Programmeerimiskeeled turvalise ühisarvutuse rakenduste arendamiseks

Turvaline ühisarvutus on tehnoloogia, mis lubab mitmel sõltumatul osapoolel oma andmeid koos töödelda neis olevaid saladusi avalikustamata. Kui andmed on esitatud krüpteeritud kujul, tähendab see, et neid ei dekrüpteerita arvutuse käigus kordagi. Turvalise ühisarvutuse teoreetilised konstruktsioonid on teada olnud juba alates kaheksakümnendatest, kuid esimesed praktilised teostused ja rakendused, mis päris andmeid töötlesid, ilmusid alles natuke enam kui kümme aastat tagasi. Nüüdseks on turvalist ühisarvutust kasutatud mitmes praktilises rakenduses ning sellest on kujunenud oluline andmekaitsetehnoloogia. Turvalise ühisarvutuse rakenduste arendamine on keerukas. Vahendid, mis aitavad kaasa arendusprotsessile, on veel väga uued, ning raamistikud on sageli liiga aeglased praktiliste rakenduste jaoks. Rakendusi on endiselt võimelised arendama ainult krüptograafiaeksperdid. Käesoleva töö eesmärk on teha turvalise ühisarvutuse raamistikke paremaks ning muuta ühisarvutusrakenduste arendamist kergemaks. Väidame, et valdkon- naspetsiifiliste programmeerimiskeelte kasutamine võimaldab turvalise ühisarvu- tuse rakenduste ja raamistike ehitamist, mis on samaaegselt lihtsasti kasutatavad, hea jõudlusega, hooldatavad, usaldusväärsed ja võimelised suuri andmemahtusid töötlema. Peamise tulemusena esitleme kahte uut programmeerimiskeelt, mis on mõeldud turvalise ühisarvutuse jaoks. SecreC 2 on mõeldud turvalise ühisarvutuse rakendus- te arendamise lihtsustamiseks ja aitab kaasa sellele, et rakendused oleks turvalised ja efektiivsed. Teine keel on loodud turvalise ühisarvutuse protokollide arenda- miseks ning selle eesmärk on turvalise ühisarvutuse raamistikke paremaks muuta. Protokollide keel teeb raamistikke kiiremaks ja usaldusväärsemaks ning lihtsustab protokollide arendamist ja haldamist. Kirjeldame mõlemad keeled nii formaalselt kui mitteformaalselt. Näitame, kuidas mitmed rakendused ja prototüübid saavad neist keeltest kasu.Secure multi-party computation is a technology that allows several independent parties to cooperatively process their private data without revealing any secrets. If private inputs are given in encrypted form then the results will also be encrypted, and at no stage during processing are values ever decrypted. As a theoretical concept, the technology has been around since the 1980s, but the first practical implementations arose a bit more than a decade ago. Since then, secure multi-party computation has been used in practical applications, and has been established as an important method of data protection. Developing applications that use secure multi-party computation is challenging. The tools that help with development are still very young and the frameworks are often too slow for practical applications. Currently only experts in cryptography are able to develop secure multi-party applications. In this thesis we look how to improve secure multy-party computation frame- works and make the applications easier to develop. We claim that domain-specific programming languages enable to build secure multi-party applications and frame- works that are at the same time usable, efficient, maintainable, trustworthy, and practically scalable. The contribution of this thesis is the introduction of two new programming languages for secure multi-party computation. The SecreC 2 language makes secure multi-party computation application development easier, ensuring that the applications are secure and enabling them to be efficient. The second language is for developing low-level secure computation protocols. This language was created for improving secure multi-party computation frameworks. It makes the frameworks faster and more trustworthy, and protocols easier to develop and maintain. We give give both a formal and an informal overview of the two languages and see how they benefit multi-party applications and prototypes

Cryptographically Secure Information Flow Control on Key-Value Stores

We present Clio, an information flow control (IFC) system that transparently incorporates cryptography to enforce confidentiality and integrity policies on untrusted storage. Clio insulates developers from explicitly manipulating keys and cryptographic primitives by leveraging the policy language of the IFC system to automatically use the appropriate keys and correct cryptographic operations. We prove that Clio is secure with a novel proof technique that is based on a proof style from cryptography together with standard programming languages results. We present a prototype Clio implementation and a case study that demonstrates Clio's practicality.Comment: Full version of conference paper appearing in CCS 201

