Language-based Security Overview Anupam Datta CMU Fall 2007-08 18739A: Foundations of Security and Privacy.

Slides:

Advertisements

Similar presentations

Debugging Natural Semantics Specifications Adrian Pop and Peter Fritzson Programming Environment Laboratory Department of Computer and Information Science.

Advertisements

Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.

- Vasvi Kakkad.  Formal -  Tool for mathematical analysis of language  Method for precisely designing language  Well formed model for describing and.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.

Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu

Fall Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Language-based Security: Information Flow Control 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.

Comp 205: Comparative Programming Languages Semantics of Imperative Programming Languages denotational semantics operational semantics logical semantics.

Lecture 02 – Structural Operational Semantics (SOS) Eran Yahav 1.

Typed Assembly Languages COS 441, Fall 2004 Frances Spalding Based on slides from Dave Walker and Greg Morrisett.

Course Review Anupam Datta CMU Fall A: Foundations of Security and Privacy.

1 CS1001 Lecture Overview Java Programming Java Programming Midterm Review Midterm Review.

1 Enforcing Confidentiality in Low-level Programs Andrew Myers Cornell University.

PDDL: A Language with a Purpose? Lee McCluskey Department of Computing and Mathematical Sciences, The University of Huddersfield.

Programming Language Semantics Mooly SagivEran Yahav Schrirber 317Open space html://

Course Overview Anupam Datta CMU Fall A: Foundations of Security and Privacy.

CS 711 Fall 2002 Programming Languages Seminar Andrew Myers 2. Noninterference 4 Sept 2002.

Semantics with Applications Mooly Sagiv Schrirber html:// Textbooks:Winskel The.

Introduction and Syntax. Course objectives Discuss features of programming languages. Discuss how the features are implemented in a simple computer architecture.

Describing Syntax and Semantics

1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)

Models of Computation as Program Transformations Chris Chang

1 The Problem o Fluid software cannot be trusted to behave as advertised unknown origin (must be assumed to be malicious) known origin (can be erroneous.

02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.

Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.

Lecture 6 Software Testing and jUnit CS140 Dick Steflik.

© Janice Regan, CMPT 128, Jan CMPT 128 Introduction to Computing Science for Engineering Students Creating a program.

Mathematical Modeling and Formal Specification Languages CIS 376 Bruce R. Maxim UM-Dearborn.

1 Module Objective & Outline Module Objective: After completing this Module, you will be able to, appreciate java as a programming language, write java.

Reasoning about Information Leakage and Adversarial Inference Matt Fredrikson 1.

WSMX Execution Semantics Executable Software Specification Eyal Oren DERI

1 OCL Tools Supervised by Prof. Daniel Amyot May Khalil Nadia Spido Submitted to Professor Daniel Amyot in partial fulfillment of the requirements for.

1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.

Hassen Grati, Houari Sahraoui, Pierre Poulin DIRO, Université de Montréal Extracting Sequence Diagrams from Execution Traces using Interactive Visualization.

Programming Languages and Design Lecture 3 Semantic Specifications of Programming Languages Instructor: Li Ma Department of Computer Science Texas Southern.

Syntax and Semantics CIS 331 Syntax: the form or structure of the expressions, statements, and program units. Semantics: the meaning of the expressions,

Celluloid An interactive media sequencing language.

Formal Methods for Software Engineering Part II: Modelling & Analysis of System Behaviour.

Measuring a System’s Attack Surface Yin Shi. Overview Introduction State Machine Model Definitions and Examples Attack Surface Measurement Method Linux.

Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.

Generating Software Documentation in Use Case Maps from Filtered Execution Traces Edna Braun, Daniel Amyot, Timothy Lethbridge University of Ottawa, Canada.

Just Enough Type Theory or, Featherweight Java A Simple Formal Model of Objects Jonathan Aldrich

Prof. Hany H. Ammar, CSEE, WVU, and

Software Development Introduction

CSE 130 : Spring 2011 Programming Languages Ranjit Jhala UC San Diego Lecture 5: Functions and Closures.

T. Gregory BandyInteraction Machines SeminarFebruary 21, Union College - Computer Science Graduate Program Interaction Machines Are they more.

