disjunction category labels
play

Disjunction Category Labels Deian Stefan, Alejandro Russo, David - PowerPoint PPT Presentation

Feb 24, 2024 •44 likes •564 views

Disjunction Category Labels Deian Stefan, Alejandro Russo, David Mazires, John Mitchell NordSec 2011 Motivating Example Bob Speadsheet WebTax Public Network Proprietary DB Motivating Example Bob does not trust WebTax WebTax can

  1. Disjunction Category Labels Deian Stefan, Alejandro Russo, David Mazières, John Mitchell NordSec 2011

  2. Motivating Example Bob Speadsheet WebTax Public Network Proprietary DB

  3. Motivating Example • Bob does not trust WebTax ➤ WebTax can exfiltrated his data Bob • WebTax author does not trust Bob Speadsheet WebTax ➤ Bob can learn proprietary information by inspecting code • WebTax author want to prevent Public Network Proprietary DB leaks due to bugs

  4. Motivating Example • Bob does not trust WebTax ➤ WebTax can exfiltrated his data Bob • WebTax author does not trust Bob Speadsheet WebTax ➤ Bob can learn proprietary information by inspecting code • WebTax author want to prevent Public Network Proprietary DB leaks due to bugs

  5. Motivating Example • Bob does not trust WebTax ➤ WebTax can exfiltrated his data Bob • WebTax author does not trust Bob Speadsheet WebTax ➤ Bob can learn proprietary information by inspecting code • WebTax author want to prevent Public Network Proprietary DB leaks due to bugs

  6. Motivating Example • Bob does not trust WebTax ➤ WebTax can exfiltrated his data Bob • WebTax author does not trust Bob Speadsheet WebTax ➤ Bob can learn proprietary information by inspecting code • WebTax author want to prevent Public Network Proprietary DB leaks due to bugs

  7. Motivating Example • Bob does not trust WebTax ➤ WebTax can exfiltrated his data Bob • WebTax author does not trust Bob Speadsheet WebTax ➤ Bob can learn proprietary information by inspecting code • WebTax author want to prevent Public Network Proprietary DB leaks due to bugs How do we address security in the presence of mutual-distrust?

  8. Information Flow Control Well-established approach to enforcing security • ➤ Confidentiality: prevent unwanted leaks ➤ Integrity: prevent flows to critical operations Decentralized IFC addresses mutual distrust • Suitable for executing untrustworthy code • ➤ Policies specify where data can flow

  9. Example with IFC Policy: observable by Bob cannot be exfiltrated to network Bob Speadsheet WebTax Policy: observable by WebTax author Public Network Proprietary DB

  10. IFC Policies How are policies specified? • ➤ Associating a label with every piece of data Labels form a lattice over can-flow-to relation ⊑ • ➤ E.g., Bob’s data cannot flow to network ⋢ Policies are enforced at every possible flow • WebTax

  11. IFC Policies How are policies specified? • ➤ Associating a label with every piece of data Labels form a lattice over can-flow-to relation ⊑ • ➤ E.g., Bob’s data cannot flow to network ⋢ Policies are enforced at every possible flow • ⊑ ? WebTax

  12. IFC Policies How are policies specified? • ➤ Associating a label with every piece of data Labels form a lattice over can-flow-to relation ⊑ • ➤ E.g., Bob’s data cannot flow to network ⋢ Policies are enforced at every possible flow • ⋢ ✗ WebTax

  13. Motivation for DC Labels Existing DIFC systems use ad-hoc label formats • ➤ DLM, Asbestos/HiStar, DStar, Flume, etc. all present their own label format Most labels have not been formalized • Some rely on centralized components • Need simple, sound, expressive & • decentralized label format ➠ DC Labels

  14. DC Labels 〈 S , I 〉 Components S and I are formulas over principals • ➤ Components impose restrictions on data flow Principal is a source of authority (e.g., Bob) • Restrictions: • ➤ S and I are minimal (sorted) formulas in CNF ➤ Neither S nor I contain negated terms

  15. DC Labels 〈 S , I 〉 Secrecy component S: • ➤ Specifies principals allowed or whose consent is necessary to observe the data Integrity component I : • ➤ Specifies principals that created or are allowed to modify the data

  16. Example with DC Labels Policy: observable by Bob Bob Speadsheet WebTax Policy: observable by WebTax author Public Network Proprietary DB

  17. Example with DC Labels Policy: observable by Bob 〈 {Bob}, {Bob} 〉 Bob Speadsheet WebTax 〈 {Preparer}, {Preparer} 〉 Policy: observable by WebTax author Public Network Proprietary DB

