article

Assessing security threats of looping constructs

Author:
Pasquale Malacaria

Queen Mary, University of London

Queen Mary, University of London
View Profile

Authors Info & Claims

ACM SIGPLAN Notices Volume 42 Issue 1January 2007pp 225–235https://doi.org/10.1145/1190215.1190251

Published:17 January 2007Publication History

ACM SIGPLAN Notices

Abstract

There is a clear intuitive connection between the notion of leakage of information in a program and concepts from information theory. This intuition has not been satisfactorily pinned down, until now. In particular, previous information-theoretic models of programs are imprecise, due to their overly conservative treatment of looping constructs. In this paper we provide the first precise information-theoretic semantics of looping constructs. Our semantics describes both the amount and rate of leakage; if either is small enough, then a program might be deemed "secure". Using the semantics we provide an investigation and classification of bounded and unbounded covert channels.

References

D. Bell and L. LaPadula, "Secure computer systems: Unified exposition and Multics interpretation", Technical Report MTR-2997, MITRE Corp, 1997.Google Scholar
D. Clark and S. Hunt and P. Malacaria "Quantitative Analysis of the Leakage of Confidential Data" Electronic Notes in Theoretical Computer Science volume 59, issue 3, Elsevier, 2002.Google Scholar
D. Clark and S. Hunt and P. Malacaria, "Quantified Interference for a While Language", Elsevier, Electronic Notes in Theoretical Computer Science 112, pages 149--166, 2005. Google ScholarDigital Library
D. Clark and S. Hunt and P. Malacaria, "Quantitative Information Flow, Relations and Polymorphic Types", Journal of Logic and Computation, Special Issue on Lambda-calculus, type theory and natural language, 2005, volume 18, number 2, pages 181--199. Google ScholarDigital Library
M. R. Clarkson and A. C. Myers and F. B. Schneider, "Belief in Information Flow", Proc. 18th IEEE Computer Security Foundations Workshop (CSFW 18), IEEE Computer Society Press, 2005. Google ScholarDigital Library
T. M. Cover and J. A. Thomas, "Elements of Information Theory", 1991, Wiley Interscience. Google ScholarDigital Library
D. E. R. Denning, "A Lattice Model of Secure Information Flow", Communications of the ACM, volume 19, number 5, May 1976. Google ScholarDigital Library
D. E. R. Denning, "Cryptography and Data Security", 1982, Addison-Wesley. Google ScholarDigital Library
A. Di Pierro and C. Hankin and H. Wiklicky, "Probabilistic confinement in a declarative framework", Electronic Notes in Theoretical Computer Science, volume 48, Elsevier 2001.Google ScholarCross Ref
A. Di Pierro and C. Hankin and H. Wiklicky, "Quantitative static analysis of distributed systems", Journal of Functional Programming, 2005. Google ScholarDigital Library
J. Goguen and J. Meseguer, "Security Policies and Security Models", IEEE Symposium on Security and Privacy, pages 11--20, IEEE Computer Society Press, 1982.Google ScholarCross Ref
J. W. Gray III and P. F. Syverson, "A Logical Approach to Multilevel Security of Probabilistic Systems", Distributed Computing, volume 11, number 2, 1998, pages 73--90. Google ScholarDigital Library
W. Gray, III, James, "Toward a Mathematical Foundation for Information Flow Security", Proc. 1991 IEEE Symposium on Security and Privacy, Oakland, CA, May 1991, pages 21--34.Google ScholarCross Ref
S. Isthiaq and P.W. O'Hearn, "BI as an assertion language for mutable data structures", pages = "14--26", 28th POPL London 2001. Google ScholarDigital Library
G. Lowe, "Quantifying Information Flow", Proceedings of the Workshop on Automated Verification of Critical Systems, 2001.Google Scholar
D.Malone and W. Sullivan, "Guesswork and entropy", IEEE Transactions on Information Theory, volume 50, number 3, March 2004. Google ScholarDigital Library
J. L. Massey, "Guessing and entropy", Proc. IEEE International Symposium on Information Theory, 1994, Trondheim, Norway.Google Scholar
J. McLean, "Security models and information flow", Proceedings of the 1990 IEEE Symposium on Security and Privacy, 1990, Oakland, California.Google ScholarCross Ref
J. Millen, "Covert channel capacity", Proc. 1987 IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, 1987.Google Scholar
J. C. Reynolds, "Syntactic control of interference", Conf. Record 5th ACM Symp. on Principles of Programming Languages 1978. Google ScholarDigital Library
J. Reynolds, "Separation logic: a logic for shared mutable data structures", Invited Paper, LICS'02, 2002. Google ScholarDigital Library
P. Y. A. Ryan and J. McLean and J. Millen and V. Gilgor, "Non-interference, who needs it?", Proceedings of the 14th IEEE Security Foundations Workshop, Cape Breton, Nova Scotia, Canada, June 2001. Google ScholarDigital Library
C. Shannon, "A mathematical theory of communication", The Bell System Technical Journal, volume 27, July and October, 1948, pages 379--423 and 623--656.Google Scholar
D. Volpano and G. Smith, "A Type-Based Approach to Program Security", Proceedings of TAPSOFT '97 (Colloquium on Formal Approaches in Software Engineering), April 1997, Lecture Notes in Computer Science, number 1214, pages 607--621. Google ScholarDigital Library
D. G. Weber, "Quantitative Hookup security for covert channel analysis", Proceedings of the 1988 Workshop on the Foundations of Computer Security, 1988, Fanconia, New Hampshire, U.S.A.Google Scholar
G. Winskel, "The formal semantics of programming languages: an introduction", MIT Press 1993. Google ScholarDigital Library
T. Wittbold, "Network of Covert Channels", Proceedings of the 1990 Workshop on the Foundations of Computer Security, 1990.Google Scholar

