a acker knowledge
play

A/acker'Knowledge ' Frdric'Besson,'Nataliia'Bielova ,' Thomas'Jensen' - PowerPoint PPT Presentation

Nov 07, 2022 •295 likes •677 views

Hybrid'Monitoring'of'' A/acker'Knowledge ' Frdric'Besson,'Nataliia'Bielova ,' Thomas'Jensen' INRIA' ' IEEE'Computer'Security'Founda@ons'2016' June'29,'2016' ' Informa@on'flow'control'' Quan=ta=ve' Noninterference' A/ackers'knowledge'

  1. Hybrid'Monitoring'of'' A/acker'Knowledge ' Frédéric'Besson,'Nataliia'Bielova ,' Thomas'Jensen' INRIA' ' IEEE'Computer'Security'Founda@ons'2016' June'29,'2016' '

  2. Informa@on'flow'control'' Quan=ta=ve' Noninterference' A/acker’s'knowledge' Informa=on'Flow' Secret'input'does' What'informa@on'about' How'much'informa@on' not'flow'into' the'secret'is'flown'to'the' (in'bits)'about'secret'a' public'output' output'in'concrete' program'leaks'to'the' program'execu@on?' output?' 2'

  3. Informa@on'flow'control'' Quan=ta=ve' Noninterference' A/acker’s'knowledge' Informa=on'Flow' Secret'input'does' What'informa@on'about' How'much'informa@on' not'flow'into' the'secret'is'flown'to'the' (in'bits)'about'secret'a' public'output' output'in'concrete' program'leaks'to'the' program'execu@on?' output?' 3'

  4. A'program'which'is'not'secure' if h1 = 1 then x = 1 else skip; if h2 = 1 then l = 1 else l = x; output l [l=1,' x=0 ]' [l=1,' x=1 ]' h1=0 � h2=0' 1' 1' 0' set'of' secure 'execu@ons'' set'of' insecure 'execu@ons'' star@ng'with'l=1,'x=1' star@ng'with'l=1,'x=0' ' ' 4'

  5. Security'Defini@on' • TINI:'Termina=onHInsensi=ve'Noninterference' ! Program'P'is'TINI'if'for'all'lowZequivalence'classes:' [l'='1]' [l'='0]' � ' 1' 1' secure 'execu@ons'' secure 'execu@ons'' 5'

  6. What'does'an'a^acker'learn?' if h1 = 1 then x = 1 else skip; if h2 = 1 then l = 1 else l = x; output l [l=1,'x=0]' h1=0 � h2=0' 0' 1' insecure 'execu@ons'' ' 6'

  7. What'does'an'a^acker'learn?' if h1 = 1 then x = 1 else skip; if h2 = 1 then l = 1 else l = x; output l [l=1,'x=0]' h1=0 � h2=0' 0' 1' h1=0 � h2=0' a^acker'knows'' insecure 'execu@ons'' values'of'both'secrets' ' 7'

  8. What'does'an'a^acker'learn?' if h1 = 1 then x = 1 else skip; if h2 = 1 then l = 1 else l = x; output l [l=1,'x=0]' h1=0 � h2=0' 0' 1' h1=0 � h2=0' h1=1 � h2=1 a^acker'knows'' a^acker'knows'' insecure 'execu@ons'' values'of'both'secrets' some'informa=on' ' about'secrets' 8'

  9. A'program'which'is'secure' l = 0; [l'='0]' if h = 1 then skip else h=0' h'='1' 0' x = 5; while x > 0 do x = x-1; l = x; output l secure 'execu@ons'' • Does'any'dynamic/hybrid'monitor'accept'all' execu=ons'of'this'program?' 9'

  10. A'program'which'is'secure' Dynamic'[h=0]' Hybrid'[h=1]' … … l = 0; branch'taken' if h = 1 then skip branch'taken' sta@c'analysis'' else block'execu@on' … ' x = 5; due'to'low' block'execu@on'since' while x > 0 do assignment'in' l 'could'be'modified' x = x-1; l = x; high'context' in'elseZbranch' output l • Dynamic'monitors'block'too'early'' ! [Zdancewic'’02,'Aus@n'and'Flanagan'’10]'' • Hybrid'monitors'block'due'to'imprecision'of'sta=c'analysis' ! [Le'Guernic'‘07,'Russo'and'Sabelfeld'’10,'Besson'et'al'‘13]' 10'

