Policies and Mechanisms for Securing Information Release
Doktorsavhandling, 2009

Security assurance is an important challenge for modern computing. Intentional information release (declassification) is often crucial for such assurance. Security-critical systems demand expressive policies for information release that are beyond what conventional security models may offer. This thesis studies practical and theoretical aspects of information release. It starts with a case study of implementing a declassification-intensive security protocol in a security-typed language. This, largest up to the publication date, case study suggests patterns for secure programming and demonstrates the multifaceted nature of declassification: from near-innocent relabeling of a ciphertext to potentially dangerous release of secret keys. The thesis further explores different aspects of information release. We present a policy cryptographically-masked flows that enables reasoning about information flow in the presence of encryption, decryption, and key generation. We propose a type system that enforces security for a small imperative language with cryptographic primitives, which prevents dangerous program behavior such as giving away a secret key or confusing keys and non-keys. This approach is exemplified with secure implementations of cryptographic protocols. To facilitate reasoning about release of keys, the thesis suggests an attacker-centric model of gradual release that formalizes a concept of attacker’s knowl- edge. The essence of gradual release is that during a program run the knowledge should not change unless caused by an explicit declassification. This turns out to be a powerful foundation for release policies, which we demonstrate by formally connecting revelation-based and encryption-based declassification. We also show how gradual release can be enforced by security types and effects. Addressing one aspect of declassification while leaving out the others would not be quite adequate. We present two conditions that can express both what is released and where in code release happens. For one of them, we give a conventional definition and show that a security type system from the literature (which was designed for treating the what aspect) in fact enforces the combination of what and where policies. The other one is a general framework for rich information-release policies. We present tight and modular enforcement by hybrid mechanisms that combine monitoring with on-the-fly program analysis for a language with dynamic code evaluation and communication primitives. The thesis also analyzes security guarantees for programs with communication primitives if one ignores termination leaks — an assumption often made by the existing information-flow tools. We develop a definition of termination-insensitive noninterference suitable for reasoning about such programs which generalises traditional “batch-job” style definitions and is satisfied by a Denning-style program analysis. Although more than a bit of information can be leaked by programs satisfying this condition, we show that the best an attacker can do is a brute-force attack. If we further assume uniform distribution of secrets, we show that the advantage the attacker gains when guessing the secret after observing a polynomial amount of output is negligible in the size of the secret.

EDIT blgd, room EE, floor 6
Opponent: Prof. David Basin, Department of Computer Science, ETH Zurich, Switzerland


Aslan Askarov

Chalmers, Data- och informationsteknik, Datavetenskap

Gradual Release: Unifying Declassification, Encryption and Key Release Policies

Proceedings of the IEEE Symposium on Security and Privacy,; (2007)p. 207-227

Paper i proceeding

Security-typed languages for implementation of cryptographic protocols: A case study

Proceedings of the 10th European Symposium on Research in Computer Security (ESORICS' 2005), LNCS,; Vol. 3679(2005)p. 197-221

Paper i proceeding

Localized Delimited Release: Combining the What and Where Dimensions of Information Release

ACM SIGPLAN Workshop on Programming Languages and Analysis for Security,; (2007)p. 53-60

Paper i proceeding

Cryptographically-Masked Flows

Theoretical Computer Science,; Vol. 402(2008)p. 82-101

Artikel i vetenskaplig tidskrift

Termination-Insensitive Noninterference Leaks More Than Just a Bit.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 5283(2008)p. 333-348

Paper i proceeding


Datavetenskap (datalogi)



Technical report D - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University: 57

Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie: 2913

EDIT blgd, room EE, floor 6

Opponent: Prof. David Basin, Department of Computer Science, ETH Zurich, Switzerland

Mer information