2016
DOI: 10.3233/jcs-150541
|View full text |Cite
|
Sign up to set email alerts
|

Secure multi-execution: Fine-grained, declassification-aware, and transparent

Abstract: Recently, much progress has been made on achieving information-flow security via secure multi-execution. Secure multi-execution (SME) is an elegant way to enforce security by executing a given program multiple times, once for each security level, while carefully dispatching inputs and ensuring that an execution at a given level is responsible for producing outputs for information sinks at that level. Secure multiexecution guarantees noninterference, in the sense of no dependencies from secret inputs to public … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
15
0

Year Published

2016
2016
2018
2018

Publication Types

Select...
5

Relationship

1
4

Authors

Journals

citations
Cited by 19 publications
(15 citation statements)
references
References 45 publications
0
15
0
Order By: Relevance
“…Our choice of transparency definition is based on the original literature on runtime monitors [6,13], which requires that if a program execution is secure (noninterferent), then the monitor must accept this execution without modifications. Our definition is similar to the one of [21], which considers both terminating and nonterminating executions, however it differs because we don't require the set of executions accepted by a monitor and the set of noninterferent executions to be equal.…”
Section: Definition 3 (Soundness)mentioning
confidence: 99%
See 2 more Smart Citations
“…Our choice of transparency definition is based on the original literature on runtime monitors [6,13], which requires that if a program execution is secure (noninterferent), then the monitor must accept this execution without modifications. Our definition is similar to the one of [21], which considers both terminating and nonterminating executions, however it differs because we don't require the set of executions accepted by a monitor and the set of noninterferent executions to be equal.…”
Section: Definition 3 (Soundness)mentioning
confidence: 99%
“…Intuitively, time-sensitive noninterference is stronger than termination-sensitive noninterference because it requires that two executions starting in low-equal memories must terminate within the same number of program execution steps. Other works [10,20,26] have proposed other information flow properties, declassification properties, for modified SME monitors. We do not study in this work SME-based monitors for declassification.…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…First, execution monitors [15,1,18,17,3] attach additional metadata (for instance, a security level) and propagate that metadata during the execution of a program. Second, multi-execution based approaches [6,20,28] essentially execute a program multiple times, and make sure that the execution that performs outputs at a certain security level has only seen information less than or equal to that security level. The multiple-facets approach [2] is an optimized implementation of multi-execution, but it is less transparent.…”
Section: Examplesmentioning
confidence: 99%
“…In the work targeting secure information flow, one can identify two extremes with respect to library models [15,6,1,20,18,28,17,3]. On one hand are the shallow models, essentially corresponding to providing static boundary types, and on the other hand are the deep models, where the information flow inside the library is modeled in detail, frequently requiring a reimplementation of the library in the monitored semantics.…”
Section: Introductionmentioning
confidence: 99%