  11. Challenges' • How'to'track'a/acker’s'knowledge?' • How'to'make'a'monitor'accept'more'secure' execu=ons?' Answer:'' Hybrid'monitoring'of'a/acker’s'knowledge' 11'

  12. Hybrid'monitor' Dynamic'+'Sta=c'analysis' • Dynamic'analysis'monitors'one'execu@on' • Sta@c'analysis'is'called'onZtheZfly'for'nonZexecuted' branches' • Two'sets'of'rules:'one'for'dynamic'+'one'for'sta@c' 12'

  13. Hybrid'monitor' (P,#! ," .)#⇓##(!’ ," .’) • !,#!’:#Env#∪#{·}# • .,#.’#:#Var#→#K## K## labeling with knowledge • Env## for dynamic analysis • ·## for static analysis 13'

  14. Expressive'knowledge'domain' .:#Var#→#K • .(x)# splits'the'ini@al'environments'in'equivalence'classes' w.r.t.'the'possible'values'of' x ⊤#( unknown value ) [l'='0]' .(x)#: ' 1 ' 0 insecure 'execu@ons'' ' 14'

  15. Expressive'knowledge'domain' .:#Var#→#K K#≜#Env#→#Value#∪#{⊤,#⊥} • .(x)(!)#=#B## if the program terminates then x# has value B • .(x)(!)#=#⊤ no information ( x# can have any value) • .(x)(!)#=#⊥# the program certainly does not terminate on !# ' 15'

  16. REAL'KNOWLEDGE' [h1'='0,'h2'='1]' [l'='0,'x=0]' if h1 = 1 then x = 1 else skip; if h2 = 1 then l = 1 0' 1' else l = x; output l 16'

  17. REAL'KNOWLEDGE' [h1'='0,'h2'='1]' [l'='0,'x=0]' if h1 = 1 then x = 1 else skip; if h2 = 1 then l = 1 0' 1' else l = x; output l .( x ):# ' .( l ):# ' 0 0 17'

  18. REAL'KNOWLEDGE' [h1'='0,'h2'='1]' [l'='0,'x=0]' if h1 = 1 then x = 1 else skip; if h2 = 1 then l = 1 0' 1' else l = x; output l .( x ):# ' .( l ):# ' 0 0 18'

  19. REAL'KNOWLEDGE' [h1'='0,'h2'='1]' sta=c'analysis' [l'='0,'x=0]' if h1 = 1 then x = 1 else skip; if h2 = 1 then l = 1 0' 1' else l = x; output l The'result'of'sta=c'analysis'' only'applies'to'environments' where'h1=1' .( x ):# ' .( l ):# ' 0 0 19'

  20. REAL'KNOWLEDGE' [h1'='0,'h2'='1]' sta=c'analysis' [l'='0,'x=0]' if h1 = 1 then x = 1 else skip; if h2 = 1 then l = 1 0' 1' else l = x; output l .( x ):# ' .( l ):# ' 1 0 0 20'

  21. REAL'KNOWLEDGE' [h1'='0,'h2'='1]' [l'='0,'x=0]' if h1 = 1 then x = 1 else skip; if h2 = 1 then l = 1 0' 1' else l = x; output l .( x ):# ' .( l ):# ' 1 0 0 21'

  22. REAL'KNOWLEDGE' [h1'='0,'h2'='1]' [l'='0,'x=0]' if h1 = 1 then x = 1 else skip; if h2 = 1 then l = 1 0' 1' sta=c'analysis' else l = x; output l The'result'of'sta=c'analysis'' only'applies'to'environments' where'h2=0' .( x ):# ' .( l ):# ' 1 0 0 22'

  23. REAL'KNOWLEDGE' [h1'='0,'h2'='1]' [l'='0,'x=0]' if h1 = 1 then x = 1 else skip; if h2 = 1 then l = 1 0' 1' sta=c'analysis' else l = x; output l The'new'knowledge'in'these'' environments'comes'from'the'' knowledge'of'x' .( x ):# ' .( l ):# ' 1 0 0 23'

