information flow safety in multiparty sessions
play

Information flow safety in multiparty sessions Sara Capecchi, Ilaria - PowerPoint PPT Presentation

Nov 02, 2023 •127 likes •432 views

Information flow safety in multiparty sessions Sara Capecchi, Ilaria Castellani and Mariangiola Dezani-Ciancaglini (TORINO University and INRIA Sophia Antipolis Mditerrane) Behavioural Types Workshop Lisbon, 19-21 April 2011 T

  1. Information flow safety in multiparty sessions Sara Capecchi, Ilaria Castellani and Mariangiola Dezani-Ciancaglini (TORINO University and INRIA Sophia Antipolis Méditerranée) Behavioural Types Workshop Lisbon, 19-21 April 2011

  2. ⊥ T General goal Information flow control in multiparty sessions where data may have different security levels. A finite lattice of security levels : ... levels assigned to l l’ ... variables and values v l Secure information flow: the send or receive of a value v l 0 can only depend on a receive or test of a value with l ≤ l 0 0

  3. General goal Information flow control in multiparty sessions, to preserve confidentiality of participant data. How to prevent / detect information leaks ? ‣ Typing (prevention): session type system with security ‣ Security (detection): behavioural property based on observational equivalence / bisimulation

  4. Goal (past) Information flow control in multiparty sessions, to preserve confidentiality of participant data. How to prevent / detect information leaks ? ‣ Typing (prevention): session type system with security done in previous work [CCD & Rezk, CONCUR’10] ⇓ ‣ Security (detection): behavioural property based on observational equivalence / bisimulation

  5. Goal (present) Information flow control in multiparty sessions, to preserve confidentiality of participant data. How to prevent / detect information leaks ? ‣ Typing (prevention): session type system with security ‣ Safety (detection): induced by a monitored semantics ‣ Security (detection): behavioural property based on observational equivalence / bisimulation

  6. Tracking information leaks 3 ways to prevent / detect information leaks: s [1]?(2 , x ⊤ ) .s [1]! � 2 , true ⊥ � typical leak: ‣ Typability (prevention): any “syntactic leak” is bad ‣ Safety (local detection): any “semantic leak” is bad ‣ Security (global detection): any “global semantic leak”, detectable by observing the overall process, is bad

  7. Tracking information leaks 3 ways to prevent / detect information leaks: s [1]?(2 , x ⊤ ) .s [1]! � 2 , true ⊥ � ν ( a )( a [1]( α ) . ) ‣ Typability (prevention): any “syntactic leak” is bad ‣ Safety (local detection): any “semantic leak” is bad ‣ Security (global detection): any “global semantic leak”, detectable by observing the overall process, is bad

  8. Tracking information leaks Another typical information leak: if x ⊤ then s [1]! � 2 , true ⊥ � else s [1]! � 2 , false ⊥ � s [1]?(2 , x ⊤ ) . ‣ Typability (prevention): any “syntactic leak” is bad ‣ Safety (local detection): any “semantic leak” is bad ‣ Security (global detection): any “global semantic leak”, detectable by observing the overall process, is bad

  9. Tracking information leaks Another typical information leak: if x ⊤ then s [1]! � 2 , true ⊥ � else s [1]! � 2 , true ⊥ � s [1]?(2 , x ⊤ ) . ‣ Typability (prevention): any “syntactic leak” is bad ‣ Safety (local detection): any “semantic leak” is bad ‣ Security (global detection): any “global semantic leak”, detectable by observing the overall process, is bad

  10. Relating the three properties Relationship between the three properties ? ‣ Typability (prevention): any “syntactic leak” is bad ⇓ ? ‣ Safety (local detection): any “semantic leak” is bad ? ⇓ ‣ Security (global detection): any “global semantic leak”, detectable by observing the overall process, is bad

  11. Relating the three properties Relationship between the three properties ? ‣ Typability (prevention): any “syntactic leak” is bad ‣ Safety (local detection): any “semantic leak” is bad ⇓ ‣ Security (global detection): any “global semantic leak”, detectable by observing the overall process, is bad

  12. Multiparty sessions [Honda, Yoshida, Carbone POPL ’08] Multiparty session: activation of an n-ary service a a [ n ] ¯ | a [1]( α 1 ) .P 1 | · · · | a [ n ]( α n ) .P n arity roles initiator : starts a new session on service a [ n ] ¯ a when there are n suitable participants

  13. Security session calculus

  14. Syntax: processes

  15. Runtime syntax: queues Text

  16. Semantics: configurations

  17. Semantics: computational rules

  18. Semantics: choice

  19. Online medical service

  20. Online medical service (ctd)

  21. Monitored semantics

  22. Monitored semantics rules

  23. Monitored semantics rules (ctd)

  24. Safety: 1st attempt

  25. Safety: definition

  26. Security

  27. Security (ctd)

  28. Main results

  29. Main results (ctd)

  30. Conclusion and future work ‣ Complete the picture by showing typability => safety ‣ Explore monitored semantics with labelled transitions, to return informative error messages to the programmer. ‣ Attach reputation and trust to participants, and possibly use them to refine delegation. [Submitted, full version soon on our web pages]

