Secrecy by typing in security protocols

Secrecy by typing in security protocols (1999)

by M Abadi

Venue:

J ACM

Add To MetaCart

Results 1 - 10 of 273

Language-Based Information-Flow Security

by Andrei Sabelfeld , Andrew C. Myers - IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS , 2003

"... Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important security policies such as confidentiality. An end-to-end confidentiality policy might assert that secret input data cannot be inferred by an attacker throug ..."

Abstract - Cited by 827 (57 self) - Add to MetaCart

Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important security policies such as confidentiality. An end-to-end confidentiality policy might assert that secret input data cannot be inferred by an attacker through the attacker's observations of system output; this policy regulates information flow.

Jflow: Practical mostly-static information flow control.

by Andrew C Myers - In Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, , 1999

"... Abstract A promising technique for protecting privacy and integrity of sensitive data is to statically check information flow within programs that manipulate the data. While previous work has proposed programming language extensions to allow this static checking, the resulting languages are too res ..."

Abstract - Cited by 584 (33 self) - Add to MetaCart

Abstract A promising technique for protecting privacy and integrity of sensitive data is to statically check information flow within programs that manipulate the data. While previous work has proposed programming language extensions to allow this static checking, the resulting languages are too restrictive for practical use and have not been implemented. In this paper, we describe the new language JFlow, an extension to the Java language that adds statically-checked information flow annotations. JFlow provides several new features that make information flow checking more flexible and convenient than in previous models: a decentralized label model, label polymorphism, run-time label checking, and automatic label inference. JFlow also supports many language features that have never been integrated successfully with static information flow control, including objects, subclassing, dynamic type tests, access control, and exceptions. This paper defines the JFlow language and presents formal rules that are used to check JFlow programs for correctness. Because most checking is static, there is little code space, data space, or run-time overhead in the JFlow implementation.

(Show Context)

An Efficient Cryptographic Protocol Verifier Based on Prolog Rules

by Bruno Blanchet - IN 14TH IEEE COMPUTER SECURITY FOUNDATIONS WORKSHOP (CSFW-14 , 2001

"... We present a new automatic cryptographic protocol verifier based on a simple representation of the protocol by Prolog rules, and on a new efficient algorithm that determines whether a fact can be proved from these rules or not. This verifier proves secrecy properties of the protocols. Thanks to its ..."

Abstract - Cited by 391 (11 self) - Add to MetaCart

We present a new automatic cryptographic protocol verifier based on a simple representation of the protocol by Prolog rules, and on a new efficient algorithm that determines whether a fact can be proved from these rules or not. This verifier proves secrecy properties of the protocols. Thanks to its use of unification, it avoids the problem of the state space explosion. Another advantage is that we do not need to limit the number of runs of the protocol to analyze it. We have proved the correctness of our algorithm, and have implemented it. The experimental results show that many examples of protocols of the literature, including Skeme [24], can be analyzed by our tool with very small resources: the analysis takes from less than 0.1 s for simple protocols to 23 s for the main mode of Skeme. It uses less than 2 Mb of memory in our tests.

Mobile Values, New Names, and Secure Communication

by Martín Abadi, Cédric Fournet , 2001

"... We study the interaction of the "new" construct with a rich but common form of (first-order) communication. This interaction is crucial in security protocols, which are the main motivating examples for our work; it also appears in other programming-language contexts. Specifically, we intro ..."

Abstract - Cited by 372 (17 self) - Add to MetaCart

We study the interaction of the "new" construct with a rich but common form of (first-order) communication. This interaction is crucial in security protocols, which are the main motivating examples for our work; it also appears in other programming-language contexts. Specifically, we introduce a simple, general extension of the pi calculus with value passing, primitive functions, and equations among terms. We develop semantics and proof techniques for this extended language and apply them in reasoning about some security protocols.

Protecting privacy using the decentralized label model

by Andrew C. Myers, Barbara Liskov - ACM Transactions on Software Engineering and Methodology , 2000

"... Stronger protection is needed for the confidentiality and integrity of data, because programs containing untrusted code are the rule rather than the exception. Information flow control allows the enforcement of end-to-end security policies, but has been difficult to put into practice. This article d ..."

