-cast" int{Alice:} to int{Alice:Bob} Zdancewic 87

  56. Declassification Problem  Declassification is necessary & useful  ...but, it breaks the noninterference theorem  Like a downcast mechanism  So, must constrain its use. How?  Arbitrary specifications too hard to check. (though see recent work by Banerjee & Naumann)  Decentralized label model: Authority  Robust declassification  Subject of many, many research papers Zdancewic 88

  57. Robust Declassification Alice needs to int{Alice:} a; trust the contents int{Alice?} Paid; of paid. ... // compute Paid if (Paid==10) { int{Alice:Bob} b = declassify(a, {Alice:Bob}); ... } Introduces constraint PC  {Alice?} [Zdancewic & Myers'01,Zdancewic’03,Myers, Sabelfeld & Zdancewic’06] Zdancewic 89

  58. Typing Rule for Declassify Γ [pc]  e : t{L’} PC  auth(L’,L) Γ [pc]  declassify(e,{L}) : t{L} auth(L’,L) - returns integrity label that authorizes the downgrading Zdancewic 90

  59. Does it Help?  Intuitively appealing for programmers  But programmers are still trusted  Easy to implement  Declassification doesn’t change the integrity level of a piece of data  Noninterference for integrity sublattice still holds  Weaker guarantee than needed?  Could further refine auth(L’,L)  Restrict declassification to data with particular integrity labels Zdancewic 91

  60. Endorsement  The integrity dual of declassification is called endorsement .  Increases the integrity level of a value  Also an unsafe “downcast”  Jif syntax: endorse(x,{Alice?})  Decentralized Label Model:  Endorsing requires authority of the owner Zdancewic 92

  61. Dynamic Policies  Dynamic Principals  Identity of principals may change at run time  Policy may depend on identity  Requires authentication  Add a new primitive type principal  Dynamic Labels  Policies for dynamic principals  May need to examine label dynamically  Add a new primitive type label Zdancewic 93

  62. Interface to Outside World  Should reflect OS file permissions into security types  Requires dynamic test of access control  Legacy code is a problem  Interfaces need to be annotated with labels that soundly approximate information flow. Zdancewic 94

  63. Unix cat in Jif public static void main{}(String{}[]{} args) { String filename = args[0]; final principal p = Runtime.user(); final label lb; lb = new label{p:}; Runtime[p] runtime = Runtime.getRuntime(p); FileInputStream{*lb} fis = runtime.openFileRead(filename, lb); InputStreamReader{*lb} reader = new InputStreamReader{*lb}(fis); BufferedReader{*lb} br = new BufferedReader{*lb}(reader); PrintStream{*lb} out = runtime.out(); String line = br.readLine(); while (line != null) { out.println(line); line = br.readLine(); } } Zdancewic 95

  64. Jif Applications  Many small examples  Jif/split – distributed system extraction  Myers, Zdancewic, Zheng, Chong  Jif Web Servlet – web applications in Jif  Myers, Chong  Civitas – voting software  Myers, Clarkson  Distributed Poker  Sabelfeld et al.  JPMail  McDaniel, Hicks, et al.  More in progress… There is a Jif users mailing list. Zdancewic 96

  65. Outline  Defining information flow formally  A simple language for information-flow security  One proof of noninterference  Scaling up the language: features  Language-based security in practice  Secure program partitioning [Jump to other slides] Zdancewic 97

  66. Challenges  Integrating information flow with other kinds of security  Access control  Encryption  Concurrency and distributed programs  Threads can “observer” each other’s behavior  Information can leak through scheduler and through synchronization mechanisms.  Application of bisimulation & observational equivalence  Application of information-flow technology to distributed systems Zdancewic 98

  67. Other Recent work  Concurrency  Sabelfeld et al; Smith; Barthe et al; …  Declassification  Zdancewic & Myers; Sabelfeld, Sands; Banerjee & Nauman  Connections to cryptography  Sabelfeld et al.; Vaughan & Zdancewic; Fournet & Rezk; Laud Zdancewic 99

  68. Low-level Info.-flow Security  Java Bytecode  Barthe & Rezk; Naumann; …  Assembly language level  Medel, Compagnoni, Bonelli; Yu & Islam  See Gilles Barthe’s talks later this week… Zdancewic 100

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Course outline: the four hours 1. Language-Based Security: motivation 2. Language-Based

Course outline: the four hours 1. Language-Based Security: motivation 2. Language-Based

Course outline: the four hours 1. Language-Based Security: motivation 2. Language-Based Information-Flow Security: the big picture 3. Dimensions and principles of declassification 4. Dynamic vs. static security enforcement 1 Dimensions of

449 views • 30 slides
Course outline 1. Language-Based Security: motivation 2. Language-Based Information-Flow Security:

Course outline 1. Language-Based Security: motivation 2. Language-Based Information-Flow Security:

