Article

Free access

Verifying secrets and relative secrecy

Authors:

Dennis Volpano,

Geoffrey SmithAuthors Info & Claims

POPL '00: Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Pages 268 - 276

https://doi.org/10.1145/325694.325729

Published: 05 January 2000 Publication History

Abstract

Systems that authenticate a user based on a shared secret (such as a password or PIN) normally allow anyone to query whether the secret is a given value. For example, an ATM machine allows one to ask whether a string is the secret PIN of a (lost or stolen) ATM card. Yet such queries are prohibited in any model whose programs satisfy an information-flow property like Noninterference. But there is complexity-based justification for allowing these queries. A type system is given that provides the access control needed to prove that no well-typed program can leak secrets in polynomial time, or even leak them with nonnegligible probability if secrets are of sufficient length and randomly chosen. However, there are well-typed deterministic programs in a synchronous concurrent model capable of leaking secrets in linear time.

References

[1]

T. Baker, j. Gill, and R. Solovay. Relativizations of the P =? NP question. SIAM J. Computing, 4(4):431-442, 1975.]]

[2]

P. Beauchemin, G. Brassaxd, C. Cr~peau, C. Goutier, and C. Pomerance. The generation of random numbers that are provably prime. Journal of Cryptology, 1(1):53-64, 1988.]]

Digital Library

[3]

M. Bellare and P. Rogaway. The exact security of digital signatures--how to sign with RSA and Robin. In Proc. Eurocrypt 96. Lecture Notes in Computer Science 1070, 1996.]]

[4]

M. Bellare and P. Rogaway. Practice-oriented provable security. In Proc. of First International Workshop on Information Security. Lecture Notes in Computer Science 1396, 1998.]]

Digital Library

[5]

J. Goguen and J. Meseguer. Security policies and security models. In Proceedings 1982 IEEE Symposium on Security and Privacy, pages 11-20, Oakland, CA, 1982.]]

[6]

J. Gray, K. Ip, and K. Lui. Provable security for cryptographic protocols--exact analysis and engineering applications. Journal of Computer Security, 6(1,2):23-52, 1998.]]

Digital Library

[7]

P. Kocher. Timing attacks on implementations of Diffie-ttellman, RSA, DSS and other systems. In Proceedings 16th Annual Crypto Conference, August 1996.]]

Digital Library

[8]

P. Lincoln, J. Mitchell, M. Mitchell, and A. Scedrov. A probabilistic poly-time framework for protocol analysis. In Proceedings 5th A CM Conference on Computer and Communications Security~ San Francisco, CA, November 1998.]]

Digital Library

[9]

A. Myers. Jflow: Practical mostly-static information flow control. In Proceedings 26th Symposium on Principles of Programming Languages, pages 228-241, San Antonio, TX, January 1999.]]

Digital Library

[10]

B. Schneier. Applied Crypgography. John Wiley & Sons, 1996. Second Edition.]]

[11]

M. Sipser. Introduction to the Theory of Computation. PWS Publishing Company, 1997.]]

Digital Library

[12]

G. Smith and D. Volpano. Secure information flow in a multi-threaded imperative language. In Proceedings 25th Symposium on Principles of Programming Languages, pages 355-364, San Diego, CA, January 1998.]]

Digital Library

[13]

D. Voipano and G. Smith. Eliminating covert flows with minimum typings. In Proceedings l Oth IEEE Computer Security Foundations Workshop, pages 156-168, June 1997.]]

Digital Library

[14]

D. Volpano and G. Smith. Probabilistic noninterference in a concurrent language. Journal of Computer Security, 7(2,3):231-253, 1999.]]

Digital Library

[15]

D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(2,3):167-187, 1996.]]

Digital Library

Cited By

Hainry EKapron BMarion JPéchoux RSobocinski PLago UEsparza J(2024)Declassification Policy for Program Complexity AnalysisProceedings of the 39th Annual ACM/IEEE Symposium on Logic in Computer Science10.1145/3661814.3662100(1-14)Online publication date: 8-Jul-2024
https://dl.acm.org/doi/10.1145/3661814.3662100
Linvill KKaki GWustrow E(2023)Verifying Indistinguishability of Privacy-Preserving ProtocolsProceedings of the ACM on Programming Languages10.1145/36228497:OOPSLA2(1442-1469)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622849
Kozyri ESchneider F(2020)RIFJournal of Computer Security10.3233/JCS-19131628:2(191-228)Online publication date: 1-Jan-2020
https://dl.acm.org/doi/10.3233/JCS-191316
Show More Cited By

