Cited By
View all- Guria SFoster JVan Horn D(2023)Absynthe