Automated Synthesis of Privacy-Preserving Distributed Applications

19th Annual Network and Distributed System Security Symposium, NDSS 2012

Volumn , Issue , 2012, Pages

  Backes, Michael ^a   Maffei, Matteo ^a   Pecina, Kim ^a  

^a SAARLAND UNIVERSITY   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

AUTHORIZATION; HIGH LEVEL LANGUAGES; PRIVACY-PRESERVING TECHNIQUES; PROGRAM COMPILERS;

AUTHORIZATION POLICY; AUTOMATED SYNTHESIS; CRYPTOGRAPHIC IMPLEMENTATION; CRYPTOGRAPHICS; DECLARATIVE LANGUAGES; DISTRIBUTED APPLICATIONS; HIGH LEVEL SPECIFICATION; PRIVACY AWARE; PRIVACY PRESERVING; SECURITY PROPERTIES;

NETWORK SECURITY;

EID: 85020254094     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (55)

1. C. Abadi. Iran, Facebook, and the Limits of Online Activism. Foreign Policy, 2010. http://www.foreignpolicy.com/articles/2010/02/12/irans-failed-facebook-revolution.
2. M. Abadi. Access Control in a Core Calculus of Dependency. SIGPLAN Notices, 41:263-273, 2006.
3. M. Abadi, A. Banerjee, N. Heintze, and J. G. Riecke. A Core Calculus of Dependency. In Proc. Symposium on Principles of Programming Languages (POPL'99), pages 147-160. ACM Press, 1999.
4. M. Abadi, M. Burrows, B. Lampson, and G. Plotkin. A Calculus for Access Control in Distributed Systems. ACM Transactions on Programming Languages and Systems, 15:706-734, September 1993.
5. M. Abe, G. Fuchsbauer, J. Groth, K. Haralambiev, and M. Ohkubo. Structure-Preserving Signatures and Commitments to Group Elements. In Proc. Advances in Cryptology (CRYPTO'10), volume 6223 of Lecture Notes in Computer Science, pages 209-236. Springer-Verlag, 2010.
6. J. B. Almeida, E. Bangerter, M. Barbosa, S. Krenn, A.- R. Sadeghi, and T. Schneider. A Certifying Compiler for Zero-Knowledge Proofs of Knowledge Based on Sigma-Protocols. In ESORICS'10, pages 151-167, 2010.
7. M. M. Andreas Blass, Yuri Gurevich and I. Neeman. Evidential Authorization. The Future of Software Engineering, pages 77-99, 2011.
8. A. W. Appel and E. W. Felten. Proof-Carrying Authentication. In Proc. ACM Conference on Computer and Communications Security (CCS'99), pages 52-62. ACM Press, 1999.
9. K. Avijit, A. Datta, and R. Harper. Distributed Programming with Distributed Authorization. In Proc. ACM SIGPLAN workshop on Types in language design and implementation (TLDI'10), pages 27-38. ACM Press, 2010.
10. M. Backes, S. Lorenz, M. Maffei, and K. Pecina. Anonymous Webs of Trust. In Proc. Privacy Enhancing Technologies Symposium (PETS'10), volume 6205 of Lecture Notes in Computer Science, pages 130-148. Springer-Verlag, 2010.
11. M. Backes, M. Maffei, and C. Hritçu. Union and Intersection Types for Secure Protocol Implementations. In Proc. Conference on Theory of Security and Applications (TOSCA'11), Lecture Notes in Computer Science. Springer-Verlag, 2011.
12. M. Backes, M. Maffei, and K. Pecina. Automated Synthesis of Secure Distributed Application. Long version available at http://lbs.cs.uni-saarland.de/asosda.
13. M. Backes, M. Maffei, and K. Pecina. A Security API for Distributed Social Networks. In Proc. Network and Distributed System Security Symposium (NDSS'11), 2011.
14. M. Backes, M. Maffei, K. Pecina, and R. M. Reischuk. G2C: Cryptographic Protocols from Goal-Driven Specifications. In Proc. Conference on Theory of Security and Applications (TOSCA'11), Lecture Notes in Computer Science, Saarbrücken, Germany, 2011. Springer-Verlag.
15. M. Backes, M. Maffei, and D. Unruh. Computationally Sound Verification of Source Code. In CCS '10, pages 387-398. ACM, 2010.
