Language-based Security: Information Flow Control 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.

Slides:

Advertisements

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Advertisements

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 10.

1 Programming Languages (CS 550) Mini Language Interpreter Jeremy R. Johnson.

Certified Typechecking in Foundational Certified Code Systems Susmit Sarkar Carnegie Mellon University.

ICE1341 Programming Languages Spring 2005 Lecture #6 Lecture #6 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

1 PROPERTIES OF A TYPE ABSTRACT INTERPRETATER. 2 MOTIVATION OF THE EXPERIMENT § a well understood case l type inference in functional programming à la.

3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.

The Application of Graph Criteria: Source Code  It is usually defined with the control flow graph (CFG)  Node coverage is used to execute every statement.

A Type System for Well-Founded Recursion Derek Dreyer Carnegie Mellon University POPL 2004 Venice, Italy.

Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu

Fall Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

Typed Assembly Languages COS 441, Fall 2004 Frances Spalding Based on slides from Dave Walker and Greg Morrisett.

1 Operational Semantics Mooly Sagiv Tel Aviv University Textbook: Semantics with Applications.

Course Review Anupam Datta CMU Fall A: Foundations of Security and Privacy.

Language-based Security Overview Anupam Datta CMU Fall A: Foundations of Security and Privacy.

Parametric Polymorphism COS 441 Princeton University Fall 2004.

Trust Management II Anupam Datta Fall A: Foundations of Security and Privacy.

Dr. Muhammed Al-Mulhem 1ICS ICS 535 Design and Implementation of Programming Languages Part 1 Fundamentals (Chapter 4) Operational Semantics ICS.

6/18/2015 4:21 AM Information Flow James Hook CS 591: Introduction to Computer Security.

6/20/ :09 PM Information Flow James Hook CS 591: Introduction to Computer Security.

1 Foundations of Software Design Lecture 23: Finite Automata and Context-Free Grammars Marti Hearst Fall 2002.

CS 711 Fall 2002 Programming Languages Seminar Andrew Myers 2. Noninterference 4 Sept 2002.

Feather-Weight Java COS 441 Princeton University Fall 2004.

Semantics with Applications Mooly Sagiv Schrirber html:// Textbooks:Winskel The.

Introduction and Syntax. Course objectives Discuss features of programming languages. Discuss how the features are implemented in a simple computer architecture.

Operational Semantics Semantics with Applications Chapter 2 H. Nielson and F. Nielson

Describing Syntax and Semantics

Toward A Mathematical Model of Computer Security Gina Duncanson Kevin Jonas Ben Lange John Loff-Peterson Ben Neigebauer.

CS223 Algorithms D-Term 2013 Instructor: Mohamed Eltabakh WPI, CS Introduction Slide 1.

Imperative Programming

PART I: overview material

Tracing and a Javascript VM Increasing the Performance of Web 3.0 Mohammad Soryani Mazandaran University of Science and Technology

Lecture 05: Theory of Automata:08 Kleene’s Theorem and NFA.

Semantics. Semantics is a precise definition of the meaning of a syntactically and type-wise correct program. Ideas of meaning: –Operational Semantics.

Program Analysis and Verification Spring 2014 Program Analysis and Verification Lecture 4: Axiomatic Semantics I Roman Manevich Ben-Gurion University.

Programming Languages and Design Lecture 3 Semantic Specifications of Programming Languages Instructor: Li Ma Department of Computer Science Texas Southern.

Semantics In Text: Chapter 3.

CS6133 Software Specification and Verification

Types and Programming Languages Lecture 12 Simon Gay Department of Computing Science University of Glasgow 2006/07.

Specifying Languages Our aim is to be able to specify languages for use in the computer. The sketch of an FSA is easy for us to understand, but difficult.

Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The syllabus and all lectures for this course are copyrighted materials and may not be used.

Just Enough Type Theory or, Featherweight Java A Simple Formal Model of Objects Jonathan Aldrich

Semantic Analysis II Type Checking EECS 483 – Lecture 12 University of Michigan Wednesday, October 18, 2006.

CSE 130 : Spring 2011 Programming Languages Ranjit Jhala UC San Diego Lecture 5: Functions and Closures.

CS412/413 Introduction to Compilers Radu Rugina Lecture 13 : Static Semantics 18 Feb 02.

Operational Semantics Mooly Sagiv Tel Aviv University Textbook: Semantics with Applications Chapter.

Louden’s Simple Language for Describing Formal Semantics program → stmt-list stmt-list → stmt ‘;’ stmt-list | stmt stmt → assign-stmt | if-stmt | while-stmt.

Prof. Necula CS 164 Lecture 171 Operational Semantics of Cool ICOM 4029 Lecture 10.

