13 research outputs found
Possibilistic Information Flow Control for Workflow Management Systems
In workflows and business processes, there are often security requirements on
both the data, i.e. confidentiality and integrity, and the process, e.g.
separation of duty. Graphical notations exist for specifying both workflows and
associated security requirements. We present an approach for formally verifying
that a workflow satisfies such security requirements. For this purpose, we
define the semantics of a workflow as a state-event system and formalise
security properties in a trace-based way, i.e. on an abstract level without
depending on details of enforcement mechanisms such as Role-Based Access
Control (RBAC). This formal model then allows us to build upon well-known
verification techniques for information flow control. We describe how a
compositional verification methodology for possibilistic information flow can
be adapted to verify that a specification of a distributed workflow management
system satisfies security requirements on both data and processes.Comment: In Proceedings GraMSec 2014, arXiv:1404.163
Formal verification of side-channel countermeasures using self-composition
Formal verification of cryptographic software implementations poses significant challenges for off-the-shelf tools. This is due to the domain-specific characteristics of the code, involving aggressive optimizations and non-functional security requirements, namely the critical aspect of countermeasures against side-channel attacks. In this paper, we extend previous results supporting the practicality of self-composition proofs of non-interference and generalizations thereof. We tackle the formal verification of high-level security policies adopted in the implementation of the recently proposed NaCl cryptographic library. We formalize these policies and propose a formal verification approach based on self-composition, extending the range of security policies that could previously be handled using this technique. We demonstrate our results by addressing compliance with the NaCl security policies in real-world cryptographic code, highlighting the potential for automation of our techniques.This work was partially supported by project SMART, funded by ENIAC joint Undertaking (GA 120224)
Cryptographically Secure Information Flow Control on Key-Value Stores
We present Clio, an information flow control (IFC) system that transparently
incorporates cryptography to enforce confidentiality and integrity policies on
untrusted storage. Clio insulates developers from explicitly manipulating keys
and cryptographic primitives by leveraging the policy language of the IFC
system to automatically use the appropriate keys and correct cryptographic
operations. We prove that Clio is secure with a novel proof technique that is
based on a proof style from cryptography together with standard programming
languages results. We present a prototype Clio implementation and a case study
that demonstrates Clio's practicality.Comment: Full version of conference paper appearing in CCS 201
Attacker Control and Impact for Confidentiality and Integrity
Language-based information flow methods offer a principled way to enforce
strong security properties, but enforcing noninterference is too inflexible for
realistic applications. Security-typed languages have therefore introduced
declassification mechanisms for relaxing confidentiality policies, and
endorsement mechanisms for relaxing integrity policies. However, a continuing
challenge has been to define what security is guaranteed when such mechanisms
are used. This paper presents a new semantic framework for expressing security
policies for declassification and endorsement in a language-based setting. The
key insight is that security can be characterized in terms of the influence
that declassification and endorsement allow to the attacker. The new framework
introduces two notions of security to describe the influence of the attacker.
Attacker control defines what the attacker is able to learn from observable
effects of this code; attacker impact captures the attacker's influence on
trusted locations. This approach yields novel security conditions for checked
endorsements and robust integrity. The framework is flexible enough to recover
and to improve on the previously introduced notions of robustness and qualified
robustness. Further, the new security conditions can be soundly enforced by a
security type system. The applicability and enforcement of the new policies is
illustrated through various examples, including data sanitization and
authentication
Scheduler-Independent Declassification
Abstract The controlled declassification of secrets has received much attention in research on information-flow security, though mostly for se-quential programming languages. In this article, we aim at guarantee-ing the security of concurrent programs. We propose the novel security property WHAT&WHERE that allows one to limit what information may be declassified where in a program. We show that our property provides adequate security guarantees independent of the scheduling al-gorithm (which is non-trivial due to the refinement paradox) and present a security type system that reliably enforces the property. In a second scheduler-independence result, we show that an earlier proposed security condition is adequate for the same range of schedulers. These are the first scheduler-independence results in the presence of declassification.
First-Order Logic for Flow-Limited Authorization
We present the Flow-Limited Authorization First-Order Logic (FLAFOL), a logic
for reasoning about authorization decisions in the presence of information-flow
policies. We formalize the FLAFOL proof system, characterize its
proof-theoretic properties, and develop its security guarantees. In particular,
FLAFOL is the first logic to provide a non-interference guarantee while
supporting all connectives of first-order logic. Furthermore, this guarantee is
the first to combine the notions of non-interference from both authorization
logic and information-flow systems. All theorems in this paper are proven in
Coq.Comment: Coq code can be found at https://github.com/FLAFOL/flafol-co