CS5205Semantics1 CS5205: Foundation in Programming Languages Semantics Static Semantics Dynamic Semantics Operational Semantics Big-step Small-Step Denotational.

CS Class 04 Topics  Selection statement – IF  Expressions  More practice writing simple C++ programs Announcements  Read pages for next.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Some of the utilities associated with the development of programs. These program development tools allow users to write and construct programs that the.

A Framework For Trusted Instruction Execution Via Basic Block Signature Verification Milena Milenković, Aleksandar Milenković, and Emil Jovanov Electrical.

Secure Information Flow for Reactive Programming Paradigm Zhengqin Luo SAFA workshop 2009.

Language-Based Security: Overview of Types Deepak Garg Foundations of Security and Privacy October 27, 2009.

Testing and Debugging UCT Department of Computer Science Computer Science 1015F Hussein Suleman March 2009.

Compilers Principles, Techniques, & Tools Taught by Jing Zhang

Formal Methods for Software Engineering

Module 30 (Unix/Linux Security Issues II)

Microprocessor and Assembly Language

Secure Software Development: Theory and Practice

Security in Java Real or Decaf? cs205: engineering software

Software Verification and Validation

Language-based Security

Software Verification and Validation

Compilers Principles, Techniques, & Tools Taught by Jing Zhang

Software Verification and Validation

String Analysis for JavaScript Programs Using JSAI

Drew Wyborski Programming Languages

Presentation transcript:

Language-based Security Overview Anupam Datta CMU Fall A: Foundations of Security and Privacy

Software System Security uGoal: Ensure security of software systems uDefinition of security What does “secure” mean? Our focus: non-interference uMethods for ensuring that software systems satisfy security definition Our focus: Typed programming languages

Popular Programming languages (I) uC Security vulnerabilities: buffer overflows, format string vulnerabilities, etc. What features of C cause these problems? Cyclone: A safe dialect of C [Morissett et al] TODAY

Popular Programming languages (II) uJava Does not suffer from C-style security vulnerabilities: buffer overflows, format string vulnerabilities, etc. Perfectly good Java program: login program sends password in the clear over the network (More subtle attack: Boneh-Brumley timing attack on SSL implementation – not Java) Which programs are “secure”?

Information flow uSecurity definition Non-interference [Goguen-Meseguer82] uEmbodiment in a programming language [Denning-Denning77] [Volpano-Smith-Irvine96] uExtending Java with information flow control Jif [Myers-Liskov97] 2 nd lecture 3 rd lecture TODAY

Main tool uTyped programming languages uNow: A quick overview uRelevant CMU courses : Type Systems for Programming Languages : Languages and Logics for Security

Programming Language Definition uSyntax (or “well-formed programs”) –Syntax of types and terms –Type system (or static semantics) uSemantics (or “meaning of programs”) Operational (Dynamic) –Program execution

Language Definition Examples uSyntax, Semantics (Static, Dynamic) uML: R. Milner, M. Tofte, R. Harper, and D. MacQueen, The Definition of Standard ML (Revised). MIT Press, 1997 uJava: J. Alves-Foss (Ed.), Formal Syntax and Semantics of Java. LNCS 1523, 1999

Simple Expression Language uSyntax uStatic Semantics (Type System)

Simple Expression Language uSemantics Operational/Dynamic

Type Safety 1. Preservation: Evaluation steps preserve types 2. Progress: Well-typed expressions are either values or can be further evaluated Relates static semantics to dynamic semantics

Type Systems Features uTools for reasoning about programs uClassification of terms into types provides static approximation of run- time behavior of the terms in a program uConservative: Can prove the absence of some bad program behaviors, but not their presence uTractable: Automated typecheckers typically built into compiler or linker

Cyclone uPresented by Kumar Avijit

Definition of Security uNon-interference (idea) Program HI LI HO LO HI’ HO’ No information flows from high inputs to low outputs

Formal definition System is deterministic finite state machine: takes input and transitions to next state producing output Trace tr is a sequence of inputs and outputs (high & low) Output L (S,tr,c): low output of system S when input c is applied to the state corresponding to trace tr purge HI (tr): returns a trace with all high inputs in tr removed

Thanks Questions?