452 research outputs found
Quantitative Information Flow as Safety and Liveness Hyperproperties
We employ Clarkson and Schneider's "hyperproperties" to classify various
verification problems of quantitative information flow. The results of this
paper unify and extend the previous results on the hardness of checking and
inferring quantitative information flow. In particular, we identify a subclass
of liveness hyperproperties, which we call "k-observable hyperproperties", that
can be checked relative to a reachability oracle via self composition.Comment: In Proceedings QAPL 2012, arXiv:1207.055
A Temporal Logic for Hyperproperties
Hyperproperties, as introduced by Clarkson and Schneider, characterize the
correctness of a computer program as a condition on its set of computation
paths. Standard temporal logics can only refer to a single path at a time, and
therefore cannot express many hyperproperties of interest, including
noninterference and other important properties in security and coding theory.
In this paper, we investigate an extension of temporal logic with explicit path
variables. We show that the quantification over paths naturally subsumes other
extensions of temporal logic with operators for information flow and knowledge.
The model checking problem for temporal logic with path quantification is
decidable. For alternation depth 1, the complexity is PSPACE in the length of
the formula and NLOGSPACE in the size of the system, as for linear-time
temporal logic
Robust Hyperproperty Preservation for Secure Compilation (Extended Abstract)
We map the space of soundness criteria for secure compilation based on the
preservation of hyperproperties in arbitrary adversarial contexts, which we
call robust hyperproperty preservation. For this, we study the preservation of
several classes of hyperproperties and for each class we propose an equivalent
"property-free" characterization of secure compilation that is generally better
tailored for proofs. Even the strongest of our soundness criteria, the robust
preservation of all hyperproperties, seems achievable for simple
transformations and provable using context back-translation techniques
previously developed for showing fully abstract compilation. While proving the
robust preservation of hyperproperties that are not safety requires such
powerful context back-translation techniques, for preserving safety
hyperproperties robustly, translating each finite trace prefix back to a source
context seems to suffice.Comment: PriSC'18 final versio
Emergent Behavior in Cybersecurity
We argue that emergent behavior is inherent to cybersecurity.Comment: 2 pages, HotSoS'2014 (2014 Symposium and Bootcamp on the Science of
Security
Deductive Controller Synthesis for Probabilistic Hyperproperties
Probabilistic hyperproperties specify quantitative relations between the
probabilities of reaching different target sets of states from different
initial sets of states. This class of behavioral properties is suitable for
capturing important security, privacy, and system-level requirements. We
propose a new approach to solve the controller synthesis problem for Markov
decision processes (MDPs) and probabilistic hyperproperties. Our specification
language builds on top of the logic HyperPCTL and enhances it with structural
constraints over the synthesized controllers. Our approach starts from a family
of controllers represented symbolically and defined over the same copy of an
MDP. We then introduce an abstraction refinement strategy that can relate
multiple computation trees and that we employ to prune the search space
deductively. The experimental evaluation demonstrates that the proposed
approach considerably outperforms HyperProb, a state-of-the-art SMT-based model
checking tool for HyperPCTL. Moreover, our approach is the first one that is
able to effectively combine probabilistic hyperproperties with additional
intra-controller constraints (e.g. partial observability) as well as
inter-controller constraints (e.g. agreements on a common action)
Robust Hyperproperty Preservation for Secure Compilation (Extended Abstract)
We map the space of soundness criteria for secure compilation based on the preservation of hyperproperties in arbitrary adversarial contexts, which we call robust hyperproperty preservation. For this, we study the preservation of several classes of hyperproperties and for each class we propose an equivalent "property-free" characterization of secure compilation that is generally better tailored for proofs. Even the strongest of our soundness criteria, the robust preservation of all hyperproperties, seems achievable for simple transformations and provable using context back-translation techniques previously developed for showing fully abstract compilation. While proving the robust preservation of hyperproperties that are not safety requires such powerful context back-translation techniques, for preserving safety hyperproperties robustly, translating each finite trace prefix back to a source context seems to suffice
- …