a verified information flow architecture
play

A Verified Information-Flow Architecture Arthur Azevedo de Amorim, - PowerPoint PPT Presentation

Nov 30, 2022 •606 likes •1.69k views

A Verified Information-Flow Architecture Arthur Azevedo de Amorim, Nathan Collins, Andr DeHon, Delphine Demange, C at alin Hri tcu, David Pichardie, Benjamin Pierce, Randy Pollack, Andrew T olmach January 2014 1 What if we could

  1. Abstract Machine IFC side-conditions symbolically represented by Refined by Symbolic-Rule Machine IFC Rules Correctly Refined by compiled to Concrete Machine Fault Handler 25

  2. Abstract Machine IFC side-conditions symbolically represented by Refined by Symbolic-Rule Machine IFC Rules Combine hit and miss simulation lemmas Correctly Refined by compiled to Concrete Machine Fault Handler 25

  3. Symbolic Rule T able Instruction Result Label Add LAB 1 ⊔ LAB 2 Output LAB 1 . . . . . . if the current instruction is 26

  4. Symbolic Rule T able Instruction Result Label Add LAB 1 ⊔ LAB 2 Output LAB 1 . . . . . . label the result with 26

  5. Symbolic Rule T able Instruction Result Label Add LAB 1 ⊔ LAB 2 Output LAB 1 . . . . . . for Add , result is as secret as operands 26

  6. Symbolic Rule T able Instruction Result Label Add LAB 1 ⊔ LAB 2 Output LAB 1 . . . . . . for Output , use same label 26

  7. Handler Implementation and Verification 27

  8. Structured-Code Generators Structured programming instead of assembly programming ❼ Define structured-code generators as Coq functions ❼ Generators provide a structured language for the machine ( if , case , and , or , while , . . . ) ❼ Prove Hoare-logic rules for each generator 28

  9. Compiling IFC Rules Write a rule table compiler in Coq ❼ Use generators as a backend ❼ Parameterized over correct implementation of lattice primitives ❼ Compose Hoare triples to show compiler correctness 29

  10. Algorithm ❼ Fetch instruction and operand tags from faulting context ❼ Compute the result tag from this data using compiled rule table ❼ Install computed line into the cache Proven correct by composing compiler lemma with triples for the glue code 30

  11. NI Abstract Machine IFC side- conditions Refined by symbolically represented by Symbolic-Rule Machine IFC Rules Refined by Correctly compiled to Concrete Machine Fault Handler NI 31

  12. NI Abstract Machine IFC side- conditions Refined by symbolically represented by Preserved Symbolic-Rule Machine IFC Rules Refined by Correctly compiled to Concrete Machine Fault Handler NI 31

  13. What Else? 32

  14. More in the Paper Complete model includes more features ❼ Control flow and user-level procedures ❼ Block-structured memory with dynamic allocation ❼ System calls for implementing new IFC primitives ❼ Richer IFC labels (sets of principals represented as pointers to memory arrays) 33

  15. ❼ ❼ ❼ ❼ Addressed Challenges ❼ Track implicit flows 34

  16. ❼ ❼ ❼ Addressed Challenges ❼ Track implicit flows ❼ Allocation and noninterference 34

  17. ❼ ❼ Addressed Challenges ❼ Track implicit flows ❼ Allocation and noninterference ❼ Pointer values could leak secrets 34

Recommend

The Information Flow Framework: New Architecture Robert E. Kent CT 2006 Philosophy cannot

The Information Flow Framework: New Architecture Robert E. Kent CT 2006 Philosophy cannot

The Information Flow Framework: New Architecture Robert E. Kent CT 2006 Philosophy cannot become scientifically healthy without an im- mense technical vocabulary. We can hardly imagine our great- grandsons turning over the leaves of this

586 views • 26 slides
Flow++: Improving Flow-Based Generative Models with Variational Dequantization and Architecture

Flow++: Improving Flow-Based Generative Models with Variational Dequantization and Architecture