  24. REAL'KNOWLEDGE' [h1'='0,'h2'='1]' [l'='0,'x=0]' if h1 = 1 then x = 1 else skip; if h2 = 1 then l = 1 0' 1' sta=c'analysis' else l = x; output l The'new'knowledge'in'these'' environments'comes'from'the'' knowledge'of'x' .( x ):# ' .( l ):# ' 1 0 0 24'

  25. REAL'KNOWLEDGE' [h1'='0,'h2'='1]' [l'='0,'x=0]' if h1 = 1 then x = 1 else skip; if h2 = 1 then l = 1 0' 1' sta=c'analysis' else l = x; output l The'new'knowledge'in'these'' environments'comes'from'the'' knowledge'of'x' 1 .( x ):# ' .( l ):# ' 1 0 0 25'

  26. REAL'KNOWLEDGE' [h1'='0,'h2'='1]' [l'='0,'x=0]' if h1 = 1 then x = 1 else skip; if h2 = 1 then l = 1 0' 1' else l = x; output l The'knowledge'in'current'' execu=on'applies'to'environments'' where'h2=1' 1 .( x ):# ' .( l ):# ' 1 0 0 26'

  27. REAL'KNOWLEDGE' [h1'='0,'h2'='1]' [l'='0,'x=0]' if h1 = 1 then x = 1 else skip; if h2 = 1 then l = 1 0' 1' else l = x; output l The'knowledge'in'current'' execu=on'applies'to'environments'' where'h2=1' .( x ):# ' .( l ):# ' 1 1 0 0 27'

  28. REAL'KNOWLEDGE' [h1'='0,'h2'='1]' [l'='0,'x=0]' if h1 = 1 then x = 1 else skip; if h2 = 1 then l = 1 0' 1' else l = x; output l .( x ):# ' .( l ):# ' 1 1 0 0 28'

  29. REAL'KNOWLEDGE' [h1'='0,'h2'='1]' [l'='0,'x=0]' if h1 = 1 then x = 1 else skip; if h2 = 1 then l = 1 0' 1' else l = x; output l .( x ):# ' .( l ):# ' 1 1 0 0 29'

  30. REAL'KNOWLEDGE' [h1'='0,'h2'='1]' [l'='0,'x=0]' if h1 = 1 then x = 1 else skip; if h2 = 1 then l = 1 0' 1' else l = x; output l REAL'KNOWLEDGE' ='' APPROXIMATED'KNOWLEDGE'' .( x ):# ' .( l ):# ' 1 1 0 0 30'

  31. Implementa@on' • Symbolic'representa@on'of'knowledge' K � #⊂#D(E×G)#×#E proposi=onal'formulas' program'expressions' • (f,#e)#∈#E×G# returns'the'value'of' e# when #f# holds'in' !: ! if##⟦f⟧ !# then#⟦e⟧ !# else#⊤ • ɸ #∈#E# specifies'when'the'knowledge'is' ⊥ ! if##⟦ ɸ ⟧ !# then#⊥# ' 31'

  32. Result'1:'Correctness'guarantee' • Hybrid'monitor'overZapproximates'a^acker’s'knowledge' [public'='0]' APPROXIMATED'' REAL'' 0' 1' KNOWLEDGE' KNOWLEDGE' h1=1 � h2=1 h1= 1 insecure 'execu@ons'' ' 32'

  33. Result'2:'Precision' [h1=0,'h2=1,'l=0,'x=0]' if h1 = 1 then x = 1 else skip; if h2 = 1 then l = 1 else l = x; output l [l='0,'x=0]' 0' 1' APPROXIMATED'' REAL'' KNOWLEDGE' KNOWLEDGE' h1 = 1 � h2 = 1 h1 = 1 � h2 = 1 insecure 'execu@ons'' ' 33'

  34. Result'3:'Enforcement'of' noninterference' [h=1,'x=1,'y=0]' if h = 1 then l = x + y; ACCEPTED' else l = x - y; output l [x=1,'y=0]' APPROXIMATED'' REAL'' 1' KNOWLEDGE' KNOWLEDGE' no knowledge no knowledge 1 secure 'execu@ons'' 34'

