Types for Location and Data Security in Cloud Environments

Gazeau, Ivan; Chothia, Tom; Duggan, Dominic

doi:10.1109/csf.2017.25

Cited by 3 publications

(2 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Gazeau et al [21] enforce confidentiality (but not integrity) of the client data in the cloud. Like our assumptions regarding access to cryptographic keys, their security guarantee relies on honest nodes denying access to attacker nodes.…”

Section: B Communication Channels and Cryptographymentioning

confidence: 99%

Information Flow Control for Distributed Trusted Execution Environments

Gollamudi

Chong

Arden

2019

2019 IEEE 32nd Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

Distributed applications cannot assume that their security policies will be enforced on untrusted hosts. Trusted execution environments (TEEs) combined with cryptographic mechanisms enable execution of known code on an untrusted host and the exchange of confidential and authenticated messages with it. TEEs do not, however, establish the trustworthiness of code executing in a TEE. Thus, developing secure applications using TEEs requires specialized expertise and careful auditing. This paper presents DFLATE, a core security calculus for distributed applications with TEEs. DFLATE offers high-level abstractions that reflect both the guarantees and limitations of the underlying security mechanisms they are based on. The accuracy of these abstractions is exhibited by asymmetry between confidentiality and integrity in our formal results: DFLATE enforces a strong form of noninterference for confidentiality, but only a weak form for integrity. This reflects the asymmetry of the security guarantees of a TEE: a malicious host cannot access secrets in the TEE or modify its contents, but they can suppress or manipulate the sequence of its inputs and outputs. Therefore DFLATE cannot protect against the suppression of high-integrity messages, but when these messages are delivered, their contents cannot have been influenced by an attacker.

show abstract

Section: B Communication Channels and Cryptographymentioning

confidence: 99%

Information Flow Control for Distributed Trusted Execution Environments

Gollamudi

Chong

Arden

2019

2019 IEEE 32nd Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

show abstract

“…Combining cryptography and IFC languages is not new. The Decentralized Label Model (DLM) [39] has been extended with cryptographic operations [17,22,51,56]. These extensions, however, either use only symbolic models of cryptography or provide no security properties for their system.…”

Section: Related Workmentioning

confidence: 99%

Cryptographically Secure Information Flow Control on Key-Value Stores

Waye

Buiras

Arden

et al. 2017

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

We present Clio, an information flow control (IFC) system that transparently incorporates cryptography to enforce confidentiality and integrity policies on untrusted storage. Clio insulates developers from explicitly manipulating keys and cryptographic primitives by leveraging the policy language of the IFC system to automatically use the appropriate keys and correct cryptographic operations. We prove that Clio is secure with a novel proof technique that is based on a proof style from cryptography together with standard programming languages results. We present a prototype Clio implementation and a case study that demonstrates Clio's practicality.

show abstract

Types for Location and Data Security in Cloud Environments

Gazeau

Chothia

Duggan

2017

2017 IEEE 30th Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

Cloud service providers are often trusted to be genuine, the damage caused by being discovered to be attacking their own customers outweighs any benefits such attacks could reap. On the other hand, it is expected that some cloud service users may be actively malicious. In such an open system, each location may run code which has been developed independently of other locations (and which may be secret). In this paper, we present a typed language which ensures that the access restrictions put on data on a particular device will be observed by all other devices running typed code. Untyped, compromised devices can still interact with typed devices without being able to violate the policies, except in the case when a policy directly places trust in untyped locations. Importantly, our type system does not need a middleware layer or all users to register with a preexisting PKI, and it allows for devices to dynamically create new identities. The confidentiality property guaranteed by the language is defined for any kind of intruder: we consider labeled bisimilarity i.e. an attacker cannot distinguish two scenarios that differ by the change of a protected value. This shows our main result that, for a device that runs well typed code and only places trust in other well typed devices, programming errors cannot cause a data leakage.

show abstract

Types for Location and Data Security in Cloud Environments

Cited by 3 publications

References 26 publications

Information Flow Control for Distributed Trusted Execution Environments

Information Flow Control for Distributed Trusted Execution Environments

Cryptographically Secure Information Flow Control on Key-Value Stores

Types for Location and Data Security in Cloud Environments

Contact Info

Product

Resources

About