Willard Rafnsson scite author profile

Recently, much progress has been made on achieving information-flow security via secure multi-execution. Secure multi-execution (SME) is an elegant way to enforce security by executing a given program multiple times, once for each security level, while carefully dispatching inputs and ensuring that an execution at a given level is responsible for producing outputs for information sinks at that level. Secure multiexecution guarantees noninterference, in the sense of no dependencies from secret inputs to public outputs, and transparency, in the sense that if a program is secure then its secure multiexecution does not destroy its original behavior. This paper pushes the boundary of what can be achieved with secure multi-execution. First, we lift the assumption from the original secure multi-execution work on the totality of the input environment (that there is always assumed to be input) and on the cooperative scheduling. Second, we generalize secure multi-execution to distinguish between security levels of presence and content of messages. Third, we introduce a declassification model for secure multi-execution that allows expressing what information can be released. Fourth, we establish a full transparency result showing how secure multiexecution can preserve the original order of messages in secure programs. We demonstrate that full transparency is a key enabler for discovering attacks with secure multi-execution.

show abstract

Securing Interactive Programs

Rafnsson

Hedin

Sabelfeld

2012

View full text Add to dashboard Cite

This paper studies the foundations of informationflow security for interactive programs. Previous research assumes that the environment is total, that is, it must always be ready to feed new inputs into programs. However, programs secure under this assumption can leak the presence of input. Such leaks can be magnified to whole-secret leaks in the concurrent setting. We propose a framework that generalizes previous research along two dimensions: first, the framework breaks away from the totality of the environment and, second, the framework features fine-grained security types for communication channels, where we distinguish between the security level of message presence and message content. We show that the generalized framework features appealing compositionality properties: parallel composition of secure program results in a secure thread pool. We also show that modeling environments as strategies leads to strong compositionality: various types of composition (with and without scoping) follow from our general compositionality result. Further, we propose a type system that supports enforcement of security via fine-grained security types.

show abstract

Limiting information leakage in event-based communication

Rafnsson

Sabelfeld

2011

View full text Add to dashboard Cite

Secure multi-execution: Fine-grained, declassification-aware, and transparent

Rafnsson

Sabelfeld

2016

JCS

View full text Add to dashboard Cite

show abstract

Type systems for information flow control

et al. 2017

View full text Add to dashboard Cite

Information flow control is central to computer security. The objective of information flow control is to prevent unauthorized flows of secret information to the public outputs of a computation. This task is often accomplished using type systems that rely on modal operators to label and track information and, hence, this style of enforcing information flow control is deeply ingrained in logic. One key choice in designing a type system for information flow control, or dependence analysis in general, is the granularity at which dependencies are tracked. This article considers two extreme design points in this vast design space and examines their relative expressiveness.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.