  35. Result'4:'Provably'more'' permissive'monitor' l = 0; [l'='0]' if h = 1 then skip else h'='0' h'='1' 0' x = 5; while x > 0 do x = x-1; l = x; output l secure 'execu@ons'' Our'monitor'combined'with'inlined'dynamic'monitor' accepts'all'execu=ons'of'this'secure'program' (More'details'in'the'paper)' 35'

  36. Conclusions' • Hybrid'monitor'tracks'a/acker’s'knowledge'' ! more'precise'than'[Besson'et'al.'CSF’13]' ! modeled'and'proved'correct' ! enforces'noninterference'(TINI)' ! has'running'prototype'' • Combina=on'with'another'monitor' ! proved'sound'(TINI)'' ! proved'more'permissive'than'previous'monitors' 36'

  37. Postdoc'posi@on' • Informa=on'flow'control' • Security'monitors'and'type'systems' • Soundness'and'permissiveness' • Star@ng'date:'flexible,'Nov'2016'–'Jun'2017' • Dura@on:'1'year' • Loca@on:'INRIA'Sophia'An@polis'(Nice,'France)' 37'

  38. Conclusions' • Hybrid'monitor'tracks'a/acker’s'knowledge'' ! more'precise'than'[Besson'et'al.’13]' ! modeled'and'proved'correct' ! enforces'noninterference'(TINI)' ! has'running'prototype'' • Combina=on'with'another'monitor' ! proved'sound'(TINI)'' ! proved'more'permissive' 38'

Recommend

Jam ames G. Acker r an and Erik Doud uds Background: Mouth of the Orinoco River Overview We

Jam ames G. Acker r an and Erik Doud uds Background: Mouth of the Orinoco River Overview We

Using g Giovanni anni with Tri-Pl Plot ot to Creat ate a S a Simple Ternar ary Optical al Clas assifica cation tion Sy Syste tem m for r Ocean an Su Surface ace Wat aters Jam ames G. Acker r an and Erik Doud uds

337 views • 11 slides
THE (IN)SECURITY OF FILE HOSTING SERVICES Nick Nikiforakis, Marco Balduzzi Steven Van Acker,

THE (IN)SECURITY OF FILE HOSTING SERVICES Nick Nikiforakis, Marco Balduzzi Steven Van Acker,

THE (IN)SECURITY OF FILE HOSTING SERVICES Nick Nikiforakis, Marco Balduzzi Steven Van Acker, Wouter Joosen, Davide Balzarotti OWASP Netherland Chapter Meeting 6th July 2011 Sharing is caring Internet expanding More users More Web

548 views • 30 slides
social change through conservation programs Presented by Cherise Acker-Cooper 28 May 2018

social change through conservation programs Presented by Cherise Acker-Cooper 28 May 2018

Promoting positive social change through conservation programs Presented by Cherise Acker-Cooper 28 May 2018 Threatened Amphibian Programme Elevate the conservation importance of frogs and their freshwater and associated terrestrial

458 views • 21 slides
Employment Updates Acacia McGuire Anderson Statewide Employment First Coordinator Tim Acker

Employment Updates Acacia McGuire Anderson Statewide Employment First Coordinator Tim Acker

Employment Updates Acacia McGuire Anderson Statewide Employment First Coordinator Tim Acker Project Manager Allison Enriquez Employment Policy Lead Gene Rada Employment Training Lead Presentation Outline Review of new(ish) policies and

408 views • 23 slides
Viden: iden: Attac acker er Ident dentif ifica ication ion on on In- n- Vehic ehicle

Viden: iden: Attac acker er Ident dentif ifica ication ion on on In- n- Vehic ehicle

Viden: iden: Attac acker er Ident dentif ifica ication ion on on In- n- Vehic ehicle le Net Networ orks ks Kyong-Tak Cho and Kang G. Shin 1 Cont ontent ent Mo%va%on CAN Viden Evalua%on Drawback Future Work 2

448 views • 27 slides
Wavefunctions in chaotic quantum systems Arnd B acker Institut f ur Theoretische Physik

Wavefunctions in chaotic quantum systems Arnd B acker Institut f ur Theoretische Physik

