12 research outputs found
Enhancing privacy implementations of database enquiries
Privacy is an issue of increasing concern to the Inter- net user. To ensure the continued success of distributed information systems, a reliable information flow must be established in certified but immediately evident ways. We begin with basic consideration of the privacy problem in the general setting of database enquiries. From there, we develop a simple solution, which we illustrate with a simple implementation in the programming language Erlang, and conclude by providing an informal security analysis
Combining behavioural types with security analysis
Today's software systems are highly distributed and interconnected, and they
increasingly rely on communication to achieve their goals; due to their
societal importance, security and trustworthiness are crucial aspects for the
correctness of these systems. Behavioural types, which extend data types by
describing also the structured behaviour of programs, are a widely studied
approach to the enforcement of correctness properties in communicating systems.
This paper offers a unified overview of proposals based on behavioural types
which are aimed at the analysis of security properties
Security analysis of private data enquiries in Erlang
Privacy is an issue of increasing concern to the Inter- net user. To ensure the continued success of distributed information systems, a reliable information flow must be established in certified but immediately evident ways. We begin with basic consideration of the privacy problem in the general setting of database enquiries. From there, we develop a simple solution, which we illustrate with a simple implementation in the programming language Erlang. We first provide an informal security analysis that is then developed into a formal definition of a type system for noninterference
Logical Relations for Session-Typed Concurrency
Program equivalence is the fulcrum for reasoning about and proving properties
of programs. For noninterference, for example, program equivalence up to the
secrecy level of an observer is shown. A powerful enabler for such proofs are
logical relations. Logical relations only recently were adopted for session
types -- but exclusively for terminating languages. This paper scales logical
relations to general recursive session types. It develops a logical relation
for progress-sensitive noninterference (PSNI) for intuitionistic linear logic
session types (ILLST), tackling the challenges non-termination and concurrency
pose, and shows that logical equivalence is sound and complete with regard to
closure of weak bisimilarity under parallel composition, using a
biorthogonality argument. A distinguishing feature of the logical relation is
its stratification with an observation index (as opposed to a step or unfolding
index), a crucial shift to make the logical relation closed under parallel
composition in a concurrent setting. To demonstrate practicality of the logical
relation, the paper develops an information flow control (IFC) refinement type
system for ILLST, with support of secrecy-polymorphic processes, and shows that
well-typed programs are self-related by the logical relation and thus enjoy
PSNI. The refinement type system has been implemented in a type checker,
featuring local security theories to support secrecy-polymorphic processes.Comment: arXiv admin note: text overlap with arXiv:2208.1374
Verification of information flow security in cyber-physical systems
With a growing number of real-world applications that are dependent on computation, securing the information space has become a challenge. The security of information in such applications is often jeopardized by software and hardware failures, intervention of human subjects such as attackers, incorrect design specification and implementation, other social and natural causes. Since these applications are very diverse, often cutting across disciplines a generic approach to detect and mitigate these issues is missing. This dissertation addresses the fundamental problem of verifying information security in a class of real world applications of computation, the Cyber-physical systems (CPSs). One of the motivations for this work is the lack of a unified theory to specify and verify the complex interactions among various cyber and physical processes within a CPS. Security of a system is fundamentally characterized by the way information flows within the system. Information flow within a CPS is dependent on the physical response of the system and associated cyber control. While formal techniques of verifying cyber security exist, they are not directly applicable to CPSs due to their inherent complexity and diversity. This Ph.D. research primarily focuses on developing a uniform framework using formal tools of process algebras to verify security properties in CPSs. The merits in adopting such an approach for CPS analyses are three fold- i) the physical and continuous aspects and the complex CPS interactions can be modeled in a unified way, and ii) the problem of verifying security properties can be reduced to the problem of establishing suitable equivalences among the processes, and iii) adversarial behavior and security properties can be developed using the features like compositionality and process equivalence offered by the process algebras --Abstract, page iii