Flow++: Improving Flow-Based Generative Models with Variational Dequantization and Architecture Design Jonathan Ho*, Xi Chen*, Aravind Srinivas, Yan Duan, Pieter Abbeel Overview - Goal: likelihood-based model with Fast sampling and training -

363 views • 11 slides
May 15: Information Flow and Confinement Information flow for integrity policies Examples

May 15: Information Flow and Confinement Information flow for integrity policies Examples

May 15: Information Flow and Confinement Information flow for integrity policies Examples of information flow controls Android phone Firewalls Confinement Virtual machines May 15, 2017 ECS 235B Spring Quarter 2017 Slide

487 views • 32 slides
Information flow control 1 D. Denning and P. Denning Certification of Programs for Secure

Information flow control 1 D. Denning and P. Denning Certification of Programs for Secure

Secure Architecture Principles Information flow control 1 D. Denning and P. Denning Certification of Programs for Secure Information Flow (CACM 1976) Review Access Control Discretionary access control (DAC) Philosophy: users have

321 views • 16 slides
Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation) Boris Feigin Computer Laboratory, University of Cambridge PLID 2008 joint work with Alan Mycroft 1 / 22 Motivation Given suitable tools we

605 views • 33 slides
Disclaimer The information contained in this presentation has not been independently verified and

Disclaimer The information contained in this presentation has not been independently verified and

Disclaimer The information contained in this presentation has not been independently verified and this presentation contains various forward-looking statements that reflect managements current views with respect to future events and financial

706 views • 31 slides
IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX)

IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX)

IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX) elisa.boschi@hitachi-eu.com {boschi, zseby, mark, hirsch}@fokus.fraunhofer.de Outline Outline IPFIX Terminology Applicability Initial Goals

212 views • 19 slides
55:035 Computer Architecture and Organization Lecture 11 Outline Interrupts Program Flow

55:035 Computer Architecture and Organization Lecture 11 Outline Interrupts Program Flow

55:035 Computer Architecture and Organization Lecture 11 Outline Interrupts Program Flow Multiple Interrupts Nesting IO Architecture Bus Types Transfer Methods Disks Disk Arrays 55:035 Computer

708 views • 49 slides
Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang

Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang

Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang Pennsylvania State University University Park, PA, USA {pzl129,zhang}@cse.psu.edu Background: Information Flow Analysis o Security enforcement to prevent

379 views • 24 slides
Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j

Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j

Differential Refinement Logic Sarah M. Loos and Andr Platzer Computer Science Department Carnegie Mellon University 1 Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j p x k x i

1.97k views • 179 slides
Flow Networks Flow Network: - digraph - weights, called capacities on edges - two

Flow Networks Flow Network: - digraph - weights, called capacities on edges - two

M AXIMUM F LOW How to do it... Why you want it... Where you find it... The Tao of Flow: Let your body go with the flow. -Madonna, Vogue Maximum flow...because youre worth it. -Loreal Go with the flow, Joe.

619 views • 20 slides
Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy

Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy

Secure Information Flow ! Protecting the confidentiality of secret information Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy Blood type: AB Birth date: 9/5/46 HIV: positive ! Access control and

399 views • 10 slides
Verified Volunteers Verified Volunteers New Volunteer Screening Coordinator Irene Lazarus

Verified Volunteers Verified Volunteers New Volunteer Screening Coordinator Irene Lazarus

From the office of Texas Conference of SDA Human Resources ___________________________________ Verified Volunteers Verified Volunteers New Volunteer Screening Coordinator Irene Lazarus She will be working with every church and

279 views • 5 slides
Lecture 19: Flow and Confinement Examples of information flow applications The confinement

Lecture 19: Flow and Confinement Examples of information flow applications The confinement

Lecture 19: Flow and Confinement Examples of information flow applications The confinement problem Covert channels Isolation: virtual machines, sandboxes March 2, 2009 ECS 235B, Winter Quarter 2009 Slide #19-1 Matt Bishop, UC

