Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

International Conference on Formal Methods for Open Object-Based Distributed Systems

International Conference on Formal Techniques for Distributed Systems

FMOODS 2012, FORTE 2012: Formal Techniques for Distributed Systems pp 186–202Cite as

  1. Home
  2. Formal Techniques for Distributed Systems
  3. Conference paper
Secure Multi-Execution through Static Program Transformation

Secure Multi-Execution through Static Program Transformation

  • Gilles Barthe18,
  • Juan Manuel Crespo18,
  • Dominique Devriese19,
  • Frank Piessens19 &
  • …
  • Exequiel Rivas18 
  • Conference paper
  • 763 Accesses

  • 17 Citations

Part of the Lecture Notes in Computer Science book series (LNPSE,volume 7273)

Abstract

Secure multi-execution (SME) is a dynamic technique to ensure secure information flow. In a nutshell, SME enforces security by running one execution of the program per security level, and by reinterpreting input/output operations w.r.t. their associated security level. SME is sound, in the sense that the execution of a program under SME is non-interfering, and precise, in the sense that for programs that are non-interfering in the usual sense, the semantics of a program under SME coincides with its standard semantics. A further virtue of SME is that its core idea is language-independent; it can be applied to a broad range of languages. A downside of SME is the fact that existing implementation techniques require modifications to the runtime environment, e.g. the browser for Web applications. In this article, we develop an alternative approach where the effect of SME is achieved through program transformation, without modifications to the runtime, thus supporting server-side deployment on the web. We show on an exemplary language with input/output and dynamic code evaluation (modeled after JavaScript’s eval) that our transformation is sound and precise. The crux of the proof is a simulation between the execution of the transformed program and the SME execution of the original program. This proof has been machine-checked using the Agda proof assistant. We also report on prototype implementations for a small fragment of Python and a substantial subset of JavaScript.

Keywords

  • Security Level
  • Operational Semantic
  • Output Channel
  • Input Channel
  • Input Pointer

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Download conference paper PDF

References

  1. Askarov, A., Sabelfeld, A.: Tight enforcement of information-release policies for dynamic languages. In: CSF, pp. 43–59 (2009)

    Google Scholar 

  2. Austin, T., Flanagan, C.: Multiple facets for dynamic information flow. In: POPL (2012)

    Google Scholar 

  3. Austin, T.H., Flanagan, C.: Permissive dynamic information flow analysis. In: PLAS (2010)

    Google Scholar 

  4. Barthe, G., Crespo, J.M., Devriese, D., Piessens, F., Rivas, E.: Secure multi-execution through static program transformation: extended version. Technical Report CW620, Department of Computer Science, Katholieke Universiteit Leuven (2012)

    Google Scholar 

  5. Barthe, G., D’Argenio, P.R., Rezk, T.: Secure information flow by self-composition. In: CSFW, pp. 100–114 (2004)

    Google Scholar 

  6. Bielova, N., Devriese, D., Massacci, F., Piessens, F.: Reactive non-interference for a browser model. In: NSS (2011)

    Google Scholar 

  7. Birgisson, A., Russo, A., Sabelfeld, A.: Capabilities for information flow. In: PLAS (2011)

    Google Scholar 

  8. Capizzi, R., Longo, A., Venkatakrishnan, V.N., Prasad Sistla, A.: Preventing information leaks through shadow executions. In: ACSAC (2008)

    Google Scholar 

  9. Cavadini, S.: Secure slices of insecure programs. In: ASIACCS, pp. 112–122 (2008)

    Google Scholar 

  10. Chudnov, A., Naumann, D.A.: Information flow monitor inlining. In: CSF, pp. 200–214 (2010)

    Google Scholar 

  11. Chugh, R., Meister, J.A., Jhala, R., Lerner, S.: Staged information flow for Javascript. In: PLDI (2009)

    Google Scholar 

  12. Cristiá, M., Mata, P.: Runtime enforcement of noninterference by duplicating processes and their memories. In: WSEGI 2009 (2009)

    Google Scholar 

  13. Crockford, D.: Adsafe (December 2009), http://www.adsafe.org/

  14. Devriese, D., Piessens, F.: Noninterference through secure multi-execution. In: IEEE Symposium on Security and Privacy, pp. 109–124 (2010)

