Modular Enforcement of Information Flow Policies in Data Structures

Modular Enforcement of Information Flow Policies in Data Structures

Cached

Download Links

[www.cs.princeton.edu]

by Gordon Stewart , Anindya Banerjee , Aleksandar Nanevski

BibTeX

@MISC{Stewart_modularenforcement,
    author = {Gordon Stewart and Anindya Banerjee and Aleksandar Nanevski},
    title = {Modular Enforcement of Information Flow Policies in Data Structures},
    year = {}
}

Bookmark

OpenURL

Abstract

Abstract—Standard implementations of common data structures such as hash tables can leak information, e.g. the operation history, to attackers with later access to a machine’s memory. This leakage is particularly damaging whenever the history of operations performed on a data structure must remain secret, such as in voting machines. We show how unique representation—the requirement that a data structure have canonical machine representations—can be used to perform modular verification of information flow policies in programs that compose data structures with their clients. We present a compositional verification system based on Relational Hoare Type Theory (RHTT) that uses unique representation to enforce end-to-end security guarantees such as noninterference for such programs. We validate our system and technique with examples drawn from arrays, multisets, hash tables, and a medical database application. The system, theorems, and examples have all been verified in Coq. I.

Citations

583	Separation logic: A logic for shared mutable data structures. Symp. on Logic in - Reynolds - 1994
478	A lattice model of secure information flow - DENNING - 1976
458	Language-based information-flow security - Sabelfeld, Myers
379	Jflow: practical mostly-static information flow control - Myers - 1999
345	A sound type system for secure flow analysis - Volpano, Irvine, et al. - 1996
312	Tamper Resistance – a Cautionary Note - Anderson, Kuhn - 1996
267	G.D.: Abstract types have existential types - Mitchell, Plotkin - 1988
112	A logic for parametric polymorphism - Plotkin, Abadi - 1993
70	Secure Computer Systems: A - Bell - 1973
65	editors. The Vienna Development Method: The MetaLanguage - Bj��rner, Jones - 1978
59	Incremental Cryptography: The Case of Hashing and Signing - Bellare, Goldreich, et al. - 1994
57	Simple relational correctness proofs for static analyses and program transformations - Benton
56	Information transmission in sequential programs,” in Foundations of Secure Computation - Cohen - 1978
34	Space efficient hash tables with worst case constant access time - Fotakis, Pagh, et al. - 2005
25	Language-based information erasure - Chong, Myers - 2005
23	Anti-presistence: history independent data structures - Naor, Teague - 2001
16	Declassification: Dimensions and principles - Sabelfeld, Sands - 2009
15	Ordered hash tables - Amble, Knuth - 1974
14	history-independent, subliminal-free data structures on prom storage-or-how to store ballots on a voting machine (extended abstract - Molnar, Kohno, et al. - 2006
12	Characterizing history independent data structures - Hartline, Hong, et al. - 2005
7	Strongly historyindependent hashing with applications - Blelloch, Golovin - 2007
7	Tracking information flow in dynamic tree structures - Russo, Sabelfeld, et al. - 2009
6	Tolmach, “A certified framework for compiling and executing garbage-collected languages - McCreight, Chevalier, et al.
5	Just forget it - the semantics and enforcement of information erasure - Hunt, Sands - 2008
4	Hoare logic and auxiliary variables,” Formal - Kleymann - 1999
4	Verification of information flow and access control policies with dependent types - Nanevski, Banerjee, et al. - 2011
2	Security Seals on Voting Machines: A Case Study - Appel - 2011
2	histories: A triple for - Borgström, Gordon, et al. - 2011
1	A logic for information flow - Amtoft, Bandhakavi, et al. - 2006
1	Parametricity and dependent types,” in ICFP, 2010, full version available at http://publications.lib.chalmers.se/ records/fulltext/local 135303.pdf - Bernardy, Jansson, et al.
1	enforcement of erasure and declassification - “End-to-end - 2008
1	Adding equations - Krishnaswami, Benton
1	Oblivious data structures: Applications - Micciancio - 1997