322 views • 30 slides
Lollipop MR1 Verified Boot Andrew Boie Open Source Technology Center Intel Corporation Agenda

Lollipop MR1 Verified Boot Andrew Boie Open Source Technology Center Intel Corporation Agenda

Lollipop MR1 Verified Boot Andrew Boie Open Source Technology Center Intel Corporation Agenda What is Verified Boot? Description of Verified Boot Components Q&A What Is Verified Boot? Verified Boot establishes a chain of

432 views • 19 slides
ModelPlex: Verified Runtime Monitors and Verified Test Oracles for Safety of Cyber-Physical

ModelPlex: Verified Runtime Monitors and Verified Test Oracles for Safety of Cyber-Physical

ModelPlex: Verified Runtime Monitors and Verified Test Oracles for Safety of Cyber-Physical Systems Stefan Mitsch Computer Science Department, Carnegie Mellon University CPS V&V I&F Workshop 2017 May 12, 2017 joint work with Andr e

537 views • 31 slides
Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch Andr e

Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch Andr e

Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch Andr e Platzer Computer Science Department, Carnegie Mellon University CPS V&V I&F Workshop, Dec. 12, 2014 For Details, see ModelPlex paper at

504 views • 27 slides
Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified Cryptographic Web Applications in WASM May. 22 st , 2019 1 / 22 in WebAssembly Jonathan Protzenko Microsoft Research Benjamin Beurdouche INRIA

1.5k views • 57 slides
Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Roberto Guanciale Mads Dam Hamed Nemati Christoph Baumann Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified Platforms Caches Excluded Formally Verified from the analysis Platforms Caches Excluded

675 views • 64 slides
Flow Splitting in Tng, a Next-Generation Transport Architecture Bryan Ford Janardhan Iyengar

Flow Splitting in Tng, a Next-Generation Transport Architecture Bryan Ford Janardhan Iyengar

Flow Splitting in Tng, a Next-Generation Transport Architecture Bryan Ford Janardhan Iyengar Max Planck Institute Franklin & Marshall for Software Systems College and Yale University jiyengar@fandm.edu baford@mpi-sws.org

476 views • 36 slides
Design and Implementatjon of a Dynamic Informatjon Flow Tracking Architecture to Secure a RISC-V

Design and Implementatjon of a Dynamic Informatjon Flow Tracking Architecture to Secure a RISC-V

Design and Implementatjon of a Dynamic Informatjon Flow Tracking Architecture to Secure a RISC-V Core for IoT Applicatjons Christjan Palmiero , Giuseppe Di Guglielmo , Luciano Lavagno , Luca P. Carloni Politecnico Di Torino

218 views • 18 slides
NCP/RFO Data flow Architecture block diagram NCP NCP Files.xls ADO VBA e 2.5 v i r e D

NCP/RFO Data flow Architecture block diagram NCP NCP Files.xls ADO VBA e 2.5 v i r e D

NCP/RFO Data flow Architecture block diagram NCP NCP Files.xls ADO VBA e 2.5 v i r e D c d r u o o r s p P C N Capacity Planning Database pro d A A c c t t i i o o p n r n o L d o l o g D g r r d

57 views • 4 slides
Information Flow Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security

Information Flow Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security

Information Flow Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security Information Flow 3 Many security requirements can be formulated as what information flow is allowed/disallowed E.g., confidential data should not

478 views • 27 slides
VeriPhy: Verified Controller Executables from Verified Cyber-Physical System Models Brandon Bohrer

VeriPhy: Verified Controller Executables from Verified Cyber-Physical System Models Brandon Bohrer

VeriPhy: Verified Controller Executables from Verified Cyber-Physical System Models Brandon Bohrer 1 , Yong Kiam Tan 1 , Stefan Mitsch 1 , Magnus O. Myreen 2 , and Andr e Platzer 1 Carnegie Mellon University 1 Chalmers University of Technology 2

672 views • 44 slides

More recommend