12,955 research outputs found
A Design for a Security-typed Language with Certificate-based Declassification
This paper presents a calculus that supports information-flow security policies and certificate-based declassification. The decentralized label model and its downgrading mechanisms are concisely expressed in the polymorphic lambda calculus with subtyping (System F≾). We prove a conditioned version of the noninterference theorem such that authorization for declassification is justified by digital certificates from public-key infrastructures
Run-time Principals in Information-flow Type Systems
Information-flow type systems are a promising approach for enforcing strong end-to-end confidentiality and integrity policies. Such policies, however, are usually specified in term of static information—data is labeled high or low security at compile time. In practice, the confidentiality of data may depend on information available only while the system is running.
This paper studies language support for run-time principals, a mechanism for specifying information-flow security policies that depend on which principals interact with the system. We establish the basic property of noninterference for programs written in such language, and use run-time principals for specifying run-time authority in downgrading mechanisms such as declassification.
In addition to allowing more expressive security policies, run-time principals enable the integration of language-based security mechanisms with other existing approaches such as Java stack inspection and public key infrastructures. We sketch an implementation of run-time principals via public keys such that principal delegation is verified by certificate chains
Run-time Principals in Information-flow Type Systems
Information-flow type systems are a promising approach for enforcing strong end-to-end confidentiality and integrity policies. Such policies, however, are usually specified in terms of static information — data is labeled high or low security at compile time. In practice, the confidentiality of data may depend on information available only while the system is running.
This paper studies language support for run-time principals, a mechanism for specifying security policies that depend on which principals interact with the system. We establish the basic property of noninterference for programs written in such language, and use run-time principals for specifying run-time authority in downgrading mechanisms such as declassification.
In addition to allowing more expressive security policies, run-time principals enable the integration of language-based security mechanisms with other existing approaches such as Java stack inspection and public key infrastructures. We sketch an implementation of run-time principals via public keys such that principal delegation is verified by certificate chains
Opacity with Orwellian Observers and Intransitive Non-interference
Opacity is a general behavioural security scheme flexible enough to account
for several specific properties. Some secret set of behaviors of a system is
opaque if a passive attacker can never tell whether the observed behavior is a
secret one or not. Instead of considering the case of static observability
where the set of observable events is fixed off line or dynamic observability
where the set of observable events changes over time depending on the history
of the trace, we consider Orwellian partial observability where unobservable
events are not revealed unless a downgrading event occurs in the future of the
trace. We show how to verify that some regular secret is opaque for a regular
language L w.r.t. an Orwellian projection while it has been proved undecidable
even for a regular language L w.r.t. a general Orwellian observation function.
We finally illustrate relevancy of our results by proving the equivalence
between the opacity property of regular secrets w.r.t. Orwellian projection and
the intransitive non-interference property
Declassification of Faceted Values in JavaScript
This research addresses the issues with protecting sensitive information at the language level using information flow control mechanisms (IFC). Most of the IFC mechanisms face the challenge of releasing sensitive information in a restricted or limited manner. This research uses faceted values, an IFC mechanism that has shown promising flexibility for downgrading the confidential information in a secure manner, also called declassification.
In this project, we introduce the concept of first-class labels to simplify the declassification of faceted values. To validate the utility of our approach we show how the combination of faceted values and first-class labels can build various declassification mechanisms
On the Decidability of Non Interference over Unbounded Petri Nets
Non-interference, in transitive or intransitive form, is defined here over
unbounded (Place/Transition) Petri nets. The definitions are adaptations of
similar, well-accepted definitions introduced earlier in the framework of
labelled transition systems. The interpretation of intransitive
non-interference which we propose for Petri nets is as follows. A Petri net
represents the composition of a controlled and a controller systems, possibly
sharing places and transitions. Low transitions represent local actions of the
controlled system, high transitions represent local decisions of the
controller, and downgrading transitions represent synchronized actions of both
components. Intransitive non-interference means the impossibility for the
controlled system to follow any local strategy that would force or dodge
synchronized actions depending upon the decisions taken by the controller after
the last synchronized action. The fact that both language equivalence and
bisimulation equivalence are undecidable for unbounded labelled Petri nets
might be seen as an indication that non-interference properties based on these
equivalences cannot be decided. We prove the opposite, providing results of
decidability of non-interference over a representative class of infinite state
systems.Comment: In Proceedings SecCo 2010, arXiv:1102.516
- …