Wavefunctions in chaotic quantum systems Arnd B acker Institut f ur Theoretische Physik TU Dresden www.physik.tu-dresden.de/baecker Lund, January 2004 I Introduction Aim Overview on properties of eigenfunctions in chaotic

1.09k views • 106 slides
Mitral Valve Repair versus Replacement for Severe Ischemic Mitral Regurgitation Michael Acker,

Mitral Valve Repair versus Replacement for Severe Ischemic Mitral Regurgitation Michael Acker,

Mitral Valve Repair versus Replacement for Severe Ischemic Mitral Regurgitation Michael Acker, MD For the CTSN Investigators AHA November 2013 Acknowledgements Supported by U01 HL088942 Cardiothoracic Surgical Trials Network (CTSN)

484 views • 22 slides
File Hosting Services Nick Nikiforakis Marco Balduzzi Steven Van Acker Wouter Joosen Davide

File Hosting Services Nick Nikiforakis Marco Balduzzi Steven Van Acker Wouter Joosen Davide

Exposing the Lack of Privacy in File Hosting Services Nick Nikiforakis Marco Balduzzi Steven Van Acker Wouter Joosen Davide Balzarotti LEET 2011 Sharing is caring Internet expanding More users More Web services More Web

784 views • 30 slides
KNOWLEDGE ACQUISITION AND CONSTRUCTION Transfer of Knowledge Knowledge acquisition is the

KNOWLEDGE ACQUISITION AND CONSTRUCTION Transfer of Knowledge Knowledge acquisition is the

KNOWLEDGE ACQUISITION AND CONSTRUCTION Transfer of Knowledge Knowledge acquisition is the process of extracting knowledge from whatever source including document, manuals, case studies, etc. Knowledge elicitation is a type of the

373 views • 26 slides
Giovanni: Examining NASA Remote- Sensing Data for Public Health James G. Acker, NASA GES DISC /

Giovanni: Examining NASA Remote- Sensing Data for Public Health James G. Acker, NASA GES DISC /

Giovanni: Examining NASA Remote- Sensing Data for Public Health James G. Acker, NASA GES DISC / Adnet Inc. Radina Soebiyanto, USRA August 27, 2013 2 nd Symposium on Advances in Geospatial Technologies for Health MEDGEO 2013 1 Giovanni is

1.49k views • 50 slides
Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In

Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In

Short Pairing-based Non-interactive Zero-knowledge Arguments Proving circuit satisfaibility in zero-knowledge Zero-knowledge In a zero knowledge protocol a prover can convince a verifier that some statement is true without leaking any side

628 views • 14 slides
Knowledge-Based Agents knowledge knowledge representation, knowledge base, types of knowledge

Knowledge-Based Agents knowledge knowledge representation, knowledge base, types of knowledge

CPE/CSC 580-S06 Artificial Intelligence Intelligent Agents Knowledge-Based Agents knowledge knowledge representation, knowledge base, types of knowledge wumpus world example of knowledge-based agents knowledge representation language

325 views • 31 slides
OUTLINE CAPITALIZATION OF COLLECTIVE KNOWLEDGE: Knowledge management and Knowledge

OUTLINE CAPITALIZATION OF COLLECTIVE KNOWLEDGE: Knowledge management and Knowledge

OUTLINE CAPITALIZATION OF COLLECTIVE KNOWLEDGE: Knowledge management and Knowledge Engineering FROM KNOWLEDGE Definitions ENGINEERING, MULTI- Process AGENTS TO CSCW AND SOCIO Knowledge Capitalization approaches Cooperative

976 views • 51 slides
Plan for today Knowledge-based systems 1 Tacit knowledge Knowledge Representation Inferred

Plan for today Knowledge-based systems 1 Tacit knowledge Knowledge Representation Inferred

Knowledge Representation Knowledge Representation Plan for today Knowledge-based systems 1 Tacit knowledge Knowledge Representation Inferred knowledge Domain-specific stuff A very brief intro Changing premises Uncertainty Jacek Malec

265 views • 13 slides
Plan for today Knowledge-based systems 1 Explicit knowledge Knowledge Representation Inferred

Plan for today Knowledge-based systems 1 Explicit knowledge Knowledge Representation Inferred