  18. Example with DC Labels Policy: Bob created & observable by Bob vouches for data 〈 {Bob}, {Bob} 〉 Bob Speadsheet WebTax Preparer created 〈 {Preparer}, {Preparer} 〉 & vouches for data Policy: observable by WebTax author Public Network Proprietary DB

  19. A more interesting label 〈 {(Bob ⋁ Alice) ⋀ User}, {Bob ⋁ Alice} 〉

  20. A more interesting label Policy: created/modified by Bob or Alice 〈 {(Bob ⋁ Alice) ⋀ User}, {Bob ⋁ Alice} 〉

  21. A more interesting label Policy: created/modified by Bob or Alice 〈 {(Bob ⋁ Alice) ⋀ User}, {Bob ⋁ Alice} 〉 Policy I: Policy II: observable by Bob observable by or Alice User (group) ➠ Policy: observable by Bob or Alice, given the consent the User group (or vice versa)

  22. A more interesting label “categories” Policy: created/modified by Bob or Alice 〈 {(Bob ⋁ Alice) ⋀ User}, {Bob ⋁ Alice} 〉 Policy I: Policy II: observable by Bob observable by or Alice User (group) ➠ Policy: observable by Bob or Alice, given the consent the User group (or vice versa)

  23. General observations … Secrecy: {(A ⋁ B) ⋀ C ⋀ } • ➤ Disjunction ➠ allows more readers ➤ Conjunction ➠ more restrictions ∴ more secret … Integrity: {(A ⋁ B) ⋀ C ⋀ } • ➤ Disjunction ➠ allows more writers ➤ Conjunction ➠ more restrictions ∴ trustworthy

  24. Enforcing IFC Data may flow from one entity to another iff • ➤ it accumulates more secrecy restrictions ➤ it losses integrity restrictions S 2 ⟹ S 1 I 1 ⟹ I 2 〈 S 1 , I 1 〉 ⊑ 〈 S 2 , I 2 〉

  25. Enforcing IFC Data may flow from one entity to another iff • ➤ it accumulates more secrecy restrictions ➤ it losses integrity restrictions Principal’s whose consent is needed S 2 ⟹ S 1 I 1 ⟹ I 2 to observe S 2 must include those of S 1 〈 S 1 , I 1 〉 ⊑ 〈 S 2 , I 2 〉

  26. Enforcing IFC Data may flow from one entity to another iff • ➤ it accumulates more secrecy restrictions ➤ it losses integrity restrictions Principal’s whose Dual of secrecy. consent is needed I 2 must be less S 2 ⟹ S 1 I 1 ⟹ I 2 to observe S 2 restricting than I 1 must include those of S 1 〈 S 1 , I 1 〉 ⊑ 〈 S 2 , I 2 〉

  27. Example of label relations Secrecy 〈 {Alice ⋁ Bob}, True 〉 〈 {Alice ⋁ Bob ⋁ Charlie}, True 〉 〈 {Alice ⋁ Bob}, True 〉 〈 {Alice ⋀ Dan}, True 〉 〈 {Alice ⋀ Bob}, True 〉 〈 {Alice}, True 〉

  28. Example of label relations Secrecy ✗ 〈 {Alice ⋁ Bob}, True 〉 〈 {Alice ⋁ Bob ⋁ Charlie}, True 〉 〈 {Alice ⋁ Bob}, True 〉 〈 {Alice ⋀ Dan}, True 〉 〈 {Alice ⋀ Bob}, True 〉 〈 {Alice}, True 〉

  29. Example of label relations Secrecy ✗ 〈 {Alice ⋁ Bob}, True 〉 〈 {Alice ⋁ Bob ⋁ Charlie}, True 〉 ✓ 〈 {Alice ⋁ Bob}, True 〉 〈 {Alice ⋀ Dan}, True 〉 〈 {Alice ⋀ Bob}, True 〉 〈 {Alice}, True 〉

  30. Example of label relations Secrecy ✗ 〈 {Alice ⋁ Bob}, True 〉 〈 {Alice ⋁ Bob ⋁ Charlie}, True 〉 ✓ 〈 {Alice ⋁ Bob}, True 〉 〈 {Alice ⋀ Dan}, True 〉 ✗ 〈 {Alice ⋀ Bob}, True 〉 〈 {Alice}, True 〉

  31. Example of label relations Integrity 〈 True , {Alice ⋁ Bob} 〉 〈 True , {Alice ⋁ Bob ⋁ Charlie} 〉 〈 True , {Alice} 〉 〈 True , {Alice ⋁ Bob} 〉 〈 True , {Alice} 〉 〈 True , {Alice ⋀ Bob} 〉

