Security-typed languages for implementation of cryptographic protocols: A case study

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 3679 LNCS, Issue , 2005, Pages 197-221

  Askarov, Asian ^a   Sabelfeld, Andrei ^a  

^a CHALMERS UNIVERSITY OF TECHNOLOGY   (Sweden)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER ARCHITECTURE; CRYPTOGRAPHY; NETWORK PROTOCOLS; SECURITY OF DATA;

CRYPTOGRAPHIC PROTOCOL; SECURE PROGRAMMING; SECURITY ASSURANCE; SECURITY-TYPED LANGUAGES;

JAVA PROGRAMMING LANGUAGE;

EID: 33646080360     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11555827_12     Document Type: Conference Paper

References (51)

1. CERT® advisory CA-2003-26: Multiple vulnerabilities in SSL/TLS implementations, October 2003. http://www.cert.org/advisories/CA-2003-26.html.
2. Jif source code for the mental poker protocol, March 2005. http://www.cs.chalmers.se/~aaskarov/jifpoker.
3. J. Agat. Transforming out timing leaks. In Proc. ACM Symp. on Principles of Programming Languages, pages 40-53, January 2000.
4. R. Anderson. Why cryptosystems fail. In ACM Conference on Computer and Communications Security, pages 215-227, November 1993.
5. A. Banerjee and D. A. Naumann. Secure information flow and pointer confinement in a Java-like language. In Proc. IEEE Computer Security Foundations Workshop, pages 253-267, June 2002.
6. A. Barnett and N. P. Smart. Mental poker revisited. In Proc. Cryptography and Coding IMA International Conference, volume 2898 of LNCS, pages 370-383. Springer-Verlag, December 2003.
7. L. Bauer, J. Ligatti, and D. Walker. Composing security policies with Polymer. In Proc. ACM Conf. on Programming Language Design and Implementation, June 2005. To appear.
8. J. Castellà-Roca, J. Domingo-Ferrer, A. Riera, and J. Borrell. Practical mental poker without a TTP based on homomorphic encryption. In Progress in Cryptology-Indocrypt, volume 2904 of LNCS, pages 280-294. Springer-Verlag, December 2003.
9. S. Chong and A. C. Myers. Security policies for downgrading. In ACM Conference on Computer and Communications Security, pages 198-209, October 2004.
10. S. Chong and A. C. Myers. Language-based information erasure. In Proc. IEEE Computer Security Foundations Workshop, June 2005. To appear.
11. M. Ó. Cinnéide. Automated refactoring to introduce design patterns. In Proc. ACM International Conference on Software Engineering, pages 722-724, 2000.
12. C. Crépeau. A secure poker protocol that minimizes the effect of players coalitions. In Advances in Cryptology: Crypto'85, volume 218 of LNCS, pages 73-86. Springer-Verlag, 1986.
13. C. Crépeau. A zero-knowledge poker protocol that achieves confidentiality of the players' strategy or how to achieve an electronic poker face. In Advances in Cryptology: Crypto'86, volume 263 of LNCS, pages 239-247. Springer-Verlag, 1987.
14. M. Dam and P. Giambiagi. Confidentiality for mobile code: The case of a simple payment protocol. In Proc. IEEE Computer Security Foundations Workshop, pages 233-244, July 2000.
15. D. E. Denning. A lattice model of secure information flow. Comm. of the ACM, 19(5);236-243, May 1976.
16. D. E. Denning and P. J. Denning. Certification of programs for secure information flow. Comm. of the ACM, 20(7):504-513, July 1977.
17. J. Domingo-Ferrer. A new privacy homomorphism and applications. Information Processing Letters, 60(5):277-282, 1996.
18. J. Edwards. Implementing electronic poker: A practical exercise in zero-knowledge interactive proofs. Master's thesis, Dept. of Computer Science, University of Kentucky, 1994.
19. R. Focardi and R. Gorrieri. Classification of security properties (part I: Information flow). In R. Focardi and R. Gorrieri, editors, Foundations of Security Analysis and Design, volume 2171 of LNCS, pages 331-396. Springer-Verlag, 2001.
20. P. Giambiagi and M. Dam. On the secure implementation of security protocols. In Proc. European Symp. on Programming, volume 2618 of LNCS, pages 144-158. Springer-Verlag, April 2003.
21. J. A. Goguen and J. Meseguer. Security policies and security models. In Proc. IEEE Symp. on Security and Privacy, pages 11-20, April 1982.
22. S. Goldwasser and S. Micali. Probabilistic encryption and how to play mental poker keeping secret all partial information. In Proc. ACM Symp. Theory of Computing, pages 365-377, 1982.
23. P. Gutmann. Lessons learned in implementing and deploying crypto software. In Proc. USENIX Security Symp., pages 315-325, August 2002.
