Abstract
There is a clear intuitive connection between the notion of leakage of information in a program and concepts from information theory. This intuition has not been satisfactorily pinned down, until now. In particular, previous information-theoretic models of programs are imprecise, due to their overly conservative treatment of looping constructs. In this paper we provide the first precise information-theoretic semantics of looping constructs. Our semantics describes both the amount and rate of leakage; if either is small enough, then a program might be deemed "secure". Using the semantics we provide an investigation and classification of bounded and unbounded covert channels.
- D. Bell and L. LaPadula, "Secure computer systems: Unified exposition and Multics interpretation", Technical Report MTR-2997, MITRE Corp, 1997.Google Scholar
- D. Clark and S. Hunt and P. Malacaria "Quantitative Analysis of the Leakage of Confidential Data" Electronic Notes in Theoretical Computer Science volume 59, issue 3, Elsevier, 2002.Google Scholar
- D. Clark and S. Hunt and P. Malacaria, "Quantified Interference for a While Language", Elsevier, Electronic Notes in Theoretical Computer Science 112, pages 149--166, 2005. Google ScholarDigital Library
- D. Clark and S. Hunt and P. Malacaria, "Quantitative Information Flow, Relations and Polymorphic Types", Journal of Logic and Computation, Special Issue on Lambda-calculus, type theory and natural language, 2005, volume 18, number 2, pages 181--199. Google ScholarDigital Library
- M. R. Clarkson and A. C. Myers and F. B. Schneider, "Belief in Information Flow", Proc. 18th IEEE Computer Security Foundations Workshop (CSFW 18), IEEE Computer Society Press, 2005. Google ScholarDigital Library
- T. M. Cover and J. A. Thomas, "Elements of Information Theory", 1991, Wiley Interscience. Google ScholarDigital Library
- D. E. R. Denning, "A Lattice Model of Secure Information Flow", Communications of the ACM, volume 19, number 5, May 1976. Google ScholarDigital Library
- D. E. R. Denning, "Cryptography and Data Security", 1982, Addison-Wesley. Google ScholarDigital Library
- A. Di Pierro and C. Hankin and H. Wiklicky, "Probabilistic confinement in a declarative framework", Electronic Notes in Theoretical Computer Science, volume 48, Elsevier 2001.Google ScholarCross Ref
- A. Di Pierro and C. Hankin and H. Wiklicky, "Quantitative static analysis of distributed systems", Journal of Functional Programming, 2005. Google ScholarDigital Library
- J. Goguen and J. Meseguer, "Security Policies and Security Models", IEEE Symposium on Security and Privacy, pages 11--20, IEEE Computer Society Press, 1982.Google ScholarCross Ref
- J. W. Gray III and P. F. Syverson, "A Logical Approach to Multilevel Security of Probabilistic Systems", Distributed Computing, volume 11, number 2, 1998, pages 73--90. Google ScholarDigital Library
- W. Gray, III, James, "Toward a Mathematical Foundation for Information Flow Security", Proc. 1991 IEEE Symposium on Security and Privacy, Oakland, CA, May 1991, pages 21--34.Google ScholarCross Ref
- S. Isthiaq and P.W. O'Hearn, "BI as an assertion language for mutable data structures", pages = "14--26", 28th POPL London 2001. Google ScholarDigital Library
- G. Lowe, "Quantifying Information Flow", Proceedings of the Workshop on Automated Verification of Critical Systems, 2001.Google Scholar
- D.Malone and W. Sullivan, "Guesswork and entropy", IEEE Transactions on Information Theory, volume 50, number 3, March 2004. Google ScholarDigital Library
- J. L. Massey, "Guessing and entropy", Proc. IEEE International Symposium on Information Theory, 1994, Trondheim, Norway.Google Scholar
- J. McLean, "Security models and information flow", Proceedings of the 1990 IEEE Symposium on Security and Privacy, 1990, Oakland, California.Google ScholarCross Ref
- J. Millen, "Covert channel capacity", Proc. 1987 IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, 1987.Google Scholar
- J. C. Reynolds, "Syntactic control of interference", Conf. Record 5th ACM Symp. on Principles of Programming Languages 1978. Google ScholarDigital Library
- J. Reynolds, "Separation logic: a logic for shared mutable data structures", Invited Paper, LICS'02, 2002. Google ScholarDigital Library
- P. Y. A. Ryan and J. McLean and J. Millen and V. Gilgor, "Non-interference, who needs it?", Proceedings of the 14th IEEE Security Foundations Workshop, Cape Breton, Nova Scotia, Canada, June 2001. Google ScholarDigital Library
- C. Shannon, "A mathematical theory of communication", The Bell System Technical Journal, volume 27, July and October, 1948, pages 379--423 and 623--656.Google Scholar
- D. Volpano and G. Smith, "A Type-Based Approach to Program Security", Proceedings of TAPSOFT '97 (Colloquium on Formal Approaches in Software Engineering), April 1997, Lecture Notes in Computer Science, number 1214, pages 607--621. Google ScholarDigital Library
- D. G. Weber, "Quantitative Hookup security for covert channel analysis", Proceedings of the 1988 Workshop on the Foundations of Computer Security, 1988, Fanconia, New Hampshire, U.S.A.Google Scholar
- G. Winskel, "The formal semantics of programming languages: an introduction", MIT Press 1993. Google ScholarDigital Library
- T. Wittbold, "Network of Covert Channels", Proceedings of the 1990 Workshop on the Foundations of Computer Security, 1990.Google Scholar
Index Terms
- Assessing security threats of looping constructs
Recommendations
Assessing security threats of looping constructs
POPL '07: Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesThere is a clear intuitive connection between the notion of leakage of information in a program and concepts from information theory. This intuition has not been satisfactorily pinned down, until now. In particular, previous information-theoretic models ...
Risk assessment of security threats for looping constructs
Security Issues in Concurrency (SecCo'07)There is a clear intuitive connection between the notion of leakage of information in a program and concepts from Information Theory. We explore this connection by interpreting Information Theory as a security risk assessment of programs. Information ...
Emerging Security Threats and Countermeasures in IoT
ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications SecurityIoT (Internet of Things) diversifies the future Internet, and has drawn much attention. As more and more gadgets (i.e. Things) connected to the Internet, the huge amount of data exchanged has reached an unprecedented level. As sensitive and private ...
Comments