57 research outputs found
Formalization and Proof of Secrecy Properties
After looking at the security literature, you will find
secrecy is formalized in different ways, depending on
the application. Applications have threat models that
influence our choice of secrecy properties. A property
may be reasonable in one context and completely unsatisfactory
in another if other threats exist.
The primary goal of this panel is to foster discussion
on what sorts of secrecy properties arc appropriate for
different applications and to investigate what they have
in common. We also want to explore what is meant by
secrecy in different contexts. Perhaps there is enough
overlap among our threat models that we can begin to
identify some key secrecy properties for 'vidcr application.
Currently, secrecy is treated in rather ad hoc
ways. With some agreement among calculi for expressing
protocols and systems, we might even be able to
use one another's proof techniques for proving secrecy!
Four experts \Vere invited as panelists. Two panelists,
Riccardo Focardi and Martin Abadi, represent
formalizations of secrecy as demanded by secure systems
that aim to prohibit various channels, or insecure
information flows. More specifically, they represent
noninterference-based secrecy. The other two panelists,
Cathy Meadows and Jon Millen, represent formalizations
of secrecy for protocols based on the Dolev-Yao
threat model
Secure Introduction of One-way Functions
Conditions are given under which a one-way function can be used safely in a programming language. The security proof involves showing that secrets cannot be leaked easily by any program meeting the conditions unless breaking the one-way function is easy. The result is applied to a password system where passwords are stored in a public file as images under a one-way function
Lower Bounds on Type Checking Overloading
The article of record as published may be found at http://dx.doi.org/Smith has proposed an elegant extension of the ML type system for polymorphic functional languages with overloading. Type inference in his system requires solving a satisfiability problem that is undecidable if no restrictions are imposed on overloading. This short note explores the effect of recursion and the structure of type assumptions in overloadings on the problem's complexity
Provably-Secure Programming Languages for Remote Evaluation
Remote evaluation and dynamically-extensible systems pose serious safety and security risks.
Programming language design has a major role in overcoming some of these risks, hnportant
research areas include designing suitable languages for remote evaluation, identitying appropriate
security and safety properties for them, and developing provably-sound logics tor reasoning about
the properties in the context of separate compilation and dynamic linking
Modular network function virtualization
The article of record as published may be found at http://dx.doi.org/10.1109/INFCOMW.2017.81164992017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)Network functions like load balancers and stateful firewalls which traditionally have been packaged in a single proprietary device are now being virtualized in software across multiple physical devices networked together to achieve greater flexibility and scale. A virtualization can become very complex. Separating its definition from the software that implements it allows this complexity to be managed more easily. This paper describes some elementary behaviors that can be rigorously combined to produce modular definitions of new virtualizations. Behaviors are expressed using a new type of symbolic finite automaton called a λ-SFA. These automata can be formally analyzed and serve as a guide for synthesizing efficient code. As behaviors are combined, proofs of invariants for the result can leverage proofs of invariants for the elementary behaviors
A critique of type systems for global overloading
Proposed extensions of the ML type system to incorporate global overloading include the systems of Kae88, CD091, Smi9l, Kae92, Jon92 and those related to the design of the functional programming language Haskell WaB89, CH092, niP93. These systems have in common the notion of a constrained type scheme which in some is realized by type kinds and in others as explicit predicates. An analysis of these type systems reveals that some are unsound with regard to a suitable criterion for typability and some adopt a notion of type generality that is inconsistent with that of system ML DaM82. Type systems, Global overloadinghttp://archive.org/details/critiqueoftypesy00volpApproved for public release; distribution is unlimited
A lower bound for the intersection of regular forests
Regular Sigma X-forests continue to play an important role in programming languages, specifically in the design of type systems. They arise naturally as terms of constructor-based, recursive data types in logic and functional languages. Deciding whether the intersection of a sequence of regular Sigma X-forests is nonempty is an important problem in type inference. We show that this problem is PSPACE-hard and as a corollary that the problem of constructing a regular Sigma X-grammar representing their intersection is PSPACE-hard.http://archive.org/details/lowerboundforint00volpApproved for public release; distribution is unlimited
- …