Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security 2017
DOI: 10.1145/3133956.3134036
|View full text |Cite
|
Sign up to set email alerts
|

Cryptographically Secure Information Flow Control on Key-Value Stores

Abstract: We present Clio, an information flow control (IFC) system that transparently incorporates cryptography to enforce confidentiality and integrity policies on untrusted storage. Clio insulates developers from explicitly manipulating keys and cryptographic primitives by leveraging the policy language of the IFC system to automatically use the appropriate keys and correct cryptographic operations. We prove that Clio is secure with a novel proof technique that is based on a proof style from cryptography together wit… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
8
0

Year Published

2017
2017
2023
2023

Publication Types

Select...
5
2

Relationship

2
5

Authors

Journals

citations
Cited by 8 publications
(8 citation statements)
references
References 50 publications
0
8
0
Order By: Relevance
“…There is a significant body of work on embedding IFC in Haskell [3,17,22,27,38,41,43,48,[50][51][52]. Most of which falls into the category of "monadic" IFC libraries in which the code that is subject to IFC enforcement is written using a specialized interface exported by the library.…”
Section: Implementations Of Ifc In Haskellmentioning
confidence: 99%
“…There is a significant body of work on embedding IFC in Haskell [3,17,22,27,38,41,43,48,[50][51][52]. Most of which falls into the category of "monadic" IFC libraries in which the code that is subject to IFC enforcement is written using a specialized interface exported by the library.…”
Section: Implementations Of Ifc In Haskellmentioning
confidence: 99%
“…LIO's current label and clearance label draw inspiration from work on Mandatory Access Control (MAC) operating systems [Bell and LaPadula 1973], including Asbestos [Efstathopoulos et al 2005], HiStar [Zeldovich et al 2006], and Flume [Krohn et al 2007]. The baseline LIO approach has been extended in several interesting ways [Buiras et al , 2015Russo 2015;Waye et al 2017], including to other languages [Heule et al 2015].…”
Section: Related Workmentioning
confidence: 99%
“…Defensive mechanisms are proposed to protect private data from leakage including cryptography methods [38], access control [33] and information flow control [35] [15] [55]. Cryptography approaches provide a secure way to prevent the eavesdropping attack by encrypting the sensitive data, but the misuse and extra overhead limit their reliability and practicality [143]. Access control based permission framework is an effective mechanism on limiting third-party app's access to sensitive data.…”
Section: Introductionmentioning
confidence: 99%