Abstract - Cited by 288 (27 self) - Add to MetaCart

Stronger protection is needed for the confidentiality and integrity of data, because programs containing untrusted code are the rule rather than the exception. Information flow control allows the enforcement of end-to-end security policies, but has been difficult to put into practice. This article describes the decentralized label model, a new label model for control of information flow in systems with mutual distrust and decentralized authority. The model improves on existing multilevel security models by allowing users to declassify information in a decentralized way, and by improving support for fine-grained data sharing. It supports static program analysis of information flow, so that programs can be certified to permit only acceptable information flows, while largely avoiding the overhead of run-time checking. The article introduces the language Jif, an extension to Java that provides static checking of information flow using the decentralized label model.

The slam calculus: programming with secrecy and integrity

by Nevin Heintze, Jon G. Riecke - In POPL ’98: Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages , 1998

"... The SLam calculus is a typed λ-calculus that maintains security information as well as type information. The type system propagates security information for each object in four forms: the object’s creators and readers, and the object’s indirect creators and readers (i.e., those agents who, through f ..."

Abstract - Cited by 274 (1 self) - Add to MetaCart

The SLam calculus is a typed λ-calculus that maintains security information as well as type information. The type system propagates security information for each object in four forms: the object’s creators and readers, and the object’s indirect creators and readers (i.e., those agents who, through flow-of-control or the actions of other agents, can influence or be influenced by the content of the object). We prove that the type system prevents security violations and give some examples of its power. 1

A Core Calculus of Dependency

by Martín Abadi , Anindya Banerjee, Nevin Heintze, Jon G. Riecke - IN PROC. 26TH ACM SYMP. ON PRINCIPLES OF PROGRAMMING LANGUAGES (POPL , 1999

"... Notions of program dependency arise in many settings: security, partial evaluation, program slicing, and call-tracking. We argue that there is a central notion of dependency common to these settings that can be captured within a single calculus, the Dependency Core Calculus (DCC), a small extension ..."

Abstract - Cited by 248 (21 self) - Add to MetaCart

Notions of program dependency arise in many settings: security, partial evaluation, program slicing, and call-tracking. We argue that there is a central notion of dependency common to these settings that can be captured within a single calculus, the Dependency Core Calculus (DCC), a small extension of Moggi's computational lambda calculus. To establish this thesis, we translate typed calculi for secure information flow, binding-time analysis, slicing, and call-tracking into DCC. The translations help clarify aspects of the source calculi. We also define a semantic model for DCC and use it to give simple proofs of noninterference results for each case.

Types for mobile ambients

by Luca Cardelli, Andrew D. Gordon - In Proc. 26th POPL , 1999

"... Java has demonstrated the utility of type systems for mobile code, and in particular their use and implications for security. Security properties rest on the fact that a well-typed Java program (or the corresponding verified bytecode) cannot cause certain kinds of damage. In this paper we provide a ..."

Abstract - Cited by 171 (15 self) - Add to MetaCart

Java has demonstrated the utility of type systems for mobile code, and in particular their use and implications for security. Security properties rest on the fact that a well-typed Java program (or the corresponding verified bytecode) cannot cause certain kinds of damage. In this paper we provide a type system for mobile computation, that is, for computation that is continuously active before and after movement. We show that a well-typed mobile computation cannot cause certain kinds of run-time fault: it cannot cause the exchange of values of the wrong kind, anywhere in a mobile system. 1

Analyzing Security Protocols with Secrecy . . .

by Martín Abadi, et al.

"... ..."

Abstract - Cited by 132 (15 self) - Add to MetaCart

Abstract not found

(Show Context)

Authenticity by typing for security protocols

by Andrew D. Gordon, Alan Jeffrey - Journal of Computer Security

"... We propose a new method to check authenticity properties of cryptographic protocols. First, code up the protocol in the spi-calculus of Abadi and Gordon. Second, specify authenticity properties by annotating the code with correspondence assertions in the style of Woo and Lam. Third, figure out types ..."

Abstract - Cited by 125 (18 self) - Add to MetaCart

We propose a new method to check authenticity properties of cryptographic protocols. First, code up the protocol in the spi-calculus of Abadi and Gordon. Second, specify authenticity properties by annotating the code with correspondence assertions in the style of Woo and Lam. Third, figure out types for the keys, nonces, and messages of the protocol. Fourth, check that the spi-calculus code is welltyped according to a novel type and effect system presented in this paper. Our main theorem guarantees that any welltyped protocol is robustly safe, that is, its correspondence assertions are true in the presence of any opponent expressible in spi. 1 Verifying Correspondences by Typing Spi We propose a new method for analysing authenticity

(Show Context)

Secrecy by typing in security protocols (1999)

Tools