From Fine- to Coarse-Grained Dynamic Information Flow Control and Back, a Tutorial on Dynamic Information Flow

This tutorial provides a complete and homogeneous account of the latestadvances in fine- and coarse-grained dynamic information-flow control (IFC)security. Since the 70s, the programming language and the operating systemcommunities have proposed different IFC approaches. IFC operating systems trackinformation flows in a coarse-grained fashion, at the granularity of a process.In contrast, traditional language-based approaches to IFC are fine-grained:they track information flows at the granularity of program variables. Fordecades, researchers believed coarse-grained IFC to be strictly less permissivethan fine-grained IFC -- coarse-grained IFC systems seem inherently lessprecise because they track less information -- and so granularity appeared tobe a fundamental feature of IFC systems. We show that the granularity of thetracking system does not fundamentally restrict how precise or permissivedynamic IFC systems can be. To this end, we mechanize two mostly standardlanguages, one with a fine-grained dynamic IFC system and the other with acoarse-grained dynamic IFC system, and prove a semantics-preserving translationfrom each language to the other. In addition, we derive the standard securityproperty of non-interference of each language from that of the other via ourverified translation. These translations stand to have important implicationson the usability of IFC approaches. The coarse- to fine-grained direction canbe used to remove the label annotation burden that fine-grained systems imposeon developers, while the fine- to coarse-grained translation shows thatcoarse-grained systems -- which are easier to design and implement -- can trackinformation as precisely as fine-grained systems and provides an algorithm forautomatically retrofitting legacy applications to run on existingcoarse-grained systems.<br

A multi-user process interface system for a process control computer

This thesis describes a system to implement a distributed multi-user process interface to allow the PDP-11/23 computer in the Electrical Engineering department at UCT to be used for process control. The use of this system is to be shared between postgraduate students for research and undergraduates for doing real-time control projects. The interface may be used concurrently by several users, and access is controlled in such a way as to prevent users' programs from interfering with one another. The process interface hardware used was a GEC Micro-Media system, which is a stand-alone process interface system communicating with a host (the PDP-11/23) via a serial line. Hardware to drive a 600-metre serial link at 9600 baud between the PDP-11/23 and the Media interface was designed and built. The software system on the host, written in RTL/2, holds-all data from the interface in a resident common data-base and continually updates it. Access to the interface by applications programs is done indirectly by reading and writing to the database, for which purpose a library of user interface routines is provided. To allow future expansion and modification of the Media interface, software (also written in RTL/2) for an LSI-11 minicomputer interfaced to the Media bus was developed which emulates the operation of the GEC proprietary Micro-Media software. A program to download this software into the LSI-11 was written. A suite of diagnostic programs enables testing of the system hardware and software at various levels. To ease testing, teaching, and applications programming, a general-purpose simulation package for the simulation of analogue systems was developed, as well as graphics routines for use with a Tektronix 4010 plotting terminal. A. real-time computing project for a class of undergraduates was run in 1983. This project made extensive use of the system and demonstrated its viability

Automated Analysis of ARM Binaries using the Low-Level Virtual Machine Compiler Framework

Binary program analysis is a critical capability for offensive and defensive operations in Cyberspace. However, many current techniques are ineffective or time-consuming and few tools can analyze code compiled for embedded processors such as those used in network interface cards, control systems and mobile phones. This research designs and implements a binary analysis system, called the Architecture-independent Binary Abstracting Code Analysis System (ABACAS), which reverses the normal program compilation process, lifting binary machine code to the Low-Level Virtual Machine (LLVM) compiler\u27s intermediate representation, thereby enabling existing security-related analyses to be applied to binary programs. The prototype targets ARM binaries but can be extended to support other architectures. Several programs are translated from ARM binaries and analyzed with existing analysis tools. Programs lifted from ARM binaries are an average of 3.73 times larger than the same programs compiled from a high-level language (HLL). Analysis results are equivalent regardless of whether the HLL source or ARM binary version of the program is submitted to the system, confirming the hypothesis that LLVM is effective for binary analysis