Quantitative analysis of leakage for multi-threaded programs

PLAS'07 - Proceedings of the 2007 ACM SIGPLAN Workshop on Programming Languages and Analysis for Security

Volumn , Issue , 2007, Pages 31-40

  Chen, Han ^a   Malacaria, Pasquale ^a  

^a QUEEN MARY UNIVERSITY OF LONDON   (United Kingdom)

Author keywords

Information Theory; Multi threaded Languages; Security

Indexed keywords

INFORMATION FLOW; MULTI THREADED PROGRAMS; SINGLE-THREAD LOOPING PROGRAMS;

COMPUTATIONAL METHODS; INFORMATION TECHNOLOGY; INFORMATION THEORY; PROBABILISTIC LOGICS; SEMANTICS;

COMPUTER PROGRAMMING LANGUAGES;

EID: 36448964849     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1255329.1255335     Document Type: Conference Paper

References (49)

1. Martín Abadi, Anindya Banerjee, Nevin Heintze, and Jon G. Riecke. A core calculus of dependency. In Proc. ACM Symp. on Principles of Programming Languages, pages 147-160, New York, NY, USA, 1999. ACM Press.
2. Martín Abadi and Andrew D. Gordon. A calculus for cryptographic protocols: The spi calculus. In ACM Conference on Computer and Communications Security, pages 36-47. ACM Press, 1997.
3. Johan Agat. Transforming out timing leaks. In Proc. ACM Symp. on Principles of Programming Languages, pages 40-53. ACM Press, 2000.
4. Torben. Amtoft, Sruthi Bandhakavi, and Anindya Banerjee. A logic for information flow analysis of pointer programs. Technical Report CIS TR 2005-1, Kansas State University, July 2005.
5. Torben. Amtoft, Sruthi Bandhakavi, and Anindya Banerjee. A logic for information flow in object-oriented programs. In Proc. ACM Symp. on Principles of Programming Languages, pages 91-102, New York, NY, USA, 2006. ACM Press.
6. Manual Barbosa and Daniel Page. On the automatic construction of indistinguishable operations. In IMA Int. Conf, pages 233-247, 2005.
7. Daniel J. Bernstein. Cache-timing attacks on AES, 2004.
8. Peter Bogetoft, Ivan Damgård, Thomas Jakobsen, Kurt Nielsen, Jakob Pagter, and Tomas Toft. Secure computing, economy, and trust: A generic solution for secure auctions with real-world applications. Technical Report RS-05-18, BRICS, June 2005. 37 pp.
9. Peter Bogetoft, Ivan Damgård, Thomas Jakobsen, Kurt Nielsen, Jakob Pagter, and Tomas Toft. A practical implementation of secure auctions based on multiparty integer computation. In Proc. of Financial Cryptography, volume 4.107 of LNCS. Springer-Verlag, 2006.
10. David Brumley and Dan Boneh. Remote timing attacks are practical. Comput. Networks, 48(5):701-716, 2005.
11. Ran Canetti. Universally composable security: A new paradigm for cryptographic protocols. In Proc. IEEE Symp. on Foundations of Computer Science, pages 136-145, 2001.
12. David Clark, Sebastian Hunt, and Pasquale Malacaria. Quantitative analysis of the leakage of confidential data. J. Theoretical Computer Science, 59(3):1-14, January 2004.
13. Patrick Cousot and Radhia Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proc. ACM Symp. on Principles of Programming Languages, pages 238-252, 1977.
14. Ivan Damgård, Matthias Fitzi, Eike Kiltz, Jesper Buus Nielsen, and Tomas Toft. Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation. In Proc. Theory of Cryptography Conference, volume 3876 of LNCS, pages 285-304. Springer-Verlag, May 2006.
15. Dorothy Elizabeth Rob Denning. A lattice model of secure information flow. Commun. ACM, 19(5):236-243, 1976.
16. Dorothy Elizabeth Rob Denning and Peter J. Denning. Certification of programs for secure information flow. Commun. ACM, 20(7):504-513, 1977.
17. Pablo Giambiagi and Mads Dam. On the secure implementation of security protocols. Sci. Comput. Program., 50(1-3):73-99, 2004.
18. Joseph A. Goguen and José Meseguer. Security policies and security models. In Proc. IEEE Symp. on Security and Privacy, pages 11-20. IEEE Computer Society Press, 1982.
19. Nevin Heintze and Jon G. Riecke. The SLam calculus: programming with, secrecy and integrity. In Proc. ACM Symp. on Principles of Programming Languages, pages 365-377, New York, NY, USA, 1998. ACM Press.
20. Thomas Jakobsen and Strange From. Secure multi-party computation on integers. Master's thesis, Department of Computer Science, DAIMI, University of Aarhus, Denmark, July 2005.
21. Paul C. Kocher. Timing attacks on implementations of DiffieHellman, RSA, DSS, and other systems. In Proc. International Ctyptology Conference on Advances in Cryptology, volume 1109 of LNCS, pages 104-113, London, UK, 1996. Springer-Verlag.
22. Boris Köpf and David A. Basin. Timing-sensitive information flow analysis for synchronous systems. In Proc. European Symp. on Research in Computer Security, pages 243-262, 2006.
