Giving semantics to program-counter labels via secure effects

Hirsch, Andrew K.; Cecchetti, Ethan

doi:10.1145/3434316

Cited by 2 publications

(1 citation statement)

References 58 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moreover, the separation between pure computations and side-effects further simplifies the security analysis of monadic languages like λ dCG and, as we explain in Section 4, it leads to shorter proofs than in impure languages like λ dFG . Hirsch and Cecchetti (2021) generalize this insight to other effects (non-termination and exceptions) through a new proof technique for pure languages that provide effects through a monad. In their fine-grained static IFC λ-calculus, Pottier and Simonet (2003) represent secret values and expressions explicitly, through a syntactic bracketed pair construct.…”

Section: Proof Techniques For Termination-insensitive Non-interferencementioning

confidence: 91%

From fine- to coarse-grained dynamic information flow control and back

Vassena

Russo

Garg

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

We show that fine-grained and coarse-grained dynamic information-flow control (IFC) systems are equally expressive. To this end, we mechanize two mostly standard languages, one with a fine-grained dynamic IFC system and the other with a coarse-grained dynamic IFC system, and prove a semantics-preserving translation from each language to the other. In addition, we derive the standard security property of non-interference of each language from that of the other, via our verified translation. This result addresses a longstanding open problem in IFC: whether coarse-grained dynamic IFC techniques are less expressive than fine-grained dynamic IFC techniques (they are not!). The translations also stand to have important implications on the usability of IFC approaches. The coarse-to fine-grained direction can be used to remove the label annotation burden that fine-grained systems impose on developers, while the fine-to coarse-grained translation shows that coarse-grained systemsÐwhich are easier to design and implementÐcan track information as precisely as fine-grained systems and provides an algorithm for automatically retrofitting legacy applications to run on existing coarse-grained systems. CCS Concepts: • Security and privacy → Formal security models;

show abstract

Section: Proof Techniques For Termination-insensitive Non-interferencementioning

confidence: 91%

From fine- to coarse-grained dynamic information flow control and back

Vassena

Russo

Garg

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

Generalized Policy-Based Noninterference for Efficient Confidentiality-Preservation

Mangipudi,

Chuprikov,

Eugster

et al. 2023

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

As more organizations are leveraging third-party cloud and edge data centers to process data efficiently, the issue of preserving data confidentiality becomes increasingly important. In response, numerous security mechanisms have been introduced and promoted in recent years including software-based ones such as homomorphic encryption, as well as hardware-based ones such as Intel SGX and AMD SEV. However these mechanisms vary in their security properties, performance characteristics, availability, and application modalities, making it hard for programmers to judiciously choose and correctly employ the right one for a given data query. This paper presents a mechanism-independent approach to distributed confidentiality-preserving data analytics. Our approach hinges on a core programming language which abstracts the intricacies of individual security mechanisms. Data is labeled using custom confidentiality levels arranged along a lattice in order to capture its exact confidentiality constraints. High-level mappings between available mechanisms and these labels are captured through a novel expressive form of security policy. Confidentiality is guaranteed through a type system based on a novel formulation of noninterference, generalized to support our security policy definition. Queries written in a largely security-agnostic subset of our language are transformed to the full language to automatically use mechanisms in an efficient, possibly combined manner, while provably preserving confidentiality in data queries end-to-end. We prototype our approach as an extension to the popular Apache Spark analytics engine, demonstrating the significant versatility and performance benefits of our approach over single hardwired mechanisms --- including in existing systems --- without compromising on confidentiality.

show abstract

Giving semantics to program-counter labels via secure effects

Cited by 2 publications

References 58 publications

From fine- to coarse-grained dynamic information flow control and back

From fine- to coarse-grained dynamic information flow control and back

Generalized Policy-Based Noninterference for Efficient Confidentiality-Preservation

Contact Info

Product

Resources

About