Probability and Timing: Challenges for Secure Programming
- 272 Downloads
When can a program be trusted with your secret data? The setting which motivates this work is that of confidentiality and privacy in mobile code. Assume that some user wants to run a program that originates from an untrusted source. For example, the program can have been downloaded from an untrusted site on the Internet. When the program is run, it has to be given access to some data that the user regards as confidential in order to compute the desired results. While running, the program also needs to have access to the Internet in order to fetch various kinds of information from databases etc. This setting has been the motivation behind a recent resurgence of interest in the analysis and certification of confidentiality properties of programs.
KeywordsIEEE Computer Society Secure Information Secret Data Leak Information Secure Program
- 1.J. Agat and D. Sands. On confidentiality and algorithms. In Francis M. Titsworth, editor, Proceedings of the 2001 IEEE Symposium on Security and Privacy (S&P-01), pages 64–77. IEEE Computer Society, May 2001.Google Scholar
- 2.A. Sabelfeld and D. Sands. Probabilistic noninterference for multi-threaded programs. In Proceedings of the 13th IEEE Computer Security Foundations Workshop, pages 200–214, Cambridge, England, July 2000. IEEE Computer Society Press.Google Scholar