21 research outputs found
Robust area coverage with connectivity maintenance
Robot swarms herald the ability to solve complex tasks using a large collection of simple devices. However, engineering a robotic swarm is far from trivial, with a major hurdle being the definition of the control laws leading to the desired globally coordinated behavior. Communication is a key element for coordination and it is considered one of the current most important challenges for swarm robotics. In this paper, we study the problem of maintaining robust swarm connectivity while performing a coverage task based on the Voronoi tessellation of an area of interest. We implement our methodology in a team of eight Khepera IV robots. With the assumptions that robots have a limited sensing and communication range - and cannot rely on centralized processing - we propose a tri-objective control law that outperforms other simpler strategies (e.g. a potential-based coverage) in terms of network connectivity, robustness to failure, and area coverage
Cryptographically Secure Information Flow Control on Key-Value Stores
We present Clio, an information flow control (IFC) system that transparently
incorporates cryptography to enforce confidentiality and integrity policies on
untrusted storage. Clio insulates developers from explicitly manipulating keys
and cryptographic primitives by leveraging the policy language of the IFC
system to automatically use the appropriate keys and correct cryptographic
operations. We prove that Clio is secure with a novel proof technique that is
based on a proof style from cryptography together with standard programming
languages results. We present a prototype Clio implementation and a case study
that demonstrates Clio's practicality.Comment: Full version of conference paper appearing in CCS 201
JRIF: Reactive Information Flow Control for Java
A reactive information flow (RIF) automaton for a value v specifies (i) allowed uses for v and (ii) the RIF automaton for any value that might be directly or indirectly derived from v. RIF automata thus specify how transforming a value alters how the result might be used. Such labels are more expressive than existing approaches for controlling downgrading. We devised a type system around RIF automata and incorporated it into Jif, a dialect of Java that supports a classic form of labels for information flow. By implementing a compiler for the resulting JRIF language, we demonstrate how easy it is to replace a classic information-flow type system by a more expressive RIF-based type system. We programmed two example applications in JRIF, and we discuss insights they provide into the benefits of RIF-based security labels.Supported in part by AFOSR grants F9550-06-0019 and FA9550-11-1-0137, National Science Foundation grants 0430161, 0964409, and CCF-0424422 (TRUST), ONR grants N00014-01- 1-0968 and N00014-09-1-0652, and grants from Microsoft
A Cryptographic Decentralized Label Model
Information-flow security policies are an appealing way of specifying confidentiality and integrity policies in information systems. Most previous work on language-based security has assumed that programs run in a closed, managed environment and that they use potentially unsafe constructs, such as declassification, to interface to external communication channels, perhaps after encrypting data to preserve its confidentiality. This situation is unsatisfactory for systems that need to communicate over untrusted channels or use untrusted persistent storage, since the connection between the cryptographic mechanisms used in the untrusted environment and the abstract security labels used in the trusted language environment is ad hoc and unclear.
This paper addresses this problem in three ways: First, it presents a simple, security-typed language with a novel mechanism called packages that provides an abstract means for creating opaque objects and associating them with security labels; well-typed programs in this language enforce noninterference. Second, it shows how to implement these packages using public-key cryptography. This implementation strategy uses a variant of Myers and Liskov\u27s decentralized label model, which supports a rich label structure in which mutually distrusting data owners can specify independent confidentiality and integrity requirements. Third, it demonstrates that this implementation of packages is sound with respect to Dolev-Yao style attackers-such an attacker cannot determine the contents of a package without possessing the appropriate keys, as determined by the security label on the package
A privacy-preserving design for sharing demand-driven patient datasets over permissioned blockchains and P2P secure transfer
Sharing patient datasets curated by health institutions is critical for the advance of monitoring, surveillance and research. However, patient data is sensitive data and it can only be released under certain conditions and with previous explicit consent. Privacy preserving data sharing provides techniques to distribute datasets minimizing the risk of identification of patients. However, the sharing of datasets is typically done without considering the needs or requests of data consumers. Blockchain technologies provide an opportunity to gather those requests and share and assemble datasets using privacy-preserving methods as data and requirements on anonymity match. The architecture and design of such a solution is described, assuming an underlying permissioned blockchain network where providers such as healthcare institutions deal with consent, patient preferences and anonymity guarantees, playing a mediator role to a network of organizations
Attacker Control and Impact for Confidentiality and Integrity
Language-based information flow methods offer a principled way to enforce
strong security properties, but enforcing noninterference is too inflexible for
realistic applications. Security-typed languages have therefore introduced
declassification mechanisms for relaxing confidentiality policies, and
endorsement mechanisms for relaxing integrity policies. However, a continuing
challenge has been to define what security is guaranteed when such mechanisms
are used. This paper presents a new semantic framework for expressing security
policies for declassification and endorsement in a language-based setting. The
key insight is that security can be characterized in terms of the influence
that declassification and endorsement allow to the attacker. The new framework
introduces two notions of security to describe the influence of the attacker.
Attacker control defines what the attacker is able to learn from observable
effects of this code; attacker impact captures the attacker's influence on
trusted locations. This approach yields novel security conditions for checked
endorsements and robust integrity. The framework is flexible enough to recover
and to improve on the previously introduced notions of robustness and qualified
robustness. Further, the new security conditions can be soundly enforced by a
security type system. The applicability and enforcement of the new policies is
illustrated through various examples, including data sanitization and
authentication