Steve Zdancewic ESOP011 Secure Information Flow and CPS Steve Zdancewic Joint work with Andrew Myers Cornell University.

Slides:



Advertisements
Similar presentations
ICFP Principals in Programming Languages: A Syntactic Proof Technique Steve Zdancewic Dan Grossman and Greg Morrisett Cornell University.
Advertisements

Security of Multithreaded Programs by Compilation Tamara Rezk INDES Project, INRIA Sophia Antipolis Mediterranee Joint work with Gilles Barthe, Alejandro.
Information Flow and Covert Channels November, 2006.
Challenges for Information-flow Security* Steve Zdancewic University of Pennsylvania * This talk is an attempt to be provocative and controversial.
SSA and CPS CS153: Compilers Greg Morrisett. Monadic Form vs CFGs Consider CFG available exp. analysis: statement gen's kill's x:=v 1 p v 2 x:=v 1 p v.
Building Secure Distributed Systems The CIF model : Component Information Flow Lilia Sfaxi DCS Days - 26/03/2009.
Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.
Untrusted Hosts and Confidentiality: Secure Program Partitioning Steve Zdancewic Lantian Zheng Nathaniel Nystrom Andrew Myers Cornell University.
Towards Static Flow-based Declassification for Legacy and Untrusted Programs Bruno P. S. Rocha Sruthi Bandhakavi Jerry den Hartog William H. Winsborough.
CS412/413 Introduction to Compilers Radu Rugina Lecture 37: DU Chains and SSA Form 29 Apr 02.
Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.
Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu
IFC Inside: Retrofitting Languages with Dynamic Information Flow Control Stefan Heule, Deian Stefan, Edward Z. Yang, John C. Mitchell, Alejandro Russo.
Code Shape III Booleans, Relationals, & Control flow Copyright 2003, Keith D. Cooper, Ken Kennedy & Linda Torczon, all rights reserved. Students enrolled.
1 CS 312 – Lecture 28 Continuations –Probably the most confusing thing you’ve seen all semester… Course summary –Life after CS 312.
Information Flow, Security and Programming Languages Steve Steve Zdancewic.
Survey of Typed Assembly Language (TAL) Introduction and Motivation –Conventional untyped compiler < Typed intermediate languages –Typed intermediate language.
Typed Memory Management in a Calculus of Capabilities David Walker (with Karl Crary and Greg Morrisett)
1 Enforcing Confidentiality in Low-level Programs Andrew Myers Cornell University.
6/18/2015 4:21 AM Information Flow James Hook CS 591: Introduction to Computer Security.
Decentralized Robustness Stephen Chong Andrew C. Myers Cornell University CSFW 19 July 6 th 2006.
Strict Bidirectional Type Checking Adam Chlipala, Leaf Petersen, and Robert Harper.
6/20/ :09 PM Information Flow James Hook CS 591: Introduction to Computer Security.
Polyglot: An Extensible Compiler Framework for Java Nathaniel Nystrom, Michael R. Clarkson, and Andrew C. Myers Presentation by Aaron Kimball & Ben Lerner.
Generative type abstraction and type-level computation (Wrestling with System FC) Stephanie Weirich, Steve Zdancewic University of Pennsylvania Dimitrios.
Robust Declassification Steve Zdancewic Andrew Myers Cornell University.
A Type System for Expressive Security Policies David Walker Cornell University.
Harmless Advice Daniel S Dantas Princeton University with Prof. David Walker.
1 Ivan Lanese Computer Science Department University of Bologna Italy Concurrent and located synchronizations in π-calculus.
CS 711 Fall 2002 Programming Languages Seminar Andrew Myers 2. Noninterference 4 Sept 2002.
Data Abstraction and Object- Oriented Programming CS351 – Programming Paradigms.
Mechanized Metatheory for User- Defined Type Extensions Dan Marino, Brian Chin, Todd Millstein UCLA Gang Tan Boston College Robert J. Simmons, David Walker.
Control of Personal Information in a Networked World Rebecca Wright Boaz Barak Jim Aspnes Avi Wigderson Sanjeev Arora David Goodman Joan Feigenbaum ToNC.