Recommend

Multiparty Session Types: Concepts Separate the communication into conversations (sessions)

Multiparty Session Types: Concepts Separate the communication into conversations (sessions)

Multiparty Session Types: Concepts Separate the communication into conversations (sessions) Each process plays a role in a conversation => its type is defined by the conversation and its role Evolution Of MPST Binary Session Types

1.07k views • 33 slides
Global Escape in Multiparty Sessions Sara Capecchi joint work with Elena Giachino & Nobuko

Global Escape in Multiparty Sessions Sara Capecchi joint work with Elena Giachino & Nobuko

Global Escape in Multiparty Sessions Sara Capecchi joint work with Elena Giachino & Nobuko Yoshida Workshop on Behavioural Types 21 April 2011 Global escape Global escape unexpected condition, computational error Global escape unexpected

511 views • 28 slides
Secure Information Flow as a Safety Problem Overview Introduction to secure information flow

Secure Information Flow as a Safety Problem Overview Introduction to secure information flow

Secure Information Flow as a Safety Problem Overview Introduction to secure information flow Type-Based approach Self composition Downgrading Self composition with downgrading Type directed transformation

511 views • 22 slides
Information Flow Security DD2460 Software Safety and Security: Part III, lecture 1 Gurvan Le

Information Flow Security DD2460 Software Safety and Security: Part III, lecture 1 Gurvan Le

Information Flow Security DD2460 Software Safety and Security: Part III, lecture 1 Gurvan Le Guernic DD2460 (III, L1) February 14 th , 2012 C ONTEXT F ORMALIZATION C HANNELS , F LOWS AND L ABELS W RAP - UP Outline Information Flow Security deals

532 views • 35 slides
Information Flow Security (2) DD2460 Software Safety and Security: Part III, lecture 3 Gurvan Le

Information Flow Security (2) DD2460 Software Safety and Security: Part III, lecture 3 Gurvan Le

Information Flow Security (2) DD2460 Software Safety and Security: Part III, lecture 3 Gurvan Le Guernic DD2460 (III, L3) February 24 th , 2012 V ARIANTS E NFORCEMENT C ONCLUSION / W RAP - UP Outline Information Flow Security deals with

395 views • 21 slides
Mount Eliza Secondary College Steiner Stream 20 sessions 10 8 sessions 6 sessions 4 sessions

Mount Eliza Secondary College Steiner Stream 20 sessions 10 8 sessions 6 sessions 4 sessions

Mount Eliza Secondary College Steiner Stream 20 sessions 10 8 sessions 6 sessions 4 sessions 2 sessions sessions Main lesson: Maths Ideea Lab Arts Indonesian Health and English electives: Physical education Humanities Performing

3.3k views • 11 slides
Preprocessing Based Verification of Multiparty Protocols with an Honest Majority 20.07.17 Alisa

Preprocessing Based Verification of Multiparty Protocols with an Honest Majority 20.07.17 Alisa

Preprocessing Based Verification of Multiparty Protocols with an Honest Majority 20.07.17 Alisa Pankova Roman Jagomgis Peeter Laud 1 / 10 Secure Multiparty Computation 2 / 10 Secure Multiparty Computation 2 / 10 Secure Multiparty

641 views • 38 slides
May 15: Information Flow and Confinement Information flow for integrity policies Examples

May 15: Information Flow and Confinement Information flow for integrity policies Examples

May 15: Information Flow and Confinement Information flow for integrity policies Examples of information flow controls Android phone Firewalls Confinement Virtual machines May 15, 2017 ECS 235B Spring Quarter 2017 Slide

487 views • 32 slides
Collusion- -Free Free Collusion Multiparty Computation Multiparty Computation in the Mediated

Collusion- -Free Free Collusion Multiparty Computation Multiparty Computation in the Mediated

Collusion- -Free Free Collusion Multiparty Computation Multiparty Computation in the Mediated Model in the Mediated Model Jol Alwen (NYU) Jonathan Katz (U. Maryland) Yehuda Lindell (Bar-Ilan U.) Giuseppe Persiano (U. Salerno) abhi

519 views • 25 slides
Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation) Boris Feigin Computer Laboratory, University of Cambridge PLID 2008 joint work with Alan Mycroft 1 / 22 Motivation Given suitable tools we

605 views • 33 slides
Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain CRYPTO 2018 Secure Multiparty Computation ! # ! $ ! " ! % Secure Multiparty Computation Securely compute

1.18k views • 102 slides
Agreement Detection in Agreement Detection in Multiparty Conversations Multiparty Conversations

Agreement Detection in Agreement Detection in Multiparty Conversations Multiparty Conversations

German Research Center for Artificial Intelligence GmbH www.amiproject.org Agreement Detection in Agreement Detection in Multiparty Conversations Multiparty Conversations FEAST, FEAST, 21st October October 2009 2009 21st Sebastian

