681 research outputs found
A Cut Principle for Information Flow
We view a distributed system as a graph of active locations with
unidirectional channels between them, through which they pass messages. In this
context, the graph structure of a system constrains the propagation of
information through it.
Suppose a set of channels is a cut set between an information source and a
potential sink. We prove that, if there is no disclosure from the source to the
cut set, then there can be no disclosure to the sink. We introduce a new
formalization of partial disclosure, called *blur operators*, and show that the
same cut property is preserved for disclosure to within a blur operator. This
cut-blur property also implies a compositional principle, which ensures limited
disclosure for a class of systems that differ only beyond the cut.Comment: 31 page
Type-based Dependency Analysis for JavaScript
Dependency analysis is a program analysis that determines potential data flow
between program points. While it is not a security analysis per se, it is a
viable basis for investigating data integrity, for ensuring confidentiality,
and for guaranteeing sanitization. A noninterference property can be stated and
proved for the dependency analysis. We have designed and implemented a
dependency analysis for JavaScript. We formalize this analysis as an
abstraction of a tainting semantics. We prove the correctness of the tainting
semantics, the soundness of the abstraction, a noninterference property, and
the termination of the analysis.Comment: Technical Repor
Information Flow for Security in Control Systems
This paper considers the development of information flow analyses to support
resilient design and active detection of adversaries in cyber physical systems
(CPS). The area of CPS security, though well studied, suffers from
fragmentation. In this paper, we consider control systems as an abstraction of
CPS. Here, we extend the notion of information flow analysis, a well
established set of methods developed in software security, to obtain a unified
framework that captures and extends system theoretic results in control system
security. In particular, we propose the Kullback Liebler (KL) divergence as a
causal measure of information flow, which quantifies the effect of adversarial
inputs on sensor outputs. We show that the proposed measure characterizes the
resilience of control systems to specific attack strategies by relating the KL
divergence to optimal detection techniques. We then relate information flows to
stealthy attack scenarios where an adversary can bypass detection. Finally,
this article examines active detection mechanisms where a defender
intelligently manipulates control inputs or the system itself in order to
elicit information flows from an attacker's malicious behavior. In all previous
cases, we demonstrate an ability to investigate and extend existing results by
utilizing the proposed information flow analyses
- …