Index Terms

Assessing security threats of looping constructs
1. Mathematics of computing
  1. Information theory
2. Security and privacy
  1. Systems security
    1. Information flow control
    2. Operating systems security

Recommendations

Assessing security threats of looping constructs
POPL '07: Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

There is a clear intuitive connection between the notion of leakage of information in a program and concepts from information theory. This intuition has not been satisfactorily pinned down, until now. In particular, previous information-theoretic models ...
Read More
Risk assessment of security threats for looping constructs
Security Issues in Concurrency (SecCo'07)

There is a clear intuitive connection between the notion of leakage of information in a program and concepts from Information Theory. We explore this connection by interpreting Information Theory as a security risk assessment of programs. Information ...
Read More
Emerging Security Threats and Countermeasures in IoT
ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security

IoT (Internet of Things) diversifies the future Internet, and has drawn much attention. As more and more gadgets (i.e. Things) connected to the Internet, the huge amount of data exchanged has reached an unprecedented level. As sensitive and private ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM SIGPLAN Notices Volume 42, Issue 1
Proceedings of the 2007 POPL Conference
January 2007
379 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/1190215
Issue’s Table of Contents
POPL '07: Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
January 2007
400 pages
ISBN:1595935754
DOI:10.1145/1190216
General Chair:
Martin Hofmann
Ludwig-Maximilians U, Munich, Germany
,
Program Chair:
Matthias Felleisen
Northeastern University, Boston MA
Copyright © 2007 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 17 January 2007
Check for updates
Author Tags
information theory
language semantics
security
Qualifiers
- article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 132
  Total Citations
  View Citations
- 665
  Total Downloads
- Downloads (Last 12 months)7
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Assessing security threats of looping constructs

ACM SIGPLAN Notices

Abstract

References

Cited By

Index Terms

Recommendations

Assessing security threats of looping constructs

Risk assessment of security threats for looping constructs

Emerging Security Threats and Countermeasures in IoT