Reconciling progress-insensitive noninterference and declassification

May 05, 2020 Β· Declared Dead Β· πŸ› IEEE Computer Security Foundations Symposium

πŸ‘» CAUSE OF DEATH: Ghosted
No code link whatsoever

"No code URL or promise found in abstract"

Evidence collected by the PWNC Scanner

Authors Johan Bay, Aslan Askarov arXiv ID 2005.01977 Category cs.PL: Programming Languages Citations 5 Venue IEEE Computer Security Foundations Symposium Last Checked 3 months ago
Abstract
Practitioners of secure information flow often face a design challenge: what is the right semantic treatment of leaks via termination? On the one hand, the potential harm of untrusted code calls for strong progress-sensitive security. On the other hand, when the code is trusted to not aggressively exploit termination channels, practical concerns, such as permissiveness of the enforcement, make a case for settling for weaker, progress-insensitive security. This binary situation, however, provides no suitable middle point for systems that mix trusted and untrusted code. This paper connects the two extremes by reframing progress-insensitivity as a particular form of declassification. Our novel semantic condition reconciles progress-insensitive security as a declassification bound on the so-called progress knowledge in an otherwise progress or timing sensitive setting. We show how the new condition can be soundly enforced using a mostly standard information-flow monitor. We believe that the connection established in this work will enable other applications of ideas from the literature on declassification to progress insensitivity.
Community shame:
Not yet rated
πŸ“„ View on arXiv 🌐 View on ar5iv πŸ“‘ PDF πŸŽ‰ Report Code Found
Community Contributions

Found the code? Know the venue? Think something is wrong? Let us know!

πŸ“œ Similar Papers

In the same crypt β€” Programming Languages

Died the same way β€” πŸ‘» Ghosted