  32. Example of label relations Integrity ✓ 〈 True , {Alice ⋁ Bob} 〉 〈 True , {Alice ⋁ Bob ⋁ Charlie} 〉 〈 True , {Alice} 〉 〈 True , {Alice ⋁ Bob} 〉 〈 True , {Alice} 〉 〈 True , {Alice ⋀ Bob} 〉

  33. Example of label relations Integrity ✓ 〈 True , {Alice ⋁ Bob} 〉 〈 True , {Alice ⋁ Bob ⋁ Charlie} 〉 ✓ 〈 True , {Alice} 〉 〈 True , {Alice ⋁ Bob} 〉 〈 True , {Alice} 〉 〈 True , {Alice ⋀ Bob} 〉

  34. Example of label relations Integrity ✓ 〈 True , {Alice ⋁ Bob} 〉 〈 True , {Alice ⋁ Bob ⋁ Charlie} 〉 ✓ 〈 True , {Alice} 〉 〈 True , {Alice ⋁ Bob} 〉 ✗ 〈 True , {Alice} 〉 〈 True , {Alice ⋀ Bob} 〉

  35. DC Labels form a lattice Combining differently labeled data ➠ join ⊔ • 〈 S 1 , I 1 〉 ⊔ 〈 S 2 , I 2 〉 = 〈 S 1 ⋀ S 2 , I 1 ⋁ I 2 〉 Writing to differently labeled entities ➠ meet ⊓ • ➤ Dual of join: 〈 S 1 , I 1 〉 ⊓ 〈 S 2 , I 2 〉 = 〈 S 1 ⋁ S 2 , I 1 ⋀ I 2 〉

  36. DC Labels form a lattice Combining differently labeled data ➠ join ⊔ • Need consent of principals in S 1 and S 2 to observe data 〈 S 1 , I 1 〉 ⊔ 〈 S 2 , I 2 〉 = 〈 S 1 ⋀ S 2 , I 1 ⋁ I 2 〉 Writing to differently labeled entities ➠ meet ⊓ • ➤ Dual of join: 〈 S 1 , I 1 〉 ⊓ 〈 S 2 , I 2 〉 = 〈 S 1 ⋁ S 2 , I 1 ⋀ I 2 〉

  37. DC Labels form a lattice Combining differently labeled data ➠ join ⊔ • Principals of I 1 or I 2 could Need consent of principals in have created the data S 1 and S 2 to observe data 〈 S 1 , I 1 〉 ⊔ 〈 S 2 , I 2 〉 = 〈 S 1 ⋀ S 2 , I 1 ⋁ I 2 〉 Writing to differently labeled entities ➠ meet ⊓ • ➤ Dual of join: 〈 S 1 , I 1 〉 ⊓ 〈 S 2 , I 2 〉 = 〈 S 1 ⋁ S 2 , I 1 ⋀ I 2 〉

Recommend

- na : a disjunction AND conjunction marker? A-na B: disjunction Example Disjunction and

- na : a disjunction AND conjunction marker? A-na B: disjunction Example Disjunction and

Introduction - na : a disjunction AND conjunction marker? A-na B: disjunction Example Disjunction and Alternative Conditionals in Korean Angie- na Brad -ka cikum Nagoya-ey issta. now Nagoya-in exist Angie- na Brad- N OM Jiwon Yun Angie

195 views • 8 slides
Towards an exhaustification analysis of plain disjunction in Russian Formal Approaches to Russian

Towards an exhaustification analysis of plain disjunction in Russian Formal Approaches to Russian

Towards an exhaustification analysis of plain disjunction in Russian Formal Approaches to Russian Linguistics 3 Pavel Rudnev pasha.rudnev@gmail.com 56 April 2019 Disjunction and polarity Focus of this talk syntax and semantics of plain

237 views • 21 slides
2016 Vegetable Pesticide Update: Weeds 1) New/Changed labels 2) Labels soon 3) Auxin Technologies

2016 Vegetable Pesticide Update: Weeds 1) New/Changed labels 2) Labels soon 3) Auxin Technologies

2016 Vegetable Pesticide Update: Weeds 1) New/Changed labels 2) Labels soon 3) Auxin Technologies drift management New Herbicide Labels for 2016 1) New Select Max Labels 2) Chateau row middle for Cabbage Grass Control Herbicides Select Max

565 views • 35 slides
Self-Stabilizing Silent Disjunction in an Anonymous Network Ajoy K. Datta Stphane Devismes

