Abstract
This paper presents a program analysis for secure information flow. The analysis works on a simple imperative programming language containing a cryptographic primitive—encryption—as a possible operation. The analysis captures the intuitive qualities of the (lack of) information flow from a plaintext to its corresponding ciphertext. The analysis is proved correct with respect to a complexity-theoretical definition of the security of information flow. In contrast to the previous results, the analysis does not put any restrictions on the structure of the program, especially on the ways of how the program uses the encryption keys.
Supported by Estonian Science Foundation grant #5279. Most of this work was done while the author was at the University of Saarland, Germany.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Abadi and A. Gordon. A Calculus for Cryptographic Protocols: The Spi Calculus. Information and Computation, 148(1):1–70, Jan. 1999.
M. Abadi and J. Jürjens. Formal Eavesdropping and Its Computational Interpretation. In proc. of TACS 2001 (LNCS 2215), pages 82–94.
M. Abadi and P. Rogaway. Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption). In proc. of International Conference IFIP TCS 2000 (LNCS 1872), pages 3–22.
M. Backes. Cryptographically Sound Analysis of Security Protocols. PhD thesis, Universität des Saarlandes, 2002.
M. Burrows, M. Abadi, and R. Needham. A Logic of Authentication. ACM Transactions on Computer Systems, 8(1):18–36, Feb. 1990.
P. Cousot. Constructive Design of a Hierarchy of Semantics of a Transition System by Abstract Interpretation. Theoretical Computer Science 277(1–2):47–103, Apr. 2002.
D. Denning. A Lattice Model of Secure Information Flow. Communications of the ACM, 19(5):236–243, 1976.
D. Denning and P. Denning. Certification of Programs for Secure Information Flow. Communications of the ACM, 20(7):504–513, 1977.
J. Goguen and J. Meseguer. Security Policies and Security Models. In proc. of IEEE S&P 1982, pages 11–20.
J. Gray III. Probabilistic Noninterference. In proc. of IEEE S&P 1990, pages 170–179.
P. Laud. Semantics and Program Analysis of Computationally Secure Information Flow. In proc. of ESOP 2001 (LNCS 2028), pages 77–91.
P. Laud. Computationally Secure Information Flow. PhD thesis, Universität des Saarlandes, 2002.
K. Leino and R. Joshi. A Semantic Approach to Secure Information Flow. In proc. of Matehematics of Program Construction’ 98 (LNCS 1422), pages 254–271.
P. Lincoln, J. Mitchell, M. Mitchell, and A. Scedrov. A Probabilistic Poly-Time Framework for Protocol Analysis. In proc. of ACM CCS’ 98, pages 112–121.
P. Lincoln, J. Mitchell, M. Mitchell, and A. Scedrov. Probabilistic Polynomial-Time Equivalence and Security Analysis. In proc. of the World Congress on Formal Methods in the Development of Computing Systems’ 99 (LNCS 1708), pages 776–793.
J. Mitchell. Probabilistic Polynomial-Time Process Calculus and Security Protocol Analysis. In proc. of ESOP 2001 (LNCS 2028), pages 23–29.
H. Nielson and F. Nielson. Semantics with Applications: A Formal Introduction.Wiley, 1992.
B. Pfitzmann, M. Schunter, and M. Waidner. Cryptographic Security of Reactive Systems. In proc. of Workshop on Secure Architectures and Information Flow (ENTCS 32), 2000.
B. Pfitzmann and M. Waidner. Composition and integrity preservation of secure reactive systems. In proc. of ACM CCS 2000, pages 245–254.
B. Pfitzmann and M. Waidner. A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission. In proc. of IEEE S&P 2001, pages 184–200.
F. Thayer, J. Herzog, and J. Guttman. Strand Spaces: Proving Security Protocols Correct. Journal of Computer Security, 7(2/3):191–230, 1999.
D. Volpano. Secure Introduction of One-way Functions. In proc. of CSFW’ 00, pages 246–254.
D. Volpano and G. Smith. Verifying Secrets and Relative Secrecy. In proc. of POPL 2000, pages 268–276.
D. Volpano, G. Smith, and C. Irvine. A Sound Type System for Secure Flow Analysis. Journal of Computer Security, 4(2,3):167–187, 1996.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Laud, P. (2003). Handling Encryption in an Analysis for Secure Information Flow. In: Degano, P. (eds) Programming Languages and Systems. ESOP 2003. Lecture Notes in Computer Science, vol 2618. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36575-3_12
Download citation
DOI: https://doi.org/10.1007/3-540-36575-3_12
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00886-6
Online ISBN: 978-3-540-36575-4
eBook Packages: Springer Book Archive