Model Checking Lecture 5. Outline 1 Specifications: logic vs. automata, linear vs. branching, safety vs. liveness 2 Graph algorithms for model checking.
Software Engineering Tools and Methods Presented by: Mohammad Enamur Rashid( ) Mohammad Rashim Uddin( ) Masud Ur Rahman( )
Automatic Implementation of provable cryptography for confidentiality and integrity Presented by Tamara Rezk – INDES project - INRIA Joint work with: Cédric.
A Formal Model of Modularity in Aspect-Oriented Programming Jonathan Aldrich : Objects and Aspects Carnegie Mellon University.
3.2 – Solving Linear Equations by Graphing. Ex.1 Solve the equation by graphing. x – y = 1.
Towards a Logic for Wide- Area Internet Routing Nick Feamster Hari Balakrishnan.
Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign.
Secure Web Applications via Automatic Partitioning Stephen Chong, Jed Liu, Andrew C. Meyers, Xin Qi, K. Vikram, Lantian Zheng, Xin Zheng. Cornell University.
Security Policy What is a security policy? –Defines what it means for a system to be secure Formally: Partition system into –Secure (authorized) states.
Language-Based Information-Flow Security Richard Mancusi CSCI 297.
Containment and Integrity for Mobile Code Security policies as types Andrew Myers Fred Schneider Department of Computer Science Cornell University.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Language-Based Information- Flow Security Andrei Sabelfeld.
Reasoning about Information Leakage and Adversarial Inference Matt Fredrikson 1.
1 Dept of Information and Communication Technology Creating Objects in Flexible Authorization Framework ¹ Dep. of Information and Communication Technology,
“Software” Esterel Execution (work in progress) Dumitru POTOP-BUTUCARU Ecole des Mines de Paris
Containment and Integrity for Mobile Code End-to-end security, untrusted hosts Andrew Myers Fred Schneider Department of Computer Science Cornell University.
SECURE WEB APPLICATIONS VIA AUTOMATIC PARTITIONING S. Chong, J. Liu, A. C. Myers, X. Qi, K. Vikram, L. Zheng, X. Zheng Cornell University.
A Certifying Compiler and Pointer Logic Zhaopeng Li Software Security Lab. Department of Computer Science and Technology, University of Science and Technology.
12/9/20151 Programming Languages and Compilers (CS 421) Elsa L Gunter 2112 SC, UIUC Based in part on slides by Mattox.
Types and Programming Languages Lecture 11 Simon Gay Department of Computing Science University of Glasgow 2006/07.
10/23/2001Yale University1 Event-driven FRP Zhanyong Wan Joint work with Walid Taha and Paul Hudak Advisor: Paul Hudak O fficial G raduate S tudent T alk.
Getting Started in PL Design Research Stephanie Weirich University of Pennsylvania.
Shifting the Blame A blame calculus with delimited control Taro Sekiyama* Atsushi Igarashi Soichiro Ueda Kyoto University Gradual typing.
Certification of Programs for Secure Information Flow Dorothy & Peter Denning Communications of the ACM (CACM) 1977.
3/14/2016 8:37 PM Information Flow Epilog James Hook CS 591: Introduction to Computer Security.
Language-Based Information- Flow Security (Sabelfeld and Myers) “Practical methods for controlling information flow have eluded researchers for some time.”
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style JFlow: Practical Mostly-Static Information Flow Control.
An Efficient Compilation Framework for Languages Based on a Concurrent Process Calculus Yoshihiro Oyama Kenjiro Taura Akinori Yonezawa Yonezawa Laboratory.
Secure Information Flow for Reactive Programming Paradigm Zhengqin Luo SAFA workshop 2009.
Paper Reading Group:. Language-Based Information-Flow Security. A
Information Security CS 526
Code Shape III Booleans, Relationals, & Control flow
Language-based Security
Information Security CS 526
Information Security CS 526
Carmine Abate Rob Blanco Deepak Garg Cătălin Hrițcu Jérémy Thibault
Presentation transcript:

Steve Zdancewic ESOP011 Secure Information Flow and CPS Steve Zdancewic Joint work with Andrew Myers Cornell University

Steve Zdancewic ESOP012 Valuable Data On-line Internet and Connectivity –banks/brokerage firms – services –applets, plugins, etc. –… Creates problem of protection

Steve Zdancewic ESOP013 Protect It! Confidentiality –Data doesn't escape –Does my accounting software transmit my private information? Integrity –Trustworthiness of data –Does my accounting software use “bad” information to compute taxes?

Steve Zdancewic ESOP014 Information Flow Policies on information End-to-End –Once data is released to a program, must ensure that policy is obeyed. Need static analysis

Steve Zdancewic ESOP015 Security-Typed Languages Statically enforce security policies in an extended type system –Smith & Volpano [SVI96, SV98,...] –Heintze & Riecke [HR98, ABHR99] –Myers [ML97,My99,...] –Sabelfeld & Sands [SS99, SS00] –Pottier & Conchon [PC00,...]

Steve Zdancewic ESOP016 Noninterference "Low-security behavior of the program is not affected by any high-security data." Goguen & Messeguer 1982 H1L1 L2H2 H3L1 L2H4 LL

Steve Zdancewic ESOP017 Our Goal Study information flow in rich language –Higher-order functions –State Noninterference proof

Steve Zdancewic ESOP018 Continuation Passing Style Useful representation of low-level code – verify output of the compiler. Main complication: explicit control and interaction with effects

Steve Zdancewic ESOP019 Outline Motivating Example Problem with Naïve CPS translation Ordered Linear Continuations Wrap up

Steve Zdancewic ESOP0110 Security Types A lattice L of labels –order  L  H –join  L  H = H Types have labels: int H or bool L

Steve Zdancewic ESOP0111 Example if0 (x:int H ){ y := 1; } else { y := 2; } z := 3;

Steve Zdancewic ESOP0112 Example if0 (x:int H ){ y := 1; } else { y := 2; } z := 3; pc:L

Steve Zdancewic ESOP0113 Example if0 (x:int H ){ y := 1; } else { y := 2; } z := 3; pc:H pc:L

Steve Zdancewic ESOP0114 if0 (x:int H ){ y := 1; // y:int H } else { y := 2; } z := 3; Example pc:L pc:H

Steve Zdancewic ESOP0115 Example if0 (x:int H ){ y := 1; // y:int H } else { y := 2; } z := 3; pc:L pc:H

Steve Zdancewic ESOP0116 Example if0 (x:int H ){ y := 1; // y:int H } else { y := 2; } z := 3; pc:L pc:H

Steve Zdancewic ESOP0117 Example if0 (x:int H ){ y := 1; // y:int H } else { y := 2; } z := 3; // z:int L pc:L pc:H pc:L

Steve Zdancewic ESOP0118 PC Label Side-effects are bounded by PC label. x := e x:  s refe:  r (p  r)  spc:p

Steve Zdancewic ESOP0119 What about functions? Effects inside a function must also be bounded by PC label. f(e) f:  r p  rpc:p e: 

Steve Zdancewic ESOP0120 Naive CPS let k = (). z := 3; if0 (x:int H ){ y := 1; k(); } else { y := 2; k(); }

Steve Zdancewic ESOP0121 Naive CPS let k = (). z := 3; if0 (x:int H ){ y := 1; k(); } else { y := 2; k(); } pc:H

Steve Zdancewic ESOP0122 Naive CPS let k = (). z := 3; //z:int H if0 (x:int H ){ y := 1; k(); } else { y := 2; k(); } pc:H

Steve Zdancewic ESOP0123 Linear Continuations let k = (). z := 3; //z:int H if0 (x:int H ){ y := 1; k(); } else { y := 2; k(); } k is used linearly!

Steve Zdancewic ESOP0124 Main Idea Use linear continuations to express the control-flow properties of the source language via types But...not quite enough

Steve Zdancewic ESOP0125 Order of Evaluation Order the continuations are invoked is also important! Can observe the order via side effects So...ordered linear continuations

Steve Zdancewic ESOP0126 What Are They? Linear continuations: First-class postdominators of control flow graph Ordered linear continuations: Encode the control stack

Steve Zdancewic ESOP0127 Target CPS Language Includes regular continuations and ordered linear continuations Careful manipulation of context:  | k n,…,k 1 [pc]  e Ordered list encodes stack

Steve Zdancewic ESOP0128 Noninterference If x:  H |[L]  e : int L  v 1,v 2 :  H (M,e{v 1 /x})  * (M 1,n 1 ) (M,e{v 2 /x})  * (M 2,n 2 ) Then M 1  L M 2 and n 1 = n 2

Steve Zdancewic ESOP0129 Results Formalize ordered linear continuations in the type system Prove that the CPS language enjoys noninterference –Proof hinges on ordering property –First proof for such a rich language Expressive enough as a target

Steve Zdancewic ESOP0131 Other Connections Linearity of control also plays a role in security typed versions of -calculus. [Honda et. al.] Linear control is interesting in its own right

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.