攻击者知识的混合监控

2016 IEEE 29th Computer Security Foundations Symposium (CSF) Pub Date : 2016-06-01 DOI:10.1109/CSF.2016.23

Frédéric Besson, Nataliia Bielova, T. Jensen

{"title":"攻击者知识的混合监控","authors":"Frédéric Besson, Nataliia Bielova, T. Jensen","doi":"10.1109/CSF.2016.23","DOIUrl":null,"url":null,"abstract":"Enforcement of noninterference requires proving that an attacker's knowledge about the initial state remains the same after observing a program's public output. We propose a hybrid monitoring mechanism which dynamically evaluates the knowledge that is contained in program variables. To get a precise estimate of the knowledge, the monitor statically analyses non-executed branches. We show that our knowledge-based monitor can be combined with existing dynamic monitors for non-interference. A distinguishing feature of such a combination is that the combined monitor is provably more permissive than each mechanism taken separately. We demonstrate this by proposing a knowledge-enhanced version of a no-sensitive-upgrade (NSU) monitor. The monitor and its static analysis have been formalized and proved correct within the Coq proof assistant.","PeriodicalId":6500,"journal":{"name":"2016 IEEE 29th Computer Security Foundations Symposium (CSF)","volume":"43 1","pages":"225-238"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"Hybrid Monitoring of Attacker Knowledge\",\"authors\":\"Frédéric Besson, Nataliia Bielova, T. Jensen\",\"doi\":\"10.1109/CSF.2016.23\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Enforcement of noninterference requires proving that an attacker's knowledge about the initial state remains the same after observing a program's public output. We propose a hybrid monitoring mechanism which dynamically evaluates the knowledge that is contained in program variables. To get a precise estimate of the knowledge, the monitor statically analyses non-executed branches. We show that our knowledge-based monitor can be combined with existing dynamic monitors for non-interference. A distinguishing feature of such a combination is that the combined monitor is provably more permissive than each mechanism taken separately. We demonstrate this by proposing a knowledge-enhanced version of a no-sensitive-upgrade (NSU) monitor. The monitor and its static analysis have been formalized and proved correct within the Coq proof assistant.\",\"PeriodicalId\":6500,\"journal\":{\"name\":\"2016 IEEE 29th Computer Security Foundations Symposium (CSF)\",\"volume\":\"43 1\",\"pages\":\"225-238\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE 29th Computer Security Foundations Symposium (CSF)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSF.2016.23\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 29th Computer Security Foundations Symposium (CSF)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSF.2016.23","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

摘要

强制执行不干扰要求证明攻击者在观察程序的公共输出后对初始状态的了解保持不变。我们提出了一种动态评估包含在程序变量中的知识的混合监控机制。为了获得对知识的精确估计，监视器静态地分析未执行的分支。我们表明，我们的基于知识的监视器可以与现有的动态监视器相结合，以实现无干扰。这种组合的一个显著特征是，可以证明，与单独采用的每种机制相比，组合的监视器具有更大的容忍度。我们通过提出无敏感升级(NSU)监视器的知识增强版本来证明这一点。该监视器及其静态分析已在Coq验证助手中正规化并证明是正确的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Hybrid Monitoring of Attacker Knowledge

Enforcement of noninterference requires proving that an attacker's knowledge about the initial state remains the same after observing a program's public output. We propose a hybrid monitoring mechanism which dynamically evaluates the knowledge that is contained in program variables. To get a precise estimate of the knowledge, the monitor statically analyses non-executed branches. We show that our knowledge-based monitor can be combined with existing dynamic monitors for non-interference. A distinguishing feature of such a combination is that the combined monitor is provably more permissive than each mechanism taken separately. We demonstrate this by proposing a knowledge-enhanced version of a no-sensitive-upgrade (NSU) monitor. The monitor and its static analysis have been formalized and proved correct within the Coq proof assistant.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 IEEE 29th Computer Security Foundations Symposium (CSF)

自引率

0.00%

发文量

期刊最新文献

Axioms for Information Leakage Multi-run Side-Channel Analysis Using Symbolic Execution and Max-SMT sElect: A Lightweight Verifiable Remote Voting System Automated Reasoning for Equivalences in the Applied Pi Calculus with Barriers On Modular and Fully-Abstract Compilation