CiteSeerX — Search Results — terminationinsensitive noninterference

Results 1 - 10 of 20

Termination-Insensitive Noninterference Leaks More Than Just a Bit

by Aslan Askarov, Sebastian Hunt, Andrei Sabelfeld, David Sands

"... Current tools for analysing information flow in programs build upon ideas going back to Denning’s work from the 70’s. These systems enforce an imperfect notion of information flow which has become known as termination-insensitive noninterference. Under this version of noninterference, information l ..."

Abstract - Cited by 75 (31 self) - Add to MetaCart

Current tools for analysing information flow in programs build upon ideas going back to Denning’s work from the 70’s. These systems enforce an imperfect notion of information flow which has become known as termination-insensitive noninterference. Under this version of noninterference, information

Reactive Noninterference

by Aaron Bohannon, Benjamin C. Pierce, Vilhelm Sjöberg, Stephanie Weirich, Steve Zdancewic

"... Many programs operate reactively, patiently waiting for user input, subsequently running for a while producing output, and eventually returning to a state where they are ready to accept another input (or perhaps diverging). When a reactive program communicates with multiple parties, we would like to ..."

Abstract - Cited by 33 (2 self) - Add to MetaCart

to be sure that it can be given secret information from one without leaking it to others. In this paper, we explore various definitions of noninterference for reactive programs and identify two of special interest—one corresponding to terminationinsensitive noninterference for a standard sequential language

Static analysis of non-interference in expressive low-level languages

by Peter Aldous, Matthew Might

"... Abstract. Early work in implicit information flow detection applied only to flat, procedureless languages with structured control-flow (e.g., if statements, while loops). These techniques have yet to be adequately extended and generalized to expressive languages with interprocedural, exceptional and ..."

Abstract - Add to MetaCart

interprocedural and exceptional boundaries, this analysis uses a projection of a small-step abstract inter-preter’s rich state graph instead of the control-flow graph typically used for such purposes in weaker linguistic settings. We present a proof of termination-insensitive non-interference. To our knowledge

Dynamic vs. static flow-sensitive security analysis

by Alejandro Russo, Andrei Sabelfeld , 2010

"... This paper seeks to answer fundamental questions about trade-offs between static and dynamic security analysis. It has been previously shown that flow-sensitive static information-flow analysis is a natural generalization of flowinsensitive static analysis, which allows accepting more secure program ..."

Abstract - Cited by 63 (14 self) - Add to MetaCart

the literature. We present a general framework for hybrid mechanisms that is parameterized in the static part and in the reaction method of the enforcement (stop, suppress, or rewrite) and give security guarantees with respect to terminationinsensitive noninterference for a simple language with output.

From dynamic to static and back: Riding the roller coaster of information-flow control research

by Andrei Sabelfeld, Alejandro Russo , 2009

"... Historically, dynamic techniques are the pioneers of the area of information flow in the 70’s. In their seminal work, Denning and Denning suggest a static alternative for information-flow analysis. Following this work, the 90’s see the domination of static techniques for information flow. The common ..."

Abstract - Cited by 58 (21 self) - Add to MetaCart

Denning-style analysis and dynamic enforcement have the same assurance: termination-insensitive noninterference.

Security types preserving compilation

by Gilles Barthe, Tamara. Rezk, Amitabh Basuy - In Proc. 5th International Conference on Verification, Model Checking and Abstract Interpretation, volume 2937 of LNCS , 2004

"... Starting from the seminal work of Volpano and Smith, there has been growing evidence that type systems may be used to enforce condentiality of programs through non-interference. However, most type systems operate on high-level languages and calculi, and \low-level lan-guages have not received much a ..."

Abstract - Cited by 31 (3 self) - Add to MetaCart

attention in studies of secure information ow " (Sabelfeld and Myers, [1]). Therefore, we introduce an information ow type system for a low-level language featuring jumps and calls, and show that the type system enforces termination-insensitive non-interference. Furthermore, information ow type

Securing timeout instructions in web applications

by Alejandro Russo, Andrei Sabelfeld - In Proc. IEEE Computer Security Foundations Symposium , 2009

"... Timeout mechanisms are a useful feature for web applications. However, these mechanisms need to be used with care because, if used as-is, they are vulnerable to timing attacks. This paper focuses on internal timing attacks, a particularly dangerous class of timing attacks, where the attacker needs n ..."

Abstract - Cited by 23 (13 self) - Add to MetaCart

by different browsers and motivate the need for a general security solution. We propose a foundation for such a solution in the form of a runtime monitor. We illustrate for a simple language that, while being more permissive than a typical static analysis, the monitor enforces termination-insensitive

Permissive dynamic information flow analysis

by Thomas H. Austin, Cormac Flanagan , 2009

"... A key challenge in dynamic information flow analysis is handling implicit flows, where code conditional on a private variable updates a public variable x. The naive approach of upgrading x to private results in x being partially leaked, where its value contains private data but its label might remai ..."

Abstract - Cited by 46 (3 self) - Add to MetaCart

for inferring these privatization operations and inserting them into the program source code. The combination of these techniques allows more programs to run to completion, while still guaranteeing termination-insensitive non-interference in a purely dynamic manner.

A Perspective on Information-Flow Control

by Daniel Hedin , Andrei Sabelfeld , 2011

"... Information-flow control tracks how information propagates through the program during execution to make sure that the program handles the information securely. Secure information flow is comprised of two related aspects: information confidentiality and information integrity — intuitively pertaining ..."

Abstract - Cited by 7 (2 self) - Add to MetaCart

of the state-of-the-art in confidentiality and integrity policies and their enforcement with a systematic formalization of four dominant formulations of noninterference: termination-insensitive, termination-sensitive, progress-insensitive, and progress-sensitive, cast in the setting of two minimal while

Relational decomposition

by Lennart Beringer - In 2nd ITP, volume 6898 of LNCS , 2011

"... Abstract. We introduce relational decomposition, a technique for formally reducing termination-insensitive relational program logics to unary logics, that is program logics for one-execution properties. Generalizing the approach of selfcomposition, we develop a notion of interpolants that decompose ..."

Abstract - Cited by 3 (1 self) - Add to MetaCart

Abstract. We introduce relational decomposition, a technique for formally reducing termination-insensitive relational program logics to unary logics, that is program logics for one-execution properties. Generalizing the approach of selfcomposition, we develop a notion of interpolants that decompose

Results 1 - 10 of 20

Tools