{"title":"Language-based information erasure","authors":"Stephen Chong, A. Myers","doi":"10.1109/CSFW.2005.19","DOIUrl":"https://doi.org/10.1109/CSFW.2005.19","url":null,"abstract":"Real computing systems sometimes need to forget sensitive information. This paper explores the specification and semantics of information erasure policies, which impose a strong, end-to-end requirement that information be either erased or made less accessible. Simple lattice-based information flow policies, corresponding to a noninterference requirement, are augmented with the ability to express explicit erasure and declassification policies. Examples are given of applying this expressive policy language to real systems. The paper gives tools for reasoning about policy enforcement either statically or dynamically. Further, the significance of these policies to security is formally explained in terms of trace-based semantic security properties: generalizations of noninterference that accommodate erasure and declassification.","PeriodicalId":333912,"journal":{"name":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","volume":"261 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124272033","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Reconstruction of attacks against cryptographic protocols","authors":"Xavier Allamigeon, B. Blanchet","doi":"10.1109/CSFW.2005.25","DOIUrl":"https://doi.org/10.1109/CSFW.2005.25","url":null,"abstract":"We study an automatic technique for the verification of cryptographic protocols based on a Horn clause model of the protocol. This technique yields proofs valid for an unbounded number of sessions of the protocol. However, up to now, it gave no definite information when the proof failed. In this paper, we present an algorithm for reconstructing an attack against the protocol when the desired security property does not hold. We have proved soundness, termination, as well as a partial completeness result for our algorithm. We have also implemented it in the automatic protocol verifier ProVerif. As an extreme example, we could reconstruct an attack involving 200 parallel sessions against f/sup 200/g/sup 200/ protocol (Millen, 1999).","PeriodicalId":333912,"journal":{"name":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128379849","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"End-to-end availability policies and noninterference","authors":"Lantian Zheng, A. Myers","doi":"10.1109/CSFW.2005.16","DOIUrl":"https://doi.org/10.1109/CSFW.2005.16","url":null,"abstract":"This paper introduces the use of static information flow analysis for the specification and enforcement of end-to-end availability policies in programs. We generalize the decentralized label model, which is about confidentiality and integrity, to also include security policies for availability. These policies characterize acceptable risks by representing them as principals. We show that in this setting, a suitable extension of noninterference corresponds to a strong, end-to-end availability guarantee. This approach provides a natural way to specify availability policies and enables existing static dependency analysis techniques to be adapted for availability. The paper presents a simple language in which fine-grained information security policies can be specified as type annotations. These annotations can include requirements for all three major security properties: confidentiality, integrity, and availability. The type system for the language provably guarantees that any well-typed program has the desired noninterference properties, ensuring confidentiality, integrity, and availability.","PeriodicalId":333912,"journal":{"name":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","volume":"2016 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128035372","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Polynomial runtime in simulatability definitions","authors":"D. Hofheinz, J. Müller-Quade, Dominique Unruh","doi":"10.3233/JCS-2009-0354","DOIUrl":"https://doi.org/10.3233/JCS-2009-0354","url":null,"abstract":"We elaborate on the problem of polynomial runtime in simulatability definitions for multiparty computation. First, the need for a new definition is demonstrated by showing which problems occur with common definitions of polynomial runtime. Then, we give a definition which captures in an intuitive manner what it means for a protocol or an adversary to have polynomial runtime. We show that this notion is suitable for simulatability definitions for multiparty computation. In particular, a composition theorem is shown for this notion.","PeriodicalId":333912,"journal":{"name":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133188856","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Type annotations to improve stack-based access control","authors":"Tian Zhao, J. Boyland","doi":"10.1109/CSFW.2005.27","DOIUrl":"https://doi.org/10.1109/CSFW.2005.27","url":null,"abstract":"Java security architecture uses stack-based access control to protect security-sensitive resources. The architecture implements access control checks by inspecting the call stack to compute permission levels, which are used to decide whether to grant access to these resources. This implementation only considers the direct and indirect callers of sensitive methods that directly accesses the resources. However, it does not check the integrity of the variables used in the calls to these methods, nor does it help protect confidential values that might be returned by these calls. This paper proposes a type-based approach to strengthen stack-based