16. M. Backes and D. Unruh. Computational Soundness of Symbolic Zero-Knowledge Proofs Against Active Attackers. In CSF'08, pages 255-269. IEEE, 2008.
17. L. Bauer, S. Garriss, J. M. McCune, M. K. Reiter, J. Rouse, and P. Rutenbar. Device-Enabled Authorization in the Grey System. In Proc. Information Security Conference (ISC'05), Lecture Notes in Computer Science, pages 431-445. Springer-Verlag, 2005.
18. L. Bauer, M. Schneider, E. Felten, and A. Appel. Access Control on the Web Using Proof-Carrying Authorization. In Proc. DARPA Conference on Information Survivability Conference and Exposition (DISCEX'03), volume 2, pages 117-119, 2003.
19. M. Y. Becker, C. Fournet, and A. D. Gordon. Design and Semantics of a Decentralized Authorization Language. In Proc. IEEE Symposium on Computer Security Foundations (CSF'07), pages 3-15. IEEE Computer Society Press, 2007.
20. M. Belenkiy, J. Camenisch, M. Chase, M. Kohlweiss, A. Lysyanskaya, and H. Shacham. Randomizable Proofs and Delegatable Anonymous Credentials. In Proc. Advances in Cryptology (CRYPTO'09), volume 5677 of Lecture Notes in Computer Science, pages 108-125. Springer-Verlag, 2009.
21. J. Bengtson, K. Bhargavan, C. Fournet, A. D. Gordon, and S. Maffeis. Refinement Types for Secure Implementations. In Proc. IEEE Symposium on Computer Security Foundations (CSF'08), pages 17-32, 2008.
22. K. Bhargavan, C. Fournet, and A. Gordon. Modular Verification of Security Protocol Code by Typing. ACM SIGPLAN Notices, 45(1):445-456, 2010.
23. B. Blanchet, M. Abadi, and C. Fournet. Automated Cerification of Selected Equivalences for Security Protocols. Journal of Logic and Algebraic Programming, 75(1):3-51, 2008.
24. O. Blazy, G. Fuchsbauer, M. Izabachène, A. Jambert, H. Sibert, and D. Vergnaud. Batch Groth-Sahai. In Proc. International Conference on Applied Cryptography and Network Security (ACNS'10), volume 6123 of Lecture Notes in Computer Science, pages 218-235. Springer-Verlag, 2010.
25. K. D. Bowers, L. Bauer, D. Garg, F. Pfenning, and M. K. Reiter. Consumable Credentials in Linear-Logic-Based Access-Control Systems. In Proc. Network and Distributed System Security Symposium (NDSS'07). Internet Society, 2007.
26. E. Brickell, J. Camenisch, and L. Chen. Direct Anonymous Attestation. In CCS'04, pages 132-145. ACM Press, 2004.
27. G. Caronni. Walking the Web of Trust. In Proc. IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE'00), pages 153-158. IEEE Computer Society Press, 2000.
28. H. Carter. England Riots: Pair Jailed for Four Years for Using Facebook to Incite Disorder. Guardian, 2011. http://www.guardian.co.uk/uk/2011/aug/16/uk-riots-four-years-disorder-facebook.
29. A. Chaudhuri and D. Garg. PCAL: Language Support for Proof-Carrying Authorization Systems. In Proc. European Symposium on Research in Computer Security (ESORICS' 09), Lecture Notes in Computer Science, pages 184-199. Springer-Verlag, 2009.
30. R. Cramer, I. Damgård, and B. Schoenmakers. Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols. In Proc. Advances in Cryptology (CRYPTO'94), volume 839 of Lecture Notes in Computer Science, pages 174-187. Springer-Verlag, 1994.
31. A. De Caro. jPBC Library. http://libeccio.dia. unisa.it/projects/jpbc/download.html.
32. J. DeTreville. Binder, a Logic-Based Security Language. In Proc. IEEE Symposium on Security & Privacy (S&P'02), pages 105-113. IEEE Computer Society Press, 2002.
33. R. Dingledine, N. Mathewson, and P. F. Syverson. Tor: The Second-Generation Onion Router. In Proc. USENIX Security Symposium (USENIX'04), pages 303-320. USENIX Association, 2004.
34. F. Fassihi. Iranian Crackdown Goes Global. The Wall Street Journal, 2009. http://online.wsj.com/article/SB125978649644673331.html.
