Abstract
We are concerned to give certain guarantees about the security of a system. We identify two kinds of attack: the internally scheduled attack (exemplified by Trojan Horse attacks) and externally scheduled attacks (exemplified by timing attacks). In this paper we focus on the latter. We present a semantic framework for studying such attacks in the context of PCCP, a simple process algebra with a constraint store. We show that a measure of the efficacy of an attacker can be determined by considering its observable behaviour over the ” average” store of the system (for some number of steps). We show how to construct an analysis to determine the average store using the technique of probabilistic abstract interpretation.
Chris Hankin is partly funded by the EU FET open project SecSafe.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
S. Abramsky and C. Hankin, editors. Abstract Interpretation of Declarative Languages. Ellis-Horwood, Chichester, England, 1987.
F. J. Beutler. The operator theory of the pseudo-inverse. Journal of Mathematical Analysis and Applications, 10:451–470, 471–493, 1965.
S.L. Campbell and D. Meyer. Generalized Inverse of Linear Transformations. Constable and Company, London, 1979.
P. Cousot and R. Cousot. Abstract Interpretation and Applications to Logic Programs. Journal of Logic Programming, 13(2–3):103–180, July 1992.
F.S. de Boer, A. Di Pierro, and C. Palamidessi. Nondeterminism and Infinite Computations in Constraint Programming. Theoretical Computer Science, 151(1):37–78, 1995.
A. Di Pierro, C. Hankin, and H. Wiklicky. Probabilistic confinement in a declarative framework. In Declarative Programming-Selected Papers from AGP 2000-La Havana, Cuba, volume 48 of Electronic Notes in Theoretical Computer Science, pages 1–23. Elsevier, 2001.
A. Di Pierro, C. Hankin, and H. Wiklicky. Approximate non-interference. In Iliano Cervesato, editor, CSFW’02 — 15th IEEE Computer Security Foundation Workshop, pages 3–17, Cape Breton, Canada, 24–26 June 2002. IEEE Computer Society Press.
A. Di Pierro, C. Hankin, and H. Wiklicky. On approximate non-interference. In P. Syverson and J. Guttman, editors, Proceedings of WITS’02-Workshop on Issues in the Theory of Security, 14–15 January, Portland, January 2002. http://www.dsi.unive.it/IFIPWG1_7/WITS2002.
A. Di Pierro and H. Wiklicky. An operational semantics for Probabilistic Concurrent Constraint Programming. In P. Iyer, Y. Choo, and D. Schmidt, editors, ICCL’98-International Conference on Computer Languages, pages 174–183. IEEE Computer Society Press, 1998.
A. Di Pierro and H. Wiklicky. Concurrent Constraint Programming: Towards Probabilistic Abstract Interpretation. In M. Gabbrielli and F. Pfenning, editors, Proceedings of PPDP’00-Principles and Practice of Declarative Programming, pages 127–138, Montréal, Canada, September 2000. ACM SIGPLAN, Association of Computing Machinery.
A. Di Pierro and H. Wiklicky. Measuring the precision of abstract interpretations. In Proceedings of LOPSTR’00-10th International Workshop on Logic-Based Program Synthesis and Transformation, London, UK, volume 2042 of Lecture Notes in Computer Science, pages 147–164, Berlin-New York, 2001. Springer Verlag.
J. Goguen and J. Meseguer. Security Policies and Security Models. In IEEE Symposium on Security and Privacy, pages 11–20. IEEE Computer Society Press, 1982.
P.C. Kocher. Cryptanalysis of Diffie-Hellman, RSA, DSS, and other crypto-systems using timing attacks. In D. Coppersmith, editor, Advances in Cryptology, CRYPTO’95: 15th Annual International Cryptology Conference, Santa Barbara, California, USA, August 27–31, 1995, volume 963 of Lecture Notes in Computer Science, pages 171–183, Berlin — Heidelberg — London, 1995. Springer-Verlag.
P.C. Kocher, J.M. Jaffe, and B Jun. Differential power analysis. In Proc. 19th International Advances in Cryptology Conference-CRYPTO’ 99, pages 388–397, 1999.
F. Nielson, H. Riis Nielson, and C. Hankin. Principles of Program Analysis. Springer Verlag, Berlin-Heidelberg, 1999.
P.Y.A. Ryan, J. McLean, J. Millen, and V. Gilgor. Non-interference, who needs it? In Proceedings of the 14th IEEE Computer Security Foundations Workshop, pages 237–238, Cape Breton, Nova Scotia, Canada, June 2001. IEEE.
A. Sabelfeld and D. Sands. A per model of secure information flow in sequential programs. In ESOP’99, number 1576 in Lecture Notes in Computer Science, pages 40–58. Springer Verlag, 1999.
A. Sabelfeld and D. Sands. Probabilistic noninterference for multi-threaded programs. In Proceedings of the 13th IEEE Computer Security Foundations Workshop, pages 200–214, 2000.
V.A. Saraswat, M. Rinard, and P. Panangaden. Semantics foundations of concurrent constraint programming. In Symposium on Principles of Programming Languages (POPL), pages 333–353. ACM, 1991.
G. Smith and D. Volpano. Secure information flow in a multi-threaded imperative language. In Symposium on Principles of Programming Languages (POPL’98), pages 355–364, San Diego, California, 1998. ACM.
G. Smith and D. Volpano. Verifying secrets and relative secrecy. In Symposium on Principles of Programming Languages (POPL’00), pages 368–276, Boston, Massachusetts, 2000. ACM.
D. Volpano and G. Smith. Probabilistic noninterference in a concurrent language. In Proceedings of the 11th IEEE Computer Security Foundations Workshop (CSFW’98), pages 34–43, Washington-Brussels-Tokyo, June 1998. IEEE.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Di Pierro, A., Hankin, C., Wiklicky, H. (2002). Analysing Approximate Confinement under Uniform Attacks. In: Hermenegildo, M.V., Puebla, G. (eds) Static Analysis. SAS 2002. Lecture Notes in Computer Science, vol 2477. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45789-5_23
Download citation
DOI: https://doi.org/10.1007/3-540-45789-5_23
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44235-6
Online ISBN: 978-3-540-45789-3
eBook Packages: Springer Book Archive