Course outline 1. Language-Based Security: motivation 2. Language-Based Information-Flow Security: the big picture 3. Dimensions and principles of declassification 4. Dynamic vs. static security enforcement 5. Tracking information flow in web

641 views • 30 slides
Cryptographic Analysis of TLS Kenny Paterson FOSAD 2013 Information Security Group 1 Outline

Cryptographic Analysis of TLS Kenny Paterson FOSAD 2013 Information Security Group 1 Outline

Cryptographic Analysis of TLS Kenny Paterson FOSAD 2013 Information Security Group 1 Outline TLS overview TLS Record Protocol Theory Attacks Security analysis TLS Handshake Protocol Security analysis Discussion 2

1.78k views • 173 slides
Verification of Security Protocols Part I eronique Cortier 1 V September, 2010 Fosad 2010 1

Verification of Security Protocols Part I eronique Cortier 1 V September, 2010 Fosad 2010 1

Introduction on security protocols Formal models Unbounded number of sessions Verification of Security Protocols Part I eronique Cortier 1 V September, 2010 Fosad 2010 1 LORIA, CNRS 1/65 V eronique Cortier Verification of Security

1.29k views • 111 slides
+ = Autonomous Sensing Board SENSOR Computer NODE FOSAD'09 2 Components of the sensor node

+ = Autonomous Sensing Board SENSOR Computer NODE FOSAD'09 2 Components of the sensor node

WSN Security Javier Lopez Computer Science Department University of Malaga Spain Sensor node FOSAD'09 1 Real World Computer SENSE Computer World Real World FOSAD'09 Sensor nodes + = Autonomous Sensing Board SENSOR Computer

1.1k views • 55 slides
Verification of Security Protocols Part II eronique Cortier 1 V September, 2010 Fosad 2010 1

Verification of Security Protocols Part II eronique Cortier 1 V September, 2010 Fosad 2010 1

Formal methods for protocols Cryptographic models Passive case Active case Verification of Security Protocols Part II eronique Cortier 1 V September, 2010 Fosad 2010 1 LORIA, CNRS 1/76 V eronique Cortier Verification of Security

1.92k views • 139 slides
Language/OS Based Security 1 Infrastructure 2 Security Abstraction Layers 3 OS Security

Language/OS Based Security 1 Infrastructure 2 Security Abstraction Layers 3 OS Security

Language/OS Based Security 1 Infrastructure 2 Security Abstraction Layers 3 OS Security Control 4 Abstraction Imperfections OS: Each process has exclusive access to its own CPU and memory Illusion!! A process may be able to

429 views • 21 slides
On-the-Fly Model Checking of Security Protocols and Web Services Luca Vigan Department of

On-the-Fly Model Checking of Security Protocols and Web Services Luca Vigan Department of

On-the-Fly Model Checking of Security Protocols and Web Services Luca Vigan Department of Computer Science University of Verona Fosad 2009 Luca Vigan (University of Verona) OFMC Fosad 2009 1 / 116 Joint work with Sebastian Mdersheim

805 views • 55 slides
Language-Based Information-Flow Security Presenter: Yiming Zhang Goal of this paper? This is a

Language-Based Information-Flow Security Presenter: Yiming Zhang Goal of this paper? This is a

Language-Based Information-Flow Security Presenter: Yiming Zhang Goal of this paper? This is a survey paper that studies the research on information-flow security, especially on work that uses static program analysis. Why language-based

585 views • 24 slides
Overview of Language-Based Security Bibliography Dan Grossman 13 October 2004 Papers are

Overview of Language-Based Security Bibliography Dan Grossman 13 October 2004 Papers are

Overview of Language-Based Security Bibliography Dan Grossman 13 October 2004 Papers are organized by topic, in the order of the presentation. There are more papers here than discussed in the presentation. Language-based security is a big

373 views • 8 slides
Institute for Cyber Security Towards An Attribute Based Constraints Specification Language

Institute for Cyber Security Towards An Attribute Based Constraints Specification Language

Institute for Cyber Security Towards An Attribute Based Constraints Specification Language Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio September 11, 2013 2013 ASE/IEEE

425 views • 17 slides
The language COMP 520 Fall 2008 The JOOS language (2) The Java language: was originally

The language COMP 520 Fall 2008 The JOOS language (2) The Java language: was originally

COMP 520 Fall 2008 The JOOS language (1) The language COMP 520 Fall 2008 The JOOS language (2) The Java language: was originally called Oak; was developed as a small, clean, OO language for programming consumer devices; was built

647 views • 35 slides
Risk-based Security BARRY KOUNS CEO AT RISK BASED SECURITY Session Overview Warm-up Quiz

Risk-based Security BARRY KOUNS CEO AT RISK BASED SECURITY Session Overview Warm-up Quiz

Risk Assessment the Heart of Risk-based Security BARRY KOUNS CEO AT RISK BASED SECURITY Session Overview Warm-up Quiz Introduction to our security challenge What is Risk-based Security? The language of risk some