23. Vijay Krishna. Auction Theory. Academic Press, 2002.
24. Peng Li and Steve Zdancewic. Downgrading policies and relaxed noninterference. In Proc. ACM Symp. on Principles of Programming Languages, pages 158-170, New York, NY, USA, 2005. ACM Press.
25. Dahlia Malkhi, Noam Nisan, Benny Pinkas, and Yaron Sella. Fairplay - A Secure Two-Party Computation System. In Proc. of USENIX Security Symposium, pages 287-302, 2004.
26. Heiko Mantel and David Sands. Controlled declassification based on intransitive noninterference. In Proc. of the ASIAN Symposium on Programming Languages and Systems, volume 3303 of LNCS, pages 129-145, Taipei, Taiwan, November 4-6 2004. Springer-Verlag.
27. Ana Ameida Matos and Gerard Boudol. On declassification and the non-disclosure policy. In Proc. IEEE Computer Security Foundations Workshop, pages 226-240, Washington, DC, USA, 2005. IEEE Computer Society Press.
28. Andrew C. Myers and Barbara Liskov. Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology, 9(4):410-442, 2000.
29. Janus Dam Nielsen and Michael I. Schwartzbach. The SMCL Language Specification. Technical Report RS-07-9, BRICS, April 2007.
30. Flemming Nielson, Hanne R. Nielson, and Chris Hankin. Principles of Program Analysis. Springer-Verlag, 1999.
31. Francois Pottier and Vincent Simonet. Information flow inference for ML. In Proc. ACM Symp. on Principles of Programming Languages, pages 319-330, 2002.
32. Andrei Sabelfeld and Andrew Myers. Language-based information-flow security. IEEE J. on Selected Areas in Communications, 21, 2003.
33. Andrei Sabelfeld and Andrew Myers. A model for delimited information release. In Pmc. of the International Symposium on Software Security, volume 3233 of LNCS, pages 174-191. Springer-Verlag, October 2004.
34. Andrei Sabelfeld and David Sands. A per model of secure information flow in sequential programs. In Proc. European Symposium on Programming, pages 40-58, 1999.
35. Andrei Sabelfeld and David Sands. Probabilistic noninterference for multi-threaded programs. In Proc. IEEE Computer Security Foundations Workshop, page 200, Washington, DC, USA, July 2000. IEEE Computer Society Press.
36. Andrei Sabelfeld and David Sands. Dimensions and principles of declassification. In Proc. IEEE Computer Security Foundations Workshop, pages 255-269, Washington, DC, USA, 2005. IEEE Computer Society Press.
37. Marras C. Silaghi. SMC: Secure Multiparty Computation, language, 2004. http://www.cs.fit.edu/msilaghi/SMC/ tutorial.html.
38. Geoffrey Smith and Dennis Volpano. Secure information flow in a multi-threaded imperative language. In Proc. ACM Symp. on Principles of Programming Languages, pages 355-364, New York, NY, 1998.
39. Tomas Toft. Progress report - Secure Integer Computation with Applications in Economics., July 2005.
40. Terkel K. Tolstrup and Flemming Nielson. Analyzing for Absence of Timing Leaks in VHDL. In Dieter Gollmann and Jan Jürjens, editors, Proc. International Workshop on Issues in the Theory of Security, March 2006.
41. Terkel K. Tolstrup, Flemming Nielson, and Hanne Riis Nielson. Information Flow Analysis for VHDL. In Victor E. Malyshkin, editor, Proc. International Conference on Parallel Computing Technologies, volume 3606 of LNCS, pages 79-98. Springer-Verlag, September 2005.
42. Arie van Deursen, Paul Klint, and Joost Visser. Domain-specific languages: An annotated bibliography. SIGPLAN Notices, 35(6):26-36, 2000.
43. Dennis Volpano and Geoffrey Smith. A type-based approach to program security. In Proc. of Theory and Practice of Software Development, pages 607-621, 1997.
44. Dennis Volpano and Geoffrey Smith. Probabilistic noninterference in a concurrent language. In Proc. IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, 1998.
45. Dennis Volpano, Geoffrey Smith, and Cynthia Irvine. A sound type system for secure flow analysis. J. Computer Security, 4(3): 167-187, 1996.
46. Andrew Chi-Chih Yao. Protocols for secure computations (extended abstract). In Proc. IEEE Symp. on Foundations of Computer Science, pages 160-164, 1982.
47. Steve Zdancewic. A type system for robust declassification. In Proc. of the Mathematical Foundations of Programming Semantics, March 2003.
48. Steve Zdancewic and Andrew C. Myers. Robust declassification. In Proc. IEEE Computer Security Foundations Workshop, pages 15-23. IEEE Computer Society Press, June 2001.
49. Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, and Andrew C. Myers. Secure program partitioning. Technical Report 2001-1846, Cornell University, 2001.