Index Terms

Verifying secrets and relative secrecy

Recommendations

The Key Book Of Secrets: The Password Organizer Log Book / Password Keeper Journal 120 Pages 5x8 Inches (Volume 2)
Ziggy's Secrets: An Internet Password Keeper
Sharing multiple secrets in visual cryptography

The secret sharing schemes in conventional visual cryptography are characterized by encoding one shared secret into a set of random transparencies which reveal the secret to the human visual system when they are superimposed. In this paper, we propose a ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

POPL '00: Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages

January 2000

402 pages

ISBN:1581131259

DOI:10.1145/325694

Chairmen:
Mark Wegman
IBM T. J. Watson Research Center, Yorktown Heights, NY
,
Thomas Reps
Univ. of Wisconsin

Copyright © 2000 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 January 2000

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Conference

POPL00

Sponsor:

POPL00: Symposium on Principles of Programming Languages 2000

January 19 - 21, 2000

MA, Boston, USA

Acceptance Rates

POPL '00 Paper Acceptance Rate 30 of 151 submissions, 20%;

Overall Acceptance Rate 824 of 4,130 submissions, 20%

Upcoming Conference

POPL '25

Sponsor:
sigplan

The 52nd Annual ACM SIGPLAN Symposium on Principles of Programming Languages

January 19 - 25, 2025

Denver , CO , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

63
Total Citations
View Citations
544
Total Downloads

Downloads (Last 12 months)44
Downloads (Last 6 weeks)10

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hainry EKapron BMarion JPéchoux RSobocinski PLago UEsparza J(2024)Declassification Policy for Program Complexity AnalysisProceedings of the 39th Annual ACM/IEEE Symposium on Logic in Computer Science10.1145/3661814.3662100(1-14)Online publication date: 8-Jul-2024
https://dl.acm.org/doi/10.1145/3661814.3662100
Linvill KKaki GWustrow E(2023)Verifying Indistinguishability of Privacy-Preserving ProtocolsProceedings of the ACM on Programming Languages10.1145/36228497:OOPSLA2(1442-1469)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622849
Kozyri ESchneider F(2020)RIFJournal of Computer Security10.3233/JCS-19131628:2(191-228)Online publication date: 1-Jan-2020
https://dl.acm.org/doi/10.3233/JCS-191316
Karbyshev ASvendsen KAskarov ABirkedal L(2018)Compositional Non-interference for Concurrent Programs via Separation and FramingPrinciples of Security and Trust10.1007/978-3-319-89722-6_3(53-78)Online publication date: 14-Apr-2018
https://doi.org/10.1007/978-3-319-89722-6_3
Assaf MNaumann DSignoles JTotel ÉTronel F(2017)Hypercollecting semantics and its application to static analysis of information flowACM SIGPLAN Notices10.1145/3093333.300988952:1(874-887)Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.1145/3093333.3009889
Assaf MNaumann DSignoles JTotel ÉTronel FCastagna GGordon A(2017)Hypercollecting semantics and its application to static analysis of information flowProceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages10.1145/3009837.3009889(874-887)Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.1145/3009837.3009889
Askarov AMoore SDimoulas CChong S(2015)Cryptographic Enforcement of Language-Based Information ErasureProceedings of the 2015 IEEE 28th Computer Security Foundations Symposium10.1109/CSF.2015.30(334-348)Online publication date: 13-Jul-2015
https://dl.acm.org/doi/10.1109/CSF.2015.30
Fredrikson MJha SHenzinger TMiller D(2014)Satisfiability modulo countingProceedings of the Joint Meeting of the Twenty-Third EACSL Annual Conference on Computer Science Logic (CSL) and the Twenty-Ninth Annual ACM/IEEE Symposium on Logic in Computer Science (LICS)10.1145/2603088.2603097(1-10)Online publication date: 14-Jul-2014
https://dl.acm.org/doi/10.1145/2603088.2603097
Zdancewic S(2013)A Type System for Robust DeclassificationElectronic Notes in Theoretical Computer Science (ENTCS)10.1016/S1571-0661(03)50014-783(263-277)Online publication date: 1-Jan-2013
https://dl.acm.org/doi/10.1016/S1571-0661%2803%2950014-7
Jang DJhala RLerner SShacham HAl-Shaer EKeromytis AShmatikov V(2010)An empirical study of privacy-violating information flows in JavaScript web applicationsProceedings of the 17th ACM conference on Computer and communications security10.1145/1866307.1866339(270-283)Online publication date: 4-Oct-2010
https://dl.acm.org/doi/10.1145/1866307.1866339
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents