Presentation is loading. Please wait.

Presentation is loading. Please wait.

Language-based Security Overview Anupam Datta CMU Fall 2007-08 18739A: Foundations of Security and Privacy.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Language-based Security Overview Anupam Datta CMU Fall 2007-08 18739A: Foundations of Security and Privacy."— Presentation transcript:

1 Language-based Security Overview Anupam Datta CMU Fall 2007-08 18739A: Foundations of Security and Privacy

2 Software System Security uGoal: Ensure security of software systems uDefinition of security What does “secure” mean? Our focus: non-interference uMethods for ensuring that software systems satisfy security definition Our focus: Typed programming languages

3 Popular Programming languages (I) uC Security vulnerabilities: buffer overflows, format string vulnerabilities, etc. What features of C cause these problems? Cyclone: A safe dialect of C [Morissett et al] TODAY

4 Popular Programming languages (II) uJava Does not suffer from C-style security vulnerabilities: buffer overflows, format string vulnerabilities, etc. Perfectly good Java program: login program sends password in the clear over the network (More subtle attack: Boneh-Brumley timing attack on SSL implementation – not Java) Which programs are “secure”?

5 Information flow uSecurity definition Non-interference [Goguen-Meseguer82] uEmbodiment in a programming language [Denning-Denning77] [Volpano-Smith-Irvine96] uExtending Java with information flow control Jif [Myers-Liskov97] 2 nd lecture 3 rd lecture TODAY

6 Main tool uTyped programming languages uNow: A quick overview uRelevant CMU courses 15-814: Type Systems for Programming Languages 15-819: Languages and Logics for Security

7 Programming Language Definition uSyntax (or “well-formed programs”) –Syntax of types and terms –Type system (or static semantics) uSemantics (or “meaning of programs”) Operational (Dynamic) –Program execution

8 Language Definition Examples uSyntax, Semantics (Static, Dynamic) uML: R. Milner, M. Tofte, R. Harper, and D. MacQueen, The Definition of Standard ML (Revised). MIT Press, 1997 uJava: J. Alves-Foss (Ed.), Formal Syntax and Semantics of Java. LNCS 1523, 1999

9 Simple Expression Language uSyntax uStatic Semantics (Type System)

10 Simple Expression Language uSemantics Operational/Dynamic

11 Type Safety 1. Preservation: Evaluation steps preserve types 2. Progress: Well-typed expressions are either values or can be further evaluated Relates static semantics to dynamic semantics

12 Type Systems Features uTools for reasoning about programs uClassification of terms into types provides static approximation of run- time behavior of the terms in a program uConservative: Can prove the absence of some bad program behaviors, but not their presence uTractable: Automated typecheckers typically built into compiler or linker

13 Cyclone uPresented by Kumar Avijit

14 Definition of Security uNon-interference (idea) Program HI LI HO LO HI’ HO’ No information flows from high inputs to low outputs

15 Formal definition System is deterministic finite state machine: takes input and transitions to next state producing output Trace tr is a sequence of inputs and outputs (high & low) Output L (S,tr,c): low output of system S when input c is applied to the state corresponding to trace tr purge HI (tr): returns a trace with all high inputs in tr removed

16 Thanks Questions?

Download ppt "Language-based Security Overview Anupam Datta CMU Fall 2007-08 18739A: Foundations of Security and Privacy."

Similar presentations

Debugging Natural Semantics Specifications Adrian Pop and Peter Fritzson Programming Environment Laboratory Department of Computer and Information Science.

Debugging Natural Semantics Specifications Adrian Pop and Peter Fritzson Programming Environment Laboratory Department of Computer and Information Science.
Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.

Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.
- Vasvi Kakkad.  Formal -  Tool for mathematical analysis of language  Method for precisely designing language  Well formed model for describing and.

- Vasvi Kakkad.  Formal -  Tool for mathematical analysis of language  Method for precisely designing language  Well formed model for describing and.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.

Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.
Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu

Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu
Fall 20021 Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.

Fall Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
Language-based Security: Information Flow Control 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.

Language-based Security: Information Flow Control 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.
Comp 205: Comparative Programming Languages Semantics of Imperative Programming Languages denotational semantics operational semantics logical semantics.

Comp 205: Comparative Programming Languages Semantics of Imperative Programming Languages denotational semantics operational semantics logical semantics.
Lecture 02 – Structural Operational Semantics (SOS) Eran Yahav 1.

Lecture 02 – Structural Operational Semantics (SOS) Eran Yahav 1.
Typed Assembly Languages COS 441, Fall 2004 Frances Spalding Based on slides from Dave Walker and Greg Morrisett.

Typed Assembly Languages COS 441, Fall 2004 Frances Spalding Based on slides from Dave Walker and Greg Morrisett.
Course Review Anupam Datta CMU Fall 2007-08 18739A: Foundations of Security and Privacy.

Course Review Anupam Datta CMU Fall A: Foundations of Security and Privacy.
1 CS1001 Lecture 16. 2 Overview Java Programming Java Programming Midterm Review Midterm Review.

1 CS1001 Lecture Overview Java Programming Java Programming Midterm Review Midterm Review.
1 Enforcing Confidentiality in Low-level Programs Andrew Myers Cornell University.

1 Enforcing Confidentiality in Low-level Programs Andrew Myers Cornell University.
PDDL: A Language with a Purpose? Lee McCluskey Department of Computing and Mathematical Sciences, The University of Huddersfield.

PDDL: A Language with a Purpose? Lee McCluskey Department of Computing and Mathematical Sciences, The University of Huddersfield.
Programming Language Semantics Mooly SagivEran Yahav Schrirber 317Open space 03-640-760603-640-5358 html://www.cs.tau.ac.il/~msagiv/courses/sem03.html.

Programming Language Semantics Mooly SagivEran Yahav Schrirber 317Open space html://
Course Overview Anupam Datta CMU Fall 2007-08 18739A: Foundations of Security and Privacy.

Course Overview Anupam Datta CMU Fall A: Foundations of Security and Privacy.
CS 711 Fall 2002 Programming Languages Seminar Andrew Myers 2. Noninterference 4 Sept 2002.

CS 711 Fall 2002 Programming Languages Seminar Andrew Myers 2. Noninterference 4 Sept 2002.
Semantics with Applications Mooly Sagiv Schrirber 317 03-640-7606 html://www.cs.tau.ac.il/~msagiv/courses/sem08.html Textbooks:Winskel The.

Semantics with Applications Mooly Sagiv Schrirber html:// Textbooks:Winskel The.

Similar presentations

Ads by Google