Information flow controls can be used to protect both dataconfidentiality and data integrity. The certification of the securitydegree of a program that runs in untrusted environmentsstill remains an open problem in language-based security.The notion of robustness asserts that an active attacker,who can modify program code in some fixed points (holes),is not able to disclose more private information than a passiveattacker, who merely observes public data. In this paper,we extend a method recently proposed for checking declassifiednon-interference in presence of passive attackers only,in order to check robustness by means of the weakest preconditionsemantics. In particular, this semantics simulates thekind of analysis that can be performed by an attacker, i.e.,from the public output towards the private input. The choiceof the semantics lets us distinguish between different attacksmodels. In this paper, we also introduce relative robustnessthat is a relaxed notion of robustness for restricted classes ofattacks.

A weakest precondition approach to active attacks analysis

MASTROENI, Isabella
2009-01-01

Abstract

Information flow controls can be used to protect both dataconfidentiality and data integrity. The certification of the securitydegree of a program that runs in untrusted environmentsstill remains an open problem in language-based security.The notion of robustness asserts that an active attacker,who can modify program code in some fixed points (holes),is not able to disclose more private information than a passiveattacker, who merely observes public data. In this paper,we extend a method recently proposed for checking declassifiednon-interference in presence of passive attackers only,in order to check robustness by means of the weakest preconditionsemantics. In particular, this semantics simulates thekind of analysis that can be performed by an attacker, i.e.,from the public output towards the private input. The choiceof the semantics lets us distinguish between different attacksmodels. In this paper, we also introduce relative robustnessthat is a relaxed notion of robustness for restricted classes ofattacks.
9781605586458
Program semantics; Non-interference; Robustness; Declassification; Active attackers
File in questo prodotto:
File Dimensione Formato  
C16-plas09.pdf

solo utenti autorizzati

Tipologia: Versione dell'editore
Licenza: Accesso ristretto
Dimensione 155.48 kB
Formato Adobe PDF
155.48 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11562/336163
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 6
  • ???jsp.display-item.citation.isi??? ND
social impact