access control. We use type annotations to track values originated from untrusted code such that these values will not be inputs to the sensitive methods when they are executed with high level of trust. We also use the annotations to protect confidential values from being accidentally revealed by trusted code. We give a static type system that checks these properties and augments existing dynamic stack-based checks. The hybrid approach is similar to so-called \"history-based access control\" without its run-time burden.","PeriodicalId":333912,"journal":{"name":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","volume":"324 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127569084","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Deciding knowledge in security protocols under (many more) equational theories","authors":"M. Abadi, V. Cortier","doi":"10.1109/CSFW.2005.14","DOIUrl":"https://doi.org/10.1109/CSFW.2005.14","url":null,"abstract":"In the analysis of security protocols, the knowledge of attackers is often described in terms of message deducibility and indistinguishability relations. In this paper, we pursue the study of these two relations. We establish general decidability theorems for both. These theorems require only loose, abstract conditions on the equational theory for messages. They subsume previous results for a syntactically defined class of theories that allows basic equations for functions such as encryption, decryption, and digital signatures. They also apply to many other useful theories, for example with blind digital signatures, homomorphic encryption, XOR, and other associative-commutative functions.","PeriodicalId":333912,"journal":{"name":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131233098","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"An encapsulated authentication logic for reasoning about key distribution protocols","authors":"I. Cervesato, C. Meadows, Dusko Pavlovic","doi":"10.1109/CSFW.2005.7","DOIUrl":"https://doi.org/10.1109/CSFW.2005.7","url":null,"abstract":"Authentication and secrecy properties are proved by very different methods: the former by local reasoning, leading to matching knowledge of all principals about the order of their actions, the latter by global reasoning towards the impossibility of knowledge of some data. Hence, proofs conceptually decompose in two parts, each encapsulating the other as an assumption. From this observation, we develop a simple logic of authentication that encapsulates secrecy requirements as assumptions. We apply it within the derivational framework to derive a large class of key distribution protocols based on the authentication properties of their components.","PeriodicalId":333912,"journal":{"name":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","volume":"406 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123877697","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Practical information flow control in Web-based information systems","authors":"Peng Li, S. Zdancewic","doi":"10.1109/CSFW.2005.23","DOIUrl":"https://doi.org/10.1109/CSFW.2005.23","url":null,"abstract":"This paper presents a practical application of language-based information-flow control, namely, a domain-specific Web scripting language designed for interfacing with databases. The primary goal is to provide strong enforcement of confidentiality and integrity policies: confidential data can be released only in permitted ways and trustworthy data must result from expected computations or conform to expected patterns. Such security policies are specified in the database layer and statically enforced for the rest of the system in an end-to-end fashion. In contrast with existing Web-scripting languages, which provide only ad hoc mechanisms for information security, the scripting language described here uses principles based on the well-studied techniques in information-flow type systems. However, because Web scripts often need to downgrade confidential data and manipulated untrusted user input, they require practical and convenient ways of downgrading secure data. To achieve this goal, the language allows safe downgrading according to downgrading policies specified by the programmer. This novel, pattern-based approach provides a practical instance of recent work on delimited release and relaxed noninterference and extends that work by accounting for integrity policies.","PeriodicalId":333912,"journal":{"name":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129865692","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Enforcing secure service composition","authors":"Massimo Bartoletti, P. Degano, G. Ferrari","doi":"10.1109/CSFW.2005.17","DOIUrl":"https://doi.org/10.1109/CSFW.2005.17","url":null,"abstract":"A static approach is proposed to study secure composition of software. We extend the /spl lambda/-calculus with primitives for invoking services that respect given security requirements. Security-critical code is enclosed in policy framings with a possibly nested, local scope. Policy framings enforce safety and liveness properties of execution histories. The actual histories that can occur at runtime are over-approximated by a type and effect system. These approximations are model-checked to verify policy framings within their scopes. This allows for removing any runtime execution monitor, and for selecting those services that match the security requirements.","PeriodicalId":333912,"journal":{"name":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125889281","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}