467 views • 25 slides
Attractions and Activities Tourism and Hospitality information sessions Government Guidance

Attractions and Activities Tourism and Hospitality information sessions Government Guidance

Tourism and Hospitality information sessions Attractions and Activities Tourism and Hospitality information sessions Government Guidance Business set to reopen from July 4 Include overnight accommodation, pubs, restaurants, cafs and

441 views • 31 slides
Year 10 Parents presentation SAFETY AND WELFARE R Rates Small Numbers Week Sess Sessions

Year 10 Parents presentation SAFETY AND WELFARE R Rates Small Numbers Week Sess Sessions

Year 10 Parents presentation SAFETY AND WELFARE R Rates Small Numbers Week Sess Sessions 15th June Week one will be one to one mentoring sessions 22nd Jun Students may be in for 1 day per week Small teaching pods of no

700 views • 31 slides
IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX)

IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX)

IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX) elisa.boschi@hitachi-eu.com {boschi, zseby, mark, hirsch}@fokus.fraunhofer.de Outline Outline IPFIX Terminology Applicability Initial Goals

212 views • 19 slides
RFP Information Sessions December 4 & 9, 2014 www.siliconvalleycf.org/thebiglift RFP Timeline

RFP Information Sessions December 4 & 9, 2014 www.siliconvalleycf.org/thebiglift RFP Timeline

RFP Information Sessions December 4 & 9, 2014 www.siliconvalleycf.org/thebiglift RFP Timeline December 4: RFP Release December 4 and 9: General info sessions Weekly: FAQs available on website January 16: Proposals Due

636 views • 30 slides
HR Design Information Sessions Spring 2015 Agenda HR Design Updates Breakout Sessions

HR Design Information Sessions Spring 2015 Agenda HR Design Updates Breakout Sessions

HR Design Information Sessions Spring 2015 Agenda HR Design Updates Breakout Sessions HR Design Updates HR Design Component Description Status Policy finalized in February Develop and implement policy requiring each 2015

423 views • 11 slides
Multiparty Session Types and their Applications http://mrg.doc.ic.ac.uk/ Nobuko Yoshida, Rumyana

Multiparty Session Types and their Applications http://mrg.doc.ic.ac.uk/ Nobuko Yoshida, Rumyana

Multiparty Session Types and their Applications http://mrg.doc.ic.ac.uk/ Nobuko Yoshida, Rumyana Neykova Imperial College London 1 Outline Idioms for Interaction Multiparty Session Types Scribble and Applications to a Large-scale

1.38k views • 80 slides
Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang

Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang

Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang Pennsylvania State University University Park, PA, USA {pzl129,zhang}@cse.psu.edu Background: Information Flow Analysis o Security enforcement to prevent

379 views • 24 slides
Multiparty Asynchronous Session Types http://mrg.doc.ic.ac.uk/ Nobuko Yoshida Imperial College

Multiparty Asynchronous Session Types http://mrg.doc.ic.ac.uk/ Nobuko Yoshida Imperial College

Multiparty Asynchronous Session Types http://mrg.doc.ic.ac.uk/ Nobuko Yoshida Imperial College London 1 Structure of Lectures Theory Multiparty Session Types Summary: Practice and Programming using Scribble 2 Session Type Reading

1.22k views • 65 slides
Flow Networks Flow Network: - digraph - weights, called capacities on edges - two

Flow Networks Flow Network: - digraph - weights, called capacities on edges - two

M AXIMUM F LOW How to do it... Why you want it... Where you find it... The Tao of Flow: Let your body go with the flow. -Madonna, Vogue Maximum flow...because youre worth it. -Loreal Go with the flow, Joe.

619 views • 20 slides
Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy

Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy

Secure Information Flow ! Protecting the confidentiality of secret information Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy Blood type: AB Birth date: 9/5/46 HIV: positive ! Access control and

399 views • 10 slides
Information Sessions on the Credit Union Bill, 2011 Presented by Wendy Ho Sing Deputy Inspector

Information Sessions on the Credit Union Bill, 2011 Presented by Wendy Ho Sing Deputy Inspector

Information Sessions on the Credit Union Bill, 2011 Presented by Wendy Ho Sing Deputy Inspector of Financial Institutions January 12, 16, 18 & 20, 2012 CENTRAL BANK OF TRINIDAD AND TOBAGO Overview The Purpose of the Sessions The

315 views • 28 slides
On Multiparty Garbling of Arithmetic Circuits Aner Ben-Efraim Ariel University & Ben-Gurion

On Multiparty Garbling of Arithmetic Circuits Aner Ben-Efraim Ariel University & Ben-Gurion

On Multiparty Garbling of Arithmetic Circuits Aner Ben-Efraim Ariel University & Ben-Gurion University Lecture Plan MPC & Our Results Garbled Circuits Yao and BMR Our Techniques and Constructions What is secure multiparty

492 views • 27 slides

More recommend