Knowledge Representation Knowledge Representation Plan for today Knowledge-based systems 1 Explicit knowledge Knowledge Representation Inferred knowledge Domain-specific stuff A very brief intro Changing premises Uncertainty Jacek Malec

179 views • 13 slides
Knowledge-based Agents Can represent knowledge And reason with this knowledge CS 331:

Knowledge-based Agents Can represent knowledge And reason with this knowledge CS 331:

Knowledge-based Agents Can represent knowledge And reason with this knowledge CS 331: Artificial Intelligence How is this different from the knowledge Propositional Logic I used by problem-specific agents? More general More

221 views • 9 slides
CORRECT? Introduction Working hypothesis Observations: Hypothesis: Human intelligence

CORRECT? Introduction Working hypothesis Observations: Hypothesis: Human intelligence

The Knowledge Representation Hypothesis (Brian Smith, 1982): IT3706 Knowledge Representation An intelligent systems competence is Rodney Brooks: determined by its knowledge. Knowledge without The knowledge is contained within

405 views • 5 slides
Knowledge Model Basics Challenges in knowledge modeling Basic knowledge-modeling constructs

Knowledge Model Basics Challenges in knowledge modeling Basic knowledge-modeling constructs

Knowledge Model Basics Challenges in knowledge modeling Basic knowledge-modeling constructs Comparison to general software analysis Knowledge model specialized tool for specification of knowledge- intensive tasks abstracts from

758 views • 44 slides
Recording the Knowledge Footprints February 4, 2015 The Knowledge Problem Those who cannot

Recording the Knowledge Footprints February 4, 2015 The Knowledge Problem Those who cannot

Recording the Knowledge Footprints February 4, 2015 The Knowledge Problem Those who cannot remember the past are condemned to repeat it. George Santayana 2 7 Myths of Knowledge Management Knowledge management is about knowledge

422 views • 19 slides
Building Knowledge & Networking Capacities How to Succeed and Fail at Knowledge Sharing

Building Knowledge & Networking Capacities How to Succeed and Fail at Knowledge Sharing

Building Knowledge & Networking Capacities How to Succeed and Fail at Knowledge Sharing Cheryl Cooper, Applied Wisdom International Knowledge & Learning Consultant CherylAppliedWisdom@gmail.com Since 2002... Strategic Knowledge

490 views • 23 slides
Knowledge Management KNOWLEDGE INSPIRED INNOVATION An investment in knowledge always pays the

Knowledge Management KNOWLEDGE INSPIRED INNOVATION An investment in knowledge always pays the

KAIETEUR INSTITUTE FOR KNOWLEDGE MANAGEMENT Kaieteur Institute for Knowledge Management KNOWLEDGE INSPIRED INNOVATION An investment in knowledge always pays the best interest. Benjamin Franklin US author, diplomat, inventor, physicist,

1.09k views • 66 slides
Dog Knowledge The 3rd pillar of the Dog Program Index What is Dog knowledge? Topics

Dog Knowledge The 3rd pillar of the Dog Program Index What is Dog knowledge? Topics

Dog Knowledge The 3rd pillar of the Dog Program Index What is Dog knowledge? Topics Studying Sources Making study guides Quiz bowl Introduction Knowledge Tests Ticket to Big-E 2 Topics The curriculum for 4-H

229 views • 20 slides
707.009 Foundations of Knowledge Management g g Participative Knowledge Acquisition

707.009 Foundations of Knowledge Management g g Participative Knowledge Acquisition

Knowledge Management Institute 707.009 Foundations of Knowledge Management g g Participative Knowledge Acquisition Methods Markus Strohmaier Univ. Ass. / Assistant Professor Knowledge Management Institute Graz University of

599 views • 46 slides
Week 4 Video 2 Knowledge Inference: Bayesian Knowledge Tracing Bayesian Knowledge Tracing (BKT)

Week 4 Video 2 Knowledge Inference: Bayesian Knowledge Tracing Bayesian Knowledge Tracing (BKT)

Week 4 Video 2 Knowledge Inference: Bayesian Knowledge Tracing Bayesian Knowledge Tracing (BKT) The classic approach for measuring tightly defined skill in online learning First proposed by Richard Atkinson Most thoroughly

902 views • 45 slides

More recommend