    Google Scholar 

  15. Facebook. Fbjs (2011), http://developers.facebook.com/docs/fbjs/

  16. Le Guernic, G.: Confidentiality Enforcement Using Dynamic Information Flow Analyses. PhD thesis, Kansas State University (2007)

    Google Scholar 

  17. Heintze, N., Riecke, J.G.: The SLam calculus: programming with secrecy and integrity. In: Proc. ACM Symp. on Principles of Programming Languages, pp. 365–377 (January 1998)

    Google Scholar 

  18. Jaskelioff, M., Russo, A.: Secure multi-execution in haskell. In: PSI (2011)

    Google Scholar 

  19. Kashyap, V., Wiedermann, B., Hardekopf, B.: Timing- and termination-sensitive secure information flow: Exploring a new approach. In: Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP 2011, pp. 413–428. IEEE Computer Society, Washington, DC (2011)

    CrossRef  Google Scholar 

  20. Louw, M.T., Ganesh, K.T., Venkatakrishnan, V.N.: Adjail: Practical enforcement of confidentiality and integrity policies on web advertisements. In: USENIX Security Symposium, pp. 371–388 (2010)

    Google Scholar 

  21. Maffeis, S., Mitchell, J.C., Taly, A.: Isolating JavaScript with Filters, Rewriting, and Wrappers. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 505–522. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  22. Maffeis, S., Mitchell, J.C., Taly, A.: Object capabilities and isolation of untrusted web applications. In: IEEE Symposium on Security and Privacy, pp. 125–140 (2010)

    Google Scholar 

  23. Miller, M.S., Samuel, M., Laurie, B., Awad, I., Stay, M.: Caja: Safe active content in sanitized javascript (January 2008), http://google-caja.googlecode.com/files/caja-spec-2008-01-15.pdf

  24. Myers, A.C.: JFlow: Practical mostly-static information flow control. In: Proc. ACM Symp. on Principles of Programming Languages, pp. 228–241 (January 1999)

    Google Scholar 

  25. Richards, G., Hammer, C., Burg, B., Vitek, J.: The Eval That Men Do. In: Mezini, M. (ed.) ECOOP 2011. LNCS, vol. 6813, pp. 52–78. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  26. Russo, A., Sabelfeld, A.: Securing timeout instructions in web applications. In: CSF, pp. 92–106 (2009)

    Google Scholar 

  27. Russo, A., Sabelfeld, A., Chudnov, A.: Tracking Information Flow in Dynamic Tree Structures. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 86–103. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  28. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. JSAC 21, 5–19 (2003)

    Google Scholar 

  29. Sabelfeld, A., Russo, A.: From Dynamic to Static and Back: Riding the Roller Coaster of Information-Flow Control Research. In: Pnueli, A., Virbitskaite, I., Voronkov, A. (eds.) PSI 2009. LNCS, vol. 5947, pp. 352–365. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  30. Taly, A., Erlingsson, U., Miller, M.S., Mitchell, J.C., Nagra, J.: Automated analysis of security-critical javascript apis. In: IEEE Symposium on Security and Privacy (2011)

    Google Scholar 

  31. Volpano, D., Irvine, C., Smith, G.: A sound type system for secure flow analysis. Journal of Computer Security 4(2/3), 167–188 (1996)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IMDEA Software Institute, Madrid, Spain

    Gilles Barthe, Juan Manuel Crespo & Exequiel Rivas

  2. IBBT-DistriNet Research Group, KU, Leuven, Belgium

    Dominique Devriese & Frank Piessens

Authors
  1. Gilles Barthe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Juan Manuel Crespo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dominique Devriese
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Frank Piessens
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Exequiel Rivas
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hasso Plattner Institute at the University of Potsdam, Prof.-Dr.-Helmert-Straße 2-3, 14482, Potsdam, Germany

    Holger Giese

  2. Department of Computer Science, University of Illinois at Urbana-Champaign, 201 N. Goodwin, 61801, Urbana, IL, USA

    Grigore Rosu

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Barthe, G., Crespo, J.M., Devriese, D., Piessens, F., Rivas, E. (2012). Secure Multi-Execution through Static Program Transformation. In: Giese, H., Rosu, G. (eds) Formal Techniques for Distributed Systems. FMOODS FORTE 2012 2012. Lecture Notes in Computer Science, vol 7273. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30793-5_12

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-30793-5_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-30792-8

  • Online ISBN: 978-3-642-30793-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature