39,989 research outputs found
Recommended from our members
Termination-insensitive noninterference leaks more than just a bit
Current tools for analysing information flow in programs build upon ideas going back to Denning's work from the 70's. These systems enforce an imperfect notion of information flow which has become known as termination-insensitive noninterference. Under this version of noninterference, information leaks are permitted if they are transmitted purely by the program's termination behaviour (i.e., whether it terminates or not). This imperfection is the price to pay for having a security condition which is relatively liberal (e.g. allowing while-loops whose termination may depend on the value of a secret) and easy to check. But what is the price exactly? We argue that, in the presence of output, the price is higher than the “one bit” often claimed informally in the literature, and effectively such programs can leak all of their secrets. In this paper we develop a definition of termination-insensitive noninterference suitable for reasoning about programs with outputs. We show that the definition generalises “batch-job” style definitions from the literature and that it is indeed satisfied by a Denning-style program analysis with output. Although more than a bit of information can be leaked by programs satisfying this condition, we show that the best an attacker can do is a brute-force attack, which means that the attacker cannot reliably (in a technical sense) learn the secret in polynomial time in the size of the secret. If we further assume that secrets are uniformly distributed, we show that the advantage the attacker gains when guessing the secret after observing a polynomial amount of output is negligible in the size of the secret
Epistemic Protocols for Distributed Gossiping
Gossip protocols aim at arriving, by means of point-to-point or group
communications, at a situation in which all the agents know each other's
secrets. We consider distributed gossip protocols which are expressed by means
of epistemic logic. We provide an operational semantics of such protocols and
set up an appropriate framework to argue about their correctness. Then we
analyze specific protocols for complete graphs and for directed rings.Comment: In Proceedings TARK 2015, arXiv:1606.0729
Actor-network procedures: Modeling multi-factor authentication, device pairing, social interactions
As computation spreads from computers to networks of computers, and migrates
into cyberspace, it ceases to be globally programmable, but it remains
programmable indirectly: network computations cannot be controlled, but they
can be steered by local constraints on network nodes. The tasks of
"programming" global behaviors through local constraints belong to the area of
security. The "program particles" that assure that a system of local
interactions leads towards some desired global goals are called security
protocols. As computation spreads beyond cyberspace, into physical and social
spaces, new security tasks and problems arise. As networks are extended by
physical sensors and controllers, including the humans, and interlaced with
social networks, the engineering concepts and techniques of computer security
blend with the social processes of security. These new connectors for
computational and social software require a new "discipline of programming" of
global behaviors through local constraints. Since the new discipline seems to
be emerging from a combination of established models of security protocols with
older methods of procedural programming, we use the name procedures for these
new connectors, that generalize protocols. In the present paper we propose
actor-networks as a formal model of computation in heterogenous networks of
computers, humans and their devices; and we introduce Procedure Derivation
Logic (PDL) as a framework for reasoning about security in actor-networks. On
the way, we survey the guiding ideas of Protocol Derivation Logic (also PDL)
that evolved through our work in security in last 10 years. Both formalisms are
geared towards graphic reasoning and tool support. We illustrate their workings
by analysing a popular form of two-factor authentication, and a multi-channel
device pairing procedure, devised for this occasion.Comment: 32 pages, 12 figures, 3 tables; journal submission; extended
references, added discussio
Semantic and logical foundations of global computing: Papers from the EU-FET global computing initiative (2001–2005)
Overvew of the contents of the volume "Semantic and logical foundations of global computing
The Ethics of Lobbying: Testing an Ethical Framework for Advocacy in Public Relations
This study evaluates the ethical criteria lobbyists consider in their professional activities using Ruth Edgett’s model for ethically-desirable public relations advocacy. Data were collected from self-administered surveys of 222 registered lobbyists in Oregon. A factor analysis reduced 18 ethical criteria to seven underlying factors describing lobbyists’ ethical approaches to their work. Results indicate that lobbyists consider the following factors in their day-to-day professional activities: situation, strategy, argument, procedure, nature of lobbying, priority, and accuracy. This framework, derived from Edgett’s 10 criteria, illustrates the importance of context while incorporating ideas from recognized ethical theories
- …