Adjoining Declassification and Attack Models by Abstract Interpretation
نویسندگان
چکیده
domain completeness Let < A, α, γ, C > a Galois insertion. [Cousot & Cousot ’77,’79] f : C −→ C, f = α ◦ f ◦ γ : A −→ A (b.c.a. of f) and ρ=γ ◦ α α(x) x f αf(x) =fα(x) ⊥ ⊥ a > > a ρ correct for f f α f(x) αf(x) Adjoining Declassification and Attack Models by Abstract Interpretation – p.5/19 Abstract domain completeness Let < A, α, γ, C > a Galois insertion. [Cousot & Cousot ’77,’79] f : C −→ C, f = α ◦ f ◦ γ : A −→ A (b.c.a. of f) and ρ=γ ◦ α α(x) x f αf(x) = fα(x)domain completeness Let < A, α, γ, C > a Galois insertion. [Cousot & Cousot ’77,’79] f : C −→ C, f = α ◦ f ◦ γ : A −→ A (b.c.a. of f) and ρ=γ ◦ α α(x) x f αf(x) = fα(x) ⊥ ⊥ a > > a ρ complete for f f α ρfρ = ρf f(x) Adjoining Declassification and Attack Models by Abstract Interpretation – p.5/19 Standard non-interference Private Input Public Input
منابع مشابه
Adjoining classified and unclassified information by abstract interpretation
In this paper we prove that attack models and information released in languagebased security can be viewed as adjoint transformations in the abstract interpretation framework. This is achieved by interpreting the well known Joshi and Leino’s semantic approach to non-interference as a problem of making an abstraction complete relatively to a program’s semantics. This observation allows us to pro...
متن کاملQuantitative Robust Declassification
The previous declassification policies focus on qualitative analysis of security properties along different dimensions, lacking quantitative analysis of them. As a step in this direction, we relax restrictiveness of robustness of declassification from the quantitative aspect, and propose a definition of robustness rate of declassification, based on Shannon’s measure method of information lattic...
متن کاملSpecification and Verification of Side Channel Declassification
Side channel attacks have emerged as a serious threat to the security of both networked and embedded systems – in particular through the implementations of cryptographic operations. Side channels can be difficult to model formally, but with careful coding and program transformation techniques it may be possible to verify security in the presence of specific side-channel attacks. But what if a p...
متن کاملA Design for a Security-Typed Language with Certificate-Based Declassification
This paper presents a calculus that supports information-flow security policies and certificate-based declassification. The decentralized label model and its downgrading mechanisms are concisely expressed in the polymorphic lambda calculus with subtyping (System F≾). We prove a conditioned version of the noninterference theorem such that authorization for declassification is justified by digita...
متن کاملDesigning a Security-typed Language with Certificate-based Declassification
This paper presents the design of a programming language that supports information-flow security policies and certificate-based declassification. The language uses monadic information-flow annotations in the style of Abadi et al.’s dependency core calculus, and has an effects system and fixpoints. The type system conflates security concepts such as labels, principals, and privileges with abstra...
متن کامل