24. R. Hanna, A. Rideout, and D. Ziegler. Secure peer-to-peer texas hold'em. Course project, MIT. http://web.mit.edu/ardonite/6.857/, 2003.
25. N. Heintze and J. G. Riecke. The SLam calculus: programming with secrecy and integrity. In Proc. ACM Symp. on Principles of Programming Languages, pages 365-377, January 1998.
26. R. Heldal and F. Hultin. Bridging model-based and language-based security. In Proc. European Symp. on Research in Computer Security, volume 2808 of LNCS, pages 235-252. Springer-Verlag, October 2003.
27. R. Heldal, S. Schlager, and J. Bende. Supporting confidentiality in UML: A profile for the Decentralized Label Model. In Proc. International Workshop on Critical Systems Development with UML, pages 56-70, 2004.
28. K. Kurosawa, K. Katayama, and W. Ogata. Reshufflable and laziness tolerant mental card game protocol. IEICE Transactions, E80-A(1):72-78, 1997.
29. K. Kurosawa, Y. Katayama, W. Ogata, and S. Tsujii. General public key residue cryptosystems and mental poker protocols. In Advances in Cryptology: EuroCrypto'90, volume 473 of LNCS, pages 374-388. Springer-Verlag, 1991.
30. P. Li and S. Zdancewic. Downgrading policies and relaxed noninterference. In Proc. ACM Symp. on Principles of Programming Languages, pages 158-170, January 2005.
31. P. Li and S. Zdancewic. Practical information-flow control in web-based information systems. In Proc. IEEE Computer Security Foundations Workshop, June 2005. To appear.
32. H. Mantel and D. Sands. Controlled downgrading based on intransitive (non)interference. In Proc. Asian Symp. on Programming Languages and Systems, volume 3302 of LNCS, pages 129-145. Springer-Verlag, November 2004.
33. A. C. Myers. JFlow: Practical mostly-static information flow control. In Proc. ACM Symp. on Principles of Programming Languages, pages 228-241, January 1999.
34. A. C. Myers and B. Liskov. A decentralized model for information flow control. In Proc. ACM Symp. on Operating System Principles, pages 129-142, October 1997.
35. A. C. Myers, A. Sabelfeld, and S. Zdancewic. Enforcing robust declassification. In Proc. IEEE Computer Security Foundations Workshop, pages 172-186, June 2004.
36. A. C. Myers, L. Zheng, S. Zdancewic, S. Chong, and N. Nystrom. Jif: Java information flow. Software release. Located at http://www.cs.cornell.edu/jif, July 2001-2004.
37. F. Pottier and V. Simonet. Information flow inference for ML. ACM TOPLAS, 25(1):117-158, January 2003.
38. P. Ryan. Mathematical models of computer security-tutorial lectures. In R. Focardi and R. Gorrieri, editors, Foundations of Security Analysis and Design, volume 2171 of LNCS, pages 1-62. Springer-Verlag, 2001.
39. A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE J. Selected Areas in Communications, 21(1):5-19, January 2003.
40. A. Sabelfeld and A. C. Myers. A model for delimited information release. In Proc. International Symp. on Software Security (ISSS'03), volume 3233 of LNCS, pages 174-191. Springer-Verlag, October 2004.
41. A. Sabelfeld and D. Sands. Probabilistic noninterference for multi-threaded programs. In Proc. IEEE Computer Security Foundations Workshop, pages 200-214, July 2000.
42. A. Sabelfeld and D. Sands. Dimensions and principles of declassification. In Proc. IEEE Computer Security Foundations Workshop, June 2005. To appear.
43. C. Schindelhauer. A toolbox for mental card games, 1998.http://citeseer. ist.psu.edu/schindelhauer98toolbox.html.
44. A. Shamir, R. Rivest, and L. Adleman. Mental poker. Mathematical Gardner, pages 37-43, 1981.
45. V. Simonet. The Flow Caml system. Software release. Located at http://cristal.inria.fr/~simonet/soft/flowcaml/, July 2003.
46. S. Tse and G. Washburn. Cryptographic programming in Jif. Course project, 2003. http://www.cis.upenn.edu/~stse/bank/main.pdf.
47. J. Viega and G. McGraw. Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley, 2001.
48. S. Zdancewic. Challenges for information-flow security. In Proc. Programming Language Interference and Dependence (PLID), August 2004.
49. S. Zdancewic, L. Zheng, N. Nystrom, and A. C. Myers. Untrusted hosts and confidentiality: Secure program partitioning. In Proc. ACM Symp. on Operating System Principles, pages 1-14, October 2001.
50. L. Zheng, S. Chong, A. C. Myers, and S. Zdancewic. Using replication and partitioning to build secure distributed systems. In Proc. IEEE Symp. on Security and Privacy, pages 236-250, May 2003.
51. L. Zheng and A. C. Myers. End-to-end availability policies and noninterference. In Proc. IEEE Computer Security Foundations Workshop, June 2005. To appear.