787 views • 53 slides
Tradeoff between Performance and Security Alessandro Aldini University of Urbino Carlo Bo

Tradeoff between Performance and Security Alessandro Aldini University of Urbino Carlo Bo

Tradeoff between Performance and Security Alessandro Aldini University of Urbino Carlo Bo Italy Foundations of Security Analysis and Design (FOSAD) 3 September 2011, Bertinoro Outline Introduction 1 Motivation Different Views of

865 views • 64 slides
Foundations of Language Science and Technology Introduction Alexander Koller October 24, 2008

Foundations of Language Science and Technology Introduction Alexander Koller October 24, 2008

Foundations of Language Science and Technology Introduction Alexander Koller October 24, 2008 based in part on slides by Hans Uszkoreit Language is the Medium What happens in between? semantics/pragmatics S VP NP NP V NP Det N A N

455 views • 14 slides
1 Electronic Pearl Harbor Is this just scare-mongering? Slammer worm took down Bank of

1 Electronic Pearl Harbor Is this just scare-mongering? Slammer worm took down Bank of

Website: http://www.richmond.edu/~dszajda/classes/cs334/ Fall_2008/main.html Fall 2008 Fall 2008 CS 334 Computer Security 1 Fall 2008 CS 334 Computer Security 2 Text: Security in Computing by Charles P. Thanks to Anthony Joseph, Doug and

278 views • 6 slides
Information Flow ( Chapter 5 of the lecture notes) Erik Poll Digital Security group Radboud

Information Flow ( Chapter 5 of the lecture notes) Erik Poll Digital Security group Radboud

Software Security Information Flow ( Chapter 5 of the lecture notes) Erik Poll Digital Security group Radboud University Nijmegen Motivating example Imagine using a mobile phone app to 1. locate nearest hotel using google 2. book a room

589 views • 45 slides
I n t r o t o P o s t g r e S Q L S e c u r i t y NordicPGDay 2014 Stockholm, Sweden Stephen

I n t r o t o P o s t g r e S Q L S e c u r i t y NordicPGDay 2014 Stockholm, Sweden Stephen

I n t r o t o P o s t g r e S Q L S e c u r i t y NordicPGDay 2014 Stockholm, Sweden Stephen Frost sfrost@snowman.net Resonate, Inc. Digital Media PostgreSQL Hadoop techjobs@resonateinsights.com

954 views • 54 slides
Operating System Security It is also important to understand the operations and the

Operating System Security It is also important to understand the operations and the

Security risks exist for all operating systems and are not new. It is important to know the existing threats. Operating System Security It is also important to understand the operations and the vulnerabilities of your OS. Try to

214 views • 8 slides
Jack Chen Some content taken from a previous year's walkthrough by Prof. Adam Bates CS 423:

Jack Chen Some content taken from a previous year's walkthrough by Prof. Adam Bates CS 423:

CS 423Operating System Design: Introduction to Linux Kernel Programming (MP4 Walkthrough) Jack Chen Some content taken from a previous year's walkthrough by Prof. Adam Bates CS 423: Operating Systems Design Preliminaries Take stable snapshots

492 views • 33 slides
Neural Networks: Powerful yet Mysterious MNIST (hand-written digit recognition) Power lies

Neural Networks: Powerful yet Mysterious MNIST (hand-written digit recognition) Power lies

Neural Networks: Powerful yet Mysterious MNIST (hand-written digit recognition) Power lies in the The working mechanism complexity of DNN is hard to understand 3-layer DNN with 10K neurons and 25M weights DNNs work as black-

459 views • 16 slides
Improving Usability of Information Flow Security in Java Mark Thober Joint work with Scott F.

Improving Usability of Information Flow Security in Java Mark Thober Joint work with Scott F.

Mark Thober June 14, 2007 Improving Usability of Information Flow Security in Java Mark Thober Joint work with Scott F. Smith Department of Computer Science Johns Hopkins University PLAS 07 1 Mark Thober June 14, 2007 Motivation

580 views • 37 slides
Expertise knowledge-based Policy Refinement Process T. Rochaeli and C. Eckert Technische

Expertise knowledge-based Policy Refinement Process T. Rochaeli and C. Eckert Technische

Expertise knowledge-based Policy Refinement Process T. Rochaeli and C. Eckert Technische Universitt Darmstadt 25.06.2007 POLICY '07, Bologna, Italy 1 Workflow and Kripke Model Workflow: computerized facilitation or automation of a

356 views • 13 slides
Review of External Security Models Michael McCool Intel Osaka, W3C Web of Things F2F, 17 May

Review of External Security Models Michael McCool Intel Osaka, W3C Web of Things F2F, 17 May

Review of External Security Models Michael McCool Intel Osaka, W3C Web of Things F2F, 17 May 2017 Purpose WoT charter: The scope of the Working Group is restricted to APIs and security frameworks that are applicable across platforms. We will

87 views • 8 slides

More recommend