Advertisement

Analysing Approximate Confinement under Uniform Attacks

  • Alessandra Di Pierro
  • Chris Hankin
  • Herbert Wiklicky
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2477)

Abstract

We are concerned to give certain guarantees about the security of a system. We identify two kinds of attack: the internally scheduled attack (exemplified by Trojan Horse attacks) and externally scheduled attacks (exemplified by timing attacks). In this paper we focus on the latter. We present a semantic framework for studying such attacks in the context of PCCP, a simple process algebra with a constraint store. We show that a measure of the efficacy of an attacker can be determined by considering its observable behaviour over the ” average” store of the system (for some number of steps). We show how to construct an analysis to determine the average store using the technique of probabilistic abstract interpretation.

Keywords

Operational Semantic Analyse Approximate Galois Connection Average Store Abstract Semantic 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    S. Abramsky and C. Hankin, editors. Abstract Interpretation of Declarative Languages. Ellis-Horwood, Chichester, England, 1987.Google Scholar
  2. 2.
    F. J. Beutler. The operator theory of the pseudo-inverse. Journal of Mathematical Analysis and Applications, 10:451–470, 471–493, 1965.CrossRefMathSciNetGoogle Scholar
  3. 3.
    S.L. Campbell and D. Meyer. Generalized Inverse of Linear Transformations. Constable and Company, London, 1979.Google Scholar
  4. 4.
    P. Cousot and R. Cousot. Abstract Interpretation and Applications to Logic Programs. Journal of Logic Programming, 13(2–3):103–180, July 1992.Google Scholar
  5. 5.
    F.S. de Boer, A. Di Pierro, and C. Palamidessi. Nondeterminism and Infinite Computations in Constraint Programming. Theoretical Computer Science, 151(1):37–78, 1995.zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    A. Di Pierro, C. Hankin, and H. Wiklicky. Probabilistic confinement in a declarative framework. In Declarative Programming-Selected Papers from AGP 2000-La Havana, Cuba, volume 48 of Electronic Notes in Theoretical Computer Science, pages 1–23. Elsevier, 2001.Google Scholar
  7. 7.
    A. Di Pierro, C. Hankin, and H. Wiklicky. Approximate non-interference. In Iliano Cervesato, editor, CSFW’02 — 15th IEEE Computer Security Foundation Workshop, pages 3–17, Cape Breton, Canada, 24–26 June 2002. IEEE Computer Society Press.Google Scholar
  8. 8.
    A. Di Pierro, C. Hankin, and H. Wiklicky. On approximate non-interference. In P. Syverson and J. Guttman, editors, Proceedings of WITS’02-Workshop on Issues in the Theory of Security, 14–15 January, Portland, January 2002. http://www.dsi.unive.it/IFIPWG1_7/WITS2002.
  9. 9.
    A. Di Pierro and H. Wiklicky. An operational semantics for Probabilistic Concurrent Constraint Programming. In P. Iyer, Y. Choo, and D. Schmidt, editors, ICCL’98-International Conference on Computer Languages, pages 174–183. IEEE Computer Society Press, 1998.Google Scholar
  10. 10.
    A. Di Pierro and H. Wiklicky. Concurrent Constraint Programming: Towards Probabilistic Abstract Interpretation. In M. Gabbrielli and F. Pfenning, editors, Proceedings of PPDP’00-Principles and Practice of Declarative Programming, pages 127–138, Montréal, Canada, September 2000. ACM SIGPLAN, Association of Computing Machinery.Google Scholar
  11. 11.
    A. Di Pierro and H. Wiklicky. Measuring the precision of abstract interpretations. In Proceedings of LOPSTR’00-10th International Workshop on Logic-Based Program Synthesis and Transformation, London, UK, volume 2042 of Lecture Notes in Computer Science, pages 147–164, Berlin-New York, 2001. Springer Verlag.Google Scholar
  12. 12.
    J. Goguen and J. Meseguer. Security Policies and Security Models. In IEEE Symposium on Security and Privacy, pages 11–20. IEEE Computer Society Press, 1982.Google Scholar
  13. 13.
    P.C. Kocher. Cryptanalysis of Diffie-Hellman, RSA, DSS, and other crypto-systems using timing attacks. In D. Coppersmith, editor, Advances in Cryptology, CRYPTO’95: 15th Annual International Cryptology Conference, Santa Barbara, California, USA, August 27–31, 1995, volume 963 of Lecture Notes in Computer Science, pages 171–183, Berlin — Heidelberg — London, 1995. Springer-Verlag.Google Scholar
  14. 14.
    P.C. Kocher, J.M. Jaffe, and B Jun. Differential power analysis. In Proc. 19th International Advances in Cryptology Conference-CRYPTO’ 99, pages 388–397, 1999.Google Scholar
  15. 15.
    F. Nielson, H. Riis Nielson, and C. Hankin. Principles of Program Analysis. Springer Verlag, Berlin-Heidelberg, 1999.zbMATHGoogle Scholar
  16. 16.
    P.Y.A. Ryan, J. McLean, J. Millen, and V. Gilgor. Non-interference, who needs it? In Proceedings of the 14th IEEE Computer Security Foundations Workshop, pages 237–238, Cape Breton, Nova Scotia, Canada, June 2001. IEEE.Google Scholar
  17. 17.
    A. Sabelfeld and D. Sands. A per model of secure information flow in sequential programs. In ESOP’99, number 1576 in Lecture Notes in Computer Science, pages 40–58. Springer Verlag, 1999.Google Scholar
  18. 18.
    A. Sabelfeld and D. Sands. Probabilistic noninterference for multi-threaded programs. In Proceedings of the 13th IEEE Computer Security Foundations Workshop, pages 200–214, 2000.Google Scholar
  19. 19.
    V.A. Saraswat, M. Rinard, and P. Panangaden. Semantics foundations of concurrent constraint programming. In Symposium on Principles of Programming Languages (POPL), pages 333–353. ACM, 1991.Google Scholar
  20. 20.
    G. Smith and D. Volpano. Secure information flow in a multi-threaded imperative language. In Symposium on Principles of Programming Languages (POPL’98), pages 355–364, San Diego, California, 1998. ACM.Google Scholar
  21. 21.
    G. Smith and D. Volpano. Verifying secrets and relative secrecy. In Symposium on Principles of Programming Languages (POPL’00), pages 368–276, Boston, Massachusetts, 2000. ACM.Google Scholar
  22. 22.
    D. Volpano and G. Smith. Probabilistic noninterference in a concurrent language. In Proceedings of the 11th IEEE Computer Security Foundations Workshop (CSFW’98), pages 34–43, Washington-Brussels-Tokyo, June 1998. IEEE.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Alessandra Di Pierro
    • 1
  • Chris Hankin
    • 2
  • Herbert Wiklicky
    • 2
  1. 1.Dipartimento di InformaticaUniversitá di PisaItaly
  2. 2.Department of ComputingImperial CollegeLondonUK

Personalised recommendations