35. G. Florian. La Polizia ci Spia su Facebook. L'Espresso, 2010. http://espresso. repubblica.it/dettaglio/la-polizia-ci-spia-su-facebook/2137277.
36. C. Fournet. Cryptographic Soundness for Program Verification by Typechecking. Unpublished draft, 2011.
37. K. Frikken, M. Atallah, and J. Li. Attribute-Based Access Control with Hidden Policies and Hidden Credentials. IEEE Transactions on Computers, 55(10):1259-1270, 2006.
38. D. Garg and F. Pfenning. A Proof-Carrying File System. In Proc. IEEE Symposium on Security & Privacy (S&P'10), pages 349-364. IEEE Computer Society Press, 2010.
39. O. Goldreich, S. Micali, and A. Wigderson. Proofs that yield nothing but their validity or all languages in NP have zeroknowledge proof systems. JACM, 38(3):690-728, 1991.
40. J. Groth and A. Sahai. Efficient Non-interactive Proof Systems for Bilinear Groups. In Proc. Advances in Cryptology (EUROCRYPT'08), volume 4965 of Lecture Notes in Computer Science, pages 415-432. Springer-Verlag, 2008.
41. Y. Gurevich and I. Neeman. DKAL: Distributed-Knowledge Authorization Language. In CSF'08. IEEE, 2008.
42. Y. Gurevich and I. Neeman. DKAL 2 - A Simplified and Improved Authorization Language. Microsoft Research Technical Report, 2009.
43. L. Jia, J. A. Vaughan, K. Mazurak, J. Zhao, L. Zarko, J. Schorr, and S. Zdancewic. AURA: A Programming Language for Authorization and Audit. ACM SIGPLAN Notices, 43(9):27-38, 2008.
44. B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in Distributed Systems: Theory and Practice. ACM Transactions on Computer Systems, 10:265-310, November 1992.
45. J. Li, N. Li, and W. H. Winsborough. Automated trust negotiation using cryptographic credentials. In Proceedings of the 12th ACM conference on Computer and communications security, CCS'05, pages 46-57. ACM Press, 2005.
46. N. Li, J. C. Mitchell, and W. H. Winsborough. Design of a Role-Based Trust-Management Framework. In Proc. IEEE Symposium on Security & Privacy (S&P'02), pages 114-130. IEEE, 2002.
47. L. Lu, J. Han, Y. Liu, L. Hu, J.-P. Huai, L. Ni, and J. Ma. Pseudo Trust: Zero-Knowledge Authentication in Anonymous P2Ps. IEEE Trans. on Parallel Distributed Systems, 19(10):1325-1337, 2008.
48. M. Maffei and K. Pecina. Position Paper: Privacy-Aware Proof-Carrying Authorization. In Proc. ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS'11), 2011.
49. S. Meiklejohn, C. C. Erway, A. Küpçü, T. Hinkle, and A. Lysyanskaya. ZKPDL: A Language-Based System for Efficient Zero-Knowledge Proofs and Electronic Cash. In Proc. USENIX Security Symposium (USENIX'10), pages 193-206, 2010.
50. E. Morozov. Foreign Policy: Iran's Terrifying Facebook Police. National Public Radio, 2009. http://www.npr.org/templates/story/story.php?storyId=106535773.
51. M. D. Ryan. Cloud computing privacy concerns on our doorstep. Communications of the ACM, 54:36-38, 2011.
52. N. Swamy, J. Chen, C. Fournet, K. Bharagavan, and J. Yang. Security Programming with Refinement Types and Mobile Proofs. Technical Report MSR-TR-2010-149, Microsoft Research, 2010.
53. The National Institute of Standards and Technology. Recommendataion for Key Management - Part 1: General (Revised). NIST SP, 800-57, 2011. http://csrc.nist.gov/groups/ST/toolkit/key-management.html.
54. J. A. Vaughan. A Confidentiality Extension to the Aura Programming Language. In Proc. ACM SIGPLAN workshop on Types in language design and implementation (TLDI'11). ACM Press, 2011.
55. D. Wolman. Cairo Activists Use Facebook to Rattle Regime. WIRED Magazine, 2008. http://www.wired.com/techbiz/startups/magazine/16-11/ff-facebookegypt.