Self-Stabilizing Silent Disjunction in an Anonymous Network Ajoy K. Datta Stphane Devismes

Self-Stabilizing Silent Disjunction in an Anonymous Network Ajoy K. Datta Stphane Devismes Lawrence L. Larmore University of Nevada Las Vegas Universit Joseph Fourier, Grenoble Datta Devismes Larmore (UNLV/UJFG) Distributed Disjunction

2.13k views • 174 slides
Disjunction Property . . . A derivable or B derivable A B derivable . . . A B

Disjunction Property . . . A derivable or B derivable A B derivable . . . A B

Utrecht University Jeroen Goudsmit The Admissible Rules of BD 2 August 8 th 2013 . Disjunction Property . . . A derivable or B derivable A B derivable . . . A B A or B . . . . . semantics syntax A B A

731 views • 60 slides
Eco Labels in AEC Dr.Lunchakorn Prathumratana Thailand Environment Institute (TEI) Eco labels in

Eco Labels in AEC Dr.Lunchakorn Prathumratana Thailand Environment Institute (TEI) Eco labels in

NSTDA Annual Conference 2013 Eco Labels in AEC Dr.Lunchakorn Prathumratana Thailand Environment Institute (TEI) Eco labels in AEC ASEAN and Type 1 Ecolabelling No . of No . of certified ASEAN GEN member standards products 45 2150

363 views • 23 slides
2012 GFVGA: Herbicide Update 2012 Weed Control Update 1. Recent labels 2. New labels 3. Near

2012 GFVGA: Herbicide Update 2012 Weed Control Update 1. Recent labels 2. New labels 3. Near

2012 GFVGA: Herbicide Update 2012 Weed Control Update 1. Recent labels 2. New labels 3. Near future labels LABELED OR NOT LABELED FOR GEORGIA! GFVGA Third Party Registrations 1. Labels are held by GFVGA. 2. Label must be in hand of user. 3.

633 views • 35 slides
PRODUCTS Adhesive paper; A4 size adhesive paper; Blank labels in rolls and sheets; Labels for

PRODUCTS Adhesive paper; A4 size adhesive paper; Blank labels in rolls and sheets; Labels for

GIPAKO Self-Adhesive materials, labels, Linerless Different label SOLUTIONS ADDRESS: Kiemeli 18B, Vilnius district Phone: +370 5 2392413 LT-14025 Maiiagala Fax: +370 5 2392607 Savanori pr. 176, 5 a. Mobile: +370 656 99337 www.gipako.lt

585 views • 11 slides
Negotiating lexical uncertainty and speaker expertise with disjunction Christopher Potts

Negotiating lexical uncertainty and speaker expertise with disjunction Christopher Potts

Overview Side-effects Model Analysis Implicature blocking Conclusion Negotiating lexical uncertainty and speaker expertise with disjunction Christopher Potts Stanford Linguistics Paper, code, data: https://github.com/cgpotts/pypragmods

1.2k views • 68 slides
Hurfords constraint, the semantics of disjunction, and the nature of alternatives Ivano

Hurfords constraint, the semantics of disjunction, and the nature of alternatives Ivano

Hurfords constraint, the semantics of disjunction, and the nature of alternatives Ivano Ciardelli joint work with Floris Roelofsen InqBnB2 Amsterdam, 17-12-2017 Inquisitive semantics and alternative semantics Both propose a

1.72k views • 62 slides
The SAT 2005 Competition Industrial category Certified UNSAT Special track Fourth Edition Non

The SAT 2005 Competition Industrial category Certified UNSAT Special track Fourth Edition Non

The SAT 2005 Competition Whats new this year The benchmarks First stage results All categories Random category Crafted category Industrial category Second stage results Random category Crafted category The SAT 2005 Competition

791 views • 55 slides
Category Management Coalition for Government Procurement April 10, 2014 Category Management

Category Management Coalition for Government Procurement April 10, 2014 Category Management

Category Management Coalition for Government Procurement April 10, 2014 Category Management Definition of Category Five Responsibilities of Category Management Management Optimize Develops and executes the Contract - Identifying vehicles

257 views • 6 slides
Disjunction and Existence Properties in Inquisitive Logic Gianluca Grilletti June 30, 2017

Disjunction and Existence Properties in Inquisitive Logic Gianluca Grilletti June 30, 2017

Disjunction and Existence Properties in Inquisitive Logic Gianluca Grilletti June 30, 2017 Institute for Logic, Language and Computation (ILLC), 1 Amsterdam, the Netherlands Motivating example: hospital protocol A disease gives rise to