Operational Semantics Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.

1 Aspectual Caml an Aspect-Oriented Functional Language Hideaki Tatsuzawa Hidehiko Masuhara Akinori Yonezawa University of Tokyo.

CS5205Semantics1 CS5205: Foundation in Programming Languages Semantics Static Semantics Dynamic Semantics Operational Semantics Big-step Small-Step Denotational.

Operational Semantics Mooly Sagiv Reference: Semantics with Applications Chapter 2 H. Nielson and F. Nielson

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Secure Information Flow for Reactive Programming Paradigm Zhengqin Luo SAFA workshop 2009.

Language-Based Security: Overview of Types Deepak Garg Foundations of Security and Privacy October 27, 2009.

Functional Programming

Operational Semantics of Scheme

Denotational Semantics

Topic: Python’s building blocks -> Variables, Values, and Types

CPSC 388 – Compiler Design and Construction

Typed Arithmetic Expressions

Information Security CS 526

CSCE 330 Programming Language Structures Ch.2: Syntax and Semantics

Semantics In Text: Chapter 3.

Language-based Security

Information Security CS 526

Information Security CS 526

Expressive Power of CCS

Presentation transcript:

Language-based Security: Information Flow Control 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009

Lecture Outline Information Flow Control (IFC)  Security definition  Non-interference [Goguen-Meseguer82]  Language-based enforcement  Type system [Volpano-Smith-Irvine96] based on prior work [Denning-Denning77]

IFC in Tax Preparation Software

Definition of Security  Non-interference (idea) Program HI LI HO LO HI’ HO’ No information flows from high inputs to low outputs Security levels: H: Classified L: Unclassified

Example if x = 1 then y:=1 else y:=0 NoLH YesHL LL HH NIyx

Specification and Enforcement  Approach  Use a typed programming language  Types represent security levels  H, L,…  Sub-typing captures partial order among security levels  L  H  Type system captures allowed information flows  Soundness theorem  Well-typed programs satisfy non-interference

Language Definition  Syntax  Type System  Operational Semantics  Soundness Theorem  Well typed programs satisfy non-interference

Syntax (I)

Syntax (II) We will focus on the special case where type  is either H or L and L  H

Type System (I)  Typing judgment

Type system (II)

Type System (III)

Example if x = 1 then y:=1 else y:=0 NoLH YesHL LL HH NIyx Will justify rows 1 & 2

Example with types Key rules used are (ASSIGN) and (IF)

Type System (IV)

Example if x = 1 then y:=1 else y:=0 NoLH YesHL LL HH NIyx Will justify rows 3 & 4

Example with types  Suppose x: L var and y: H var 1. Use (ASSIGN), (CMD-), (SUBTYPE) to infer (y:=1): L cmd and (y:=0): L cmd 2. Now use (IF) rule  x: H var and y: L var is not well-typed as expected L  H

Operational Semantics (I)   is memory: a function from locations to values   (l) is contents of location l  Judgments 1. Evaluating expression e in memory  yields value n 2. Evaluating command c in memory  yields memory  ’ Program executes by evaluating expressions and commands

Operational Semantics (II)

Operational Semantics (III)

Soundness Theorem

Recall Non-interference Program HI LI HO LO HI’ HO’ No information flows from high inputs to low outputs Security levels: H: Classified L: Unclassified

Practical Languages for IFC  Jif [Liskov-Myers et al.]  Java + information flow   Flow Caml [Pottier-Simonet]  Extends OCaml language with type system for tracing information flow 

Web Security: A Domain for IFC Brendan Eich, Chief Technology Officer, Mozilla Corp. Improving JavaScript's Default Security Model with Information Flow, CSF 2009 Invited talk

Thanks Questions?

Formal definition System is deterministic finite state machine: takes input and transitions to next state producing output Trace tr is a sequence of inputs and outputs (high & low) Output L (S,tr,c): low output of system S when input c is applied to the state corresponding to trace tr purge HI (tr): returns a trace with all high inputs in tr removed

Programming Language Definition  Syntax and Static Semantics (or “well-formed programs”)  Syntax of types and terms  Type system  Semantics (or “meaning of programs”)  Operational or dynamic semantics (Defines how programs execute)  Type Safety  Well-typed programs do not get stuck, i.e., they either terminate or keep reducing following the operational semantics

Language Definition Examples  Syntax, Semantics (Static, Dynamic)  ML:  R. Milner, M. Tofte, R. Harper, and D. MacQueen, The Definition of Standard ML (Revised). MIT Press, 1997  Java:  J. Alves-Foss (Ed.), Formal Syntax and Semantics of Java. LNCS 1523, 1999