28/08/2019 – Talk: “Information-Flow Security: A Brief Introduction” by Willard Rafnsson

28/08/2019 – Talk: “Information-Flow Security: A Brief Introduction” by Willard Rafnsson

Willard Rafnsson will give an introduction to information-flow security. Detailed information below.

SPEAKER

Willard Rafnsson, Assistant Professor, ITU

TITLE

Information-Flow Security: A Brief Introduction

ABSTRACT

This talk is a brief introduction to my main area of research: information-flow security.

I will motivate information-flow security by pointing out shortcomings in state-of-the-art (yet antiquated) defenses: they fail to enforce confidentiality and integrity end-to-end (i.e. noninterference, NI). I formalize NI, and demonstrate how NI can be enforced statically (type system) and dynamically (runtime monitor).

I will then survey my recent contributions towards addressing shortcomings in state-of-the-art tools that enforce NI. These tools enforce progress-insensitive NI. I demonstrate that progress-insensitive NI is not preserved under composition. As a result, existing tools do not scale to large programs. I present several remedies. First, I show how to modify a standard type system to instead enforce progress-sensitive NI (which is preserved under composition). Then I show how to modify any analysis that already enforces progress-insensitive NI, to instead enforce progress-sensitive NI. Furthermore, I show how to modify such an analysis to enforce timing-sensitive NI. I then show how to transform any program (secure or not) into one satisfying timing-sensitive NI. Finally, I present a domain-specific language for building large (timing-sensitive) NI systems, from (timing-sensitive) NI parts.

  • Prev Post
  • Next Post

LeaveComment

Leave a Reply

Your email address will not be published. Required fields are marked *