1.28k views • 88 slides
Two souls of disjunction Towards a state-monadic update semantics Patrick D. Elliott July 3,

Two souls of disjunction Towards a state-monadic update semantics Patrick D. Elliott July 3,

Two souls of disjunction Towards a state-monadic update semantics Patrick D. Elliott July 3, 2019 Asymmetries in Language: Presuppositions and beyond Berlin 1 Two souls i Two broad traditions addressing semantics and pragmatics of

584 views • 37 slides
MPLS Special Purpose Labels

MPLS Special Purpose Labels

MPLS Special Purpose Labels dra2-kompella-mpls-special-purpose-labels-01 Loa Andersson Adrian Farrel Kiree< Kompella Two Things Making the

485 views • 10 slides
Free Choice Disjunction as a Rational Speech Act Lucas Champollion, Anna Alsop, and Ioana Grosu

Free Choice Disjunction as a Rational Speech Act Lucas Champollion, Anna Alsop, and Ioana Grosu

Free Choice Disjunction as a Rational Speech Act Lucas Champollion, Anna Alsop, and Ioana Grosu {champollion,aalsop,ig950}@nyu.edu May 17-19, 2019 SALT, UCLA (handout to accompany poster) 1 Introduction Main fact to explain: Free Choice

677 views • 16 slides
An Approach to Category Management Leading global excellence in procurement and supply Category

An Approach to Category Management Leading global excellence in procurement and supply Category

An Approach to Category Management Leading global excellence in procurement and supply Category Management: CIPS define category management as: the entire science of the procurement subject applied to a single genre of expenditure. As

258 views • 13 slides
GENERAL PRESENTATION PROTECTION- CONTROL- IDENTIFICATION TRACKING 2506 RFID LABELS 02 What

GENERAL PRESENTATION PROTECTION- CONTROL- IDENTIFICATION TRACKING 2506 RFID LABELS 02 What

2506 RFID LABELS GENERAL PRESENTATION PROTECTION- CONTROL- IDENTIFICATION TRACKING 2506 RFID LABELS 02 What they are 1/2 RFID labels are based on a Radio Frequency Identification technology. This technology allows to uniquely

259 views • 14 slides
Axiom schema of Markovs principle preserves disjunction and existence properties . Nobu-Yuki

Axiom schema of Markovs principle preserves disjunction and existence properties . Nobu-Yuki

. Axiom schema of Markovs principle preserves disjunction and existence properties . Nobu-Yuki Suzuki Shizuoka University Computability Theory and Foundations of Mathematics 2015 September 7, 2015 (Tokyo, Japan) N.-Y. Suzuki (Shizuoka

576 views • 16 slides
Motivation Why do I study category theory? I find category theoretic arguments to be

Motivation Why do I study category theory? I find category theoretic arguments to be

Emily Riehl Johns Hopkins University A synthetic theory of -categories in homotopy type theory joint with Michael Shulman Octoberfest, Carnegie Mellon University Motivation Why do I study category theory? I find category theoretic

368 views • 26 slides
Category-level localization Cordelia Schmid Category-level localization Localization up to a

Category-level localization Cordelia Schmid Category-level localization Localization up to a

Category-level localization Cordelia Schmid Category-level localization Localization up to a bounding box Sliding window approach, previous course: Felzenszwalb 2010 Today: shape-based descriptor + sliding window Category-level

1.4k views • 110 slides
Category Change Print Docs Communications 1 Category Change Cert Action S creen

Category Change Print Docs Communications 1 Category Change Cert Action S creen

Details...Details... 7/10/2020 Category Change Print Docs Communications 1 Category Change Cert Action S creen Change MOM FIRST, then baby Click on Category Change j ellybean S elect New Category Align with Baby

323 views • 8 slides
The Category TOF Robin Cockett, Cole Comfort University of Calgary June 6, 2018 1/33

The Category TOF Robin Cockett, Cole Comfort University of Calgary June 6, 2018 1/33

Background The Category TOF TOF is a Discrete Inverse Category Generalized controlled-not Gates Completeness of TOF The Category TOF Robin Cockett, Cole Comfort University of Calgary June 6, 2018 1/33 Background The Category TOF TOF is a

775 views • 33 slides
Behavioral Economics How many brands and labels can you remember? Look at the following slide for

Behavioral Economics How many brands and labels can you remember? Look at the following slide for

No Time To Train Introduction to Behavioral Economics How many brands and labels can you remember? Look at the following slide for 15 seconds. 1. In 45 seconds, write down as many labels and 2. brands as you can remember from the picture. No

136 views • 9 slides

More recommend