Formalization and Proof of Secrecy Properties

After looking at the security literature, you will find secrecy is formalized in different ways, depending on the application. Applications have threat models that influence our choice of secrecy properties. A property may be reasonable in one context and completely unsatisfactory in another if other threats exist. The primary goal of this panel is to foster discussion on what sorts of secrecy properties arc appropriate for different applications and to investigate what they have in common. We also want to explore what is meant by secrecy in different contexts. Perhaps there is enough overlap among our threat models that we can begin to identify some key secrecy properties for 'vidcr application. Currently, secrecy is treated in rather ad hoc ways. With some agreement among calculi for expressing protocols and systems, we might even be able to use one another's proof techniques for proving secrecy! Four experts \Vere invited as panelists. Two panelists, Riccardo Focardi and Martin Abadi, represent formalizations of secrecy as demanded by secure systems that aim to prohibit various channels, or insecure information flows. More specifically, they represent noninterference-based secrecy. The other two panelists, Cathy Meadows and Jon Millen, represent formalizations of secrecy for protocols based on the Dolev-Yao threat model

Secure Introduction of One-way Functions

Conditions are given under which a one-way function can be used safely in a programming language. The security proof involves showing that secrets cannot be leaked easily by any program meeting the conditions unless breaking the one-way function is easy. The result is applied to a password system where passwords are stored in a public file as images under a one-way function

Lower Bounds on Type Checking Overloading

The article of record as published may be found at http://dx.doi.org/Smith has proposed an elegant extension of the ML type system for polymorphic functional languages with overloading. Type inference in his system requires solving a satisfiability problem that is undecidable if no restrictions are imposed on overloading. This short note explores the effect of recursion and the structure of type assumptions in overloadings on the problem's complexity

Provably-Secure Programming Languages for Remote Evaluation

Remote evaluation and dynamically-extensible systems pose serious safety and security risks. Programming language design has a major role in overcoming some of these risks, hnportant research areas include designing suitable languages for remote evaluation, identitying appropriate security and safety properties for them, and developing provably-sound logics tor reasoning about the properties in the context of separate compilation and dynamic linking

Modular network function virtualization

The article of record as published may be found at http://dx.doi.org/10.1109/INFCOMW.2017.81164992017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)Network functions like load balancers and stateful firewalls which traditionally have been packaged in a single proprietary device are now being virtualized in software across multiple physical devices networked together to achieve greater flexibility and scale. A virtualization can become very complex. Separating its definition from the software that implements it allows this complexity to be managed more easily. This paper describes some elementary behaviors that can be rigorously combined to produce modular definitions of new virtualizations. Behaviors are expressed using a new type of symbolic finite automaton called a λ-SFA. These automata can be formally analyzed and serve as a guide for synthesizing efficient code. As behaviors are combined, proofs of invariants for the result can leverage proofs of invariants for the elementary behaviors

A critique of type systems for global overloading

Proposed extensions of the ML type system to incorporate global overloading include the systems of Kae88, CD091, Smi9l, Kae92, Jon92 and those related to the design of the functional programming language Haskell WaB89, CH092, niP93. These systems have in common the notion of a constrained type scheme which in some is realized by type kinds and in others as explicit predicates. An analysis of these type systems reveals that some are unsound with regard to a suitable criterion for typability and some adopt a notion of type generality that is inconsistent with that of system ML DaM82. Type systems, Global overloadinghttp://archive.org/details/critiqueoftypesy00volpApproved for public release; distribution is unlimited

A lower bound for the intersection of regular forests

Regular Sigma X-forests continue to play an important role in programming languages, specifically in the design of type systems. They arise naturally as terms of constructor-based, recursive data types in logic and functional languages. Deciding whether the intersection of a sequence of regular Sigma X-forests is nonempty is an important problem in type inference. We show that this problem is PSPACE-hard and as a corollary that the problem of constructing a regular Sigma X-grammar representing their intersection is PSPACE-hard.http://archive.org/details/lowerboundforint00volpApproved for public release; distribution is unlimited