Understanding and Enforcing Opacity

Schoepe, Daniel; Sabelfeld, Andrei

doi:10.1109/csf.2015.41

Cited by 11 publications

(7 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In particular an LTS whose trace set is {h1l1, h2l1, h2l2, h3l1, h3l2} satisfies opacity but not non-interference. Schoepe and Sabelfeld [35] prove equivalence between the two notions for input-output (i.e. length two) traces when the set of opaque properties is strong enough to characterise every possible information leak.…”

Section: Link To Non-interferencementioning

confidence: 99%

“…Clearly, when ϕ is opaque in this sense, observers cannot be sure if ϕ holds of the observed system, or not. Many familiar security definitions such as noninterference, declassification, and knowledge-based security can be obtained by suitable choices of predicate ϕ [35], and notion of observable behaviour. Absolute guarantees of security are often impractical, and we may tolerate violation of security properties, as long as it happens with sufficiently low probability.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Quantitative Verification of Opacity Properties in Security Systems

Mu¹,

Clark²

2022

Preprint

View full text Add to dashboard Cite

We delineate a methodology for the specification and verification of flow security properties expressible in the opacity framework. We propose a logic, OpacTL , for straightforwardly expressing such properties in systems that can be modelled as partially observable labelled transition systems. We develop verification techniques for analysing property opacity with respect to observation notions. Adding a probabilistic operator to the specification language enables quantitative analysis and verification. This analysis is implemented as an extension to the PRISM model checker and illustrated via a number of examples. Finally, an alternative approach to quantifying the opacity property based on entropy is sketched.

show abstract

Section: Link To Non-interferencementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Quantitative Verification of Opacity Properties in Security Systems

Mu¹,

Clark²

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…A PDP provides data confidentiality for an attacker model ATK iff all runs are secrecy-preserving for ATK . Note that our security notion can be seen as a probabilistic generalization of opacity [60] for the database setting. Our notion is also inspired by the semantics of knowledge-based policies [51].…”

Section: E Confidentialitymentioning

confidence: 99%

“…Non-interference has been extended to consider probabilities [5], [58], [70] for concurrent programs. Our security notion, instead, allows those leaks that do not increase an attacker's beliefs in a secret above the threshold, and it can be seen as a probabilistic extension of opacity [60], which allows any leak except leaking whether the secret holds.…”

Section: Related Workmentioning

confidence: 99%

Securing Databases from Probabilistic Inference

Guarnieri

Marinovic

Basin

2017

2017 IEEE 30th Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

Databases can leak confidential information when users combine query results with probabilistic data dependencies and prior knowledge. Current research offers mechanisms that either handle a limited class of dependencies or lack tractable enforcement algorithms. We propose a foundation for Database Inference Control based on PROBLOG, a probabilistic logic programming language. We leverage this foundation to develop ANGERONA, a provably secure enforcement mechanism that prevents information leakage in the presence of probabilistic dependencies. We then provide a tractable inference algorithm for a practically relevant fragment of PROBLOG. We empirically evaluate ANGERONA's performance showing that it scales to relevant security-critical problems.

show abstract

“…Their condition requires that input on secret channels does not influence output on public channels. This condition has been used in a breadth of other work [3,8,10,13,14,21,31]. Unfortunately, the models used in these works assume that messages on secret channels are invisible to adversaries.…”

Section: Introductionmentioning

confidence: 99%

Towards Language-Based Mitigation of Traffic Analysis Attacks

Blaabjerg¹,

Askarov²

2021

Preprint

View full text Add to dashboard Cite

Traffic analysis attacks pose a major risk for online security. Distinctive patterns in communication act as fingerprints, enabling adversaries to de-anonymise communicating parties or to infer sensitive information. Despite the attacks being known for decades, practical solution are scarce. Network layer countermeasures have relied on black box padding schemes that require significant overheads in latency and bandwidth to mitigate the attacks, without fundamentally preventing them, and the problem has received little attention in the language-based information flow literature. Language-based methods provide a strong foundation for fundamentally addressing security issues, but previous work has overwhelmingly assumed that interactive programs communicate over secure channels, where messages are undetectable by unprivileged adversaries. This assumption is too strong for online communication where packets can be trivially observed by eavesdropping. In this paper we introduce SELENE, a small language for principled, provably secure communication over channels where packets are publicly observable, and we demonstrate how our program level defence can reduce the latency and bandwidth overheads induced compared with program-agnostic defence mechanisms. We believe that our results constitute a step towards practical, secure online communication.

show abstract

Understanding and Enforcing Opacity

Cited by 11 publications

References 51 publications

Quantitative Verification of Opacity Properties in Security Systems

Quantitative Verification of Opacity Properties in Security Systems

Securing Databases from Probabilistic Inference

Towards Language-Based Mitigation of Traffic Analysis Attacks

Contact Info

Product

Resources

About