Securing Confidence With Data Escrow

In the past several years, the general public has had concerns about hacking and identity theft. Headlines in news media include computer system breaches at popular and respected companies like Target and universities like The University of California at Berkeley. This paper explores options available for providing the general public with the benefits of the information age while mitigating against the security risks. We begin with a discussion of it is reasonable for the general public to expect organizations engaged primarily in commerce to provide for their cybersecurity. We then look at how electronic transactions are currently secured. We conclude with a consideration of the “protocols” or “institutions” that might provide for security for consumers

Privacy, security, and trust issues in smart environments

Recent advances in networking, handheld computing and sensor technologies have driven forward research towards the realisation of Mark Weiser's dream of calm and ubiquitous computing (variously called pervasive computing, ambient computing, active spaces, the disappearing computer or context-aware computing). In turn, this has led to the emergence of smart environments as one significant facet of research in this domain. A smart environment, or space, is a region of the real world that is extensively equipped with sensors, actuators and computing components [1]. In effect the smart space becomes a part of a larger information system: with all actions within the space potentially affecting the underlying computer applications, which may themselves affect the space through the actuators. Such smart environments have tremendous potential within many application areas to improve the utility of a space. Consider the potential offered by a smart environment that prolongs the time an elderly or infirm person can live an independent life or the potential offered by a smart environment that supports vicarious learning

Specifying authentication using signal events in CSP

The formal analysis of cryptographic protocols has developed into a comprehensive body of knowledge, building on a wide variety of formalisms and treating a diverse range of security properties, foremost of which is authentication. The formal specification of authentication has long been a subject of examination. In this paper, we discuss the use of correspondence to formally specify authentication and focus on Schneider's use of signal events in the process algebra Communicating Sequential Processes (CSP) to specify authentication. The purpose of this effort is to strengthen this formalism further. We develop a formal structure for these events and use them to specify a general authentication property. We then develop specifications for recentness and injectivity as sub-properties, and use them to refine authentication further. Finally, we use signal events to specify a range of authentication definitions and protocol examples to clarify their use and make explicit related theoretical issues. our work is motivated by the desire to effectively analyse and express security properties in formal terms, so as to make them precise and clear. (C) 2008 Elsevier Ltd. All rights reserved

EDSL en Haskell para la programaci ́on segura respecto a la propiedad Delimited Release

La confidencialidad de la información manipulada por sistemas informáticos ha tomado mayor importancia con el uso creciente de aplicaciones a través de internet. Los mecanismos de seguridad tradicionales como control de acceso o criptografía no proveen protección punta a punta de los datos: funcionan eficientemente en limitar su acceso, pero no pueden hacer nada para evitar su propagación. Para complementar estos mecanismos de seguridad, surgen las técnicas de control de flujo de información (IFC, Information-Flow Control), las cuales permiten establecer garantías sobre la confidencialidad e integridad de los datos. analizando cómo fluye la información dentro del programa. En este contexto surgen políticas de confidencialidad que garantizan que la información confidencial no puede ser inferida a partir de los datos públicos. No-interferencia es un ejemplo de una política de seguridad. Lo interesante de esta propiedad es que puede ser chequeada de manera estática mediante un sistema de tipos, por lo tanto, cuando un programa tipa en ese sistema de tipos, significa que satisface la propiedad de seguridad. Para que los lenguajes de seguridad tengan utilidad práctica necesitamos mecanismos de desclasificación, en los cuales el flujo de información sea controlado y al mismo tiempo se permita liberar información confidencial a canales públicos, pero solo de manera permitida y controlada, la cual la propiedad de no-interferencia resulta ser demasiado restrictiva. Delimited Release es una propiedad de seguridad que garantiza que la desclasificación no puede ser usada para filtrar información de manera no deseada. El objetivo de esta tesina es desarrollar un lenguaje de dominio específico embebido en Haskell para escribir programas seguros respecto a la propiedad Delimited Release

Fifty years of Hoare's Logic

We present a history of Hoare's logic.Comment: 79 pages. To appear in Formal Aspects of Computin

Abstract Certification of Java Programs in Rewriting Logic

In this thesis we propose an abstraction based certification technique for Java programs which is based on rewriting logic, a very general logical and semantic framework efficiently implemented in the functional programming language Maude. We focus on safety properties, i.e. properties of a system that are defined in terms of certain events not happening, which we characterize as unreachability problems in rewriting logic. The safety policy is expressed in the style of JML, a standard property specification language for Java modules. In order to provide a decision procedure, we enforce finite-state models of programs by using abstract interpretation. Starting from a specification of the Java semantics written in Maude, we develop an abstraction based, finite-state operational semantics also written in Maude which is appropriate for program verification. As a by-product of the verification based on abstraction, a dependable safety certificate is delivered which consists of a set of rewriting proofs that can be easily checked by the code consumer by using a standard rewriting logic engine. The abstraction based proof-carrying code technique, called JavaPCC, has been implemented and successfully tested on several examples, which demonstrate the feasibility of our approach. We analyse local properties of Java methods: i.e. properties of methods regarding their parameters and results. We also study global confidentiality properties of complete Java classes, by initially considering non--interference and, then, erasure with and without non--interference. Non--interference is a semantic program property that assigns confidentiality levels to data objects and prevents illicit information flows from occurring from high to low security levels. In this thesis, we present a novel security model for global non--interference which approximates non--interference as a safety property.Alba Castro, MF. (2011). Abstract Certification of Java Programs in Rewriting Logic [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/13617Palanci

A formal approach to contract verification for high-integrity applications

Doctor of PhilosophyDepartment of Computing and Information SciencesJohn M. HatcliffHigh-integrity applications are safety- and security-critical applications developed for a variety of critical tasks. The correctness of these applications must be thoroughly tested or formally verified to ensure their reliability and robustness. The major properties to be verified for the correctness of applications include: (1) functional properties, capturing the expected behaviors of a software, (2) dataflow property, tracking data dependency and preventing secret data from leaking to the public, and (3) robustness property, the ability of a program to deal with errors during execution. This dissertation presents and explores formal verification and proof technique, a promising technique using rigorous mathematical methods, to verify critical applications from the above three aspects. Our research is carried out in the context of SPARK, a programming language designed for development of safety- and security-critical applications. First, we have formalized in the Coq proof assistant the dynamic semantics for a significant subset of the SPARK 2014 language, which includes run-time checks as an integral part of the language, as any formal methods for program specification and verification depend on the unambiguous semantics of the language. Second, we have formally defined and proved the correctness of run-time checks generation and optimization based on SPARK reference semantics, and have built the certifying tools within the mechanized proof infrastructure to certify the run-time checks inserted by the GNAT compiler frontend to guarantee the absence of run-time errors. Third, we have proposed a language-based information security policy framework and the associated enforcement algorithm, which is proved to be sound with respect to the formalized program semantics. We have shown how the policy framework can be integrated into SPARK 2014 for more advanced information security analysis