Cryptographically Secure Information Flow Control on Key-Value Stores
Paper in proceeding, 2017
We present Clio, an information flow control (IFC) system that
transparently incorporates cryptography to enforce confidentiality
and integrity policies on untrusted storage. Clio insulates develop-
ers from explicitly manipulating keys and cryptographic primitives
by leveraging the policy language of the IFC system to automatically use the appropriate keys and correct cryptographic operations.
We prove that Clio is secure with a novel proof technique that is
based on a proof style from cryptography together with standard
programming languages results. We present a prototype Clio implementation and a case study that demonstrates Clio’s practicality.
transparently incorporates cryptography to enforce confidentiality
and integrity policies on untrusted storage. Clio insulates develop-
ers from explicitly manipulating keys and cryptographic primitives
by leveraging the policy language of the IFC system to automatically use the appropriate keys and correct cryptographic operations.
We prove that Clio is secure with a novel proof technique that is
based on a proof style from cryptography together with standard
programming languages results. We present a prototype Clio implementation and a case study that demonstrates Clio’s practicality.
information-flow control
cryptography
Author
Lucas Waye
Harvard University
Pablo Buiras
Harvard University
Owen Arden
University of California
Alejandro Russo
Information Security
Stephen Chong
Harvard University
Proceedings of the ACM Conference on Computer and Communications Security
15437221 (ISSN)
1893-1907978-1-4503-4946-8 (ISBN)
24th ACM SIGSAC Conference on Computer and Communications Security
Dallas, USA,
Dallas, USA,
Areas of Advance
Information and Communication Technology
Subject Categories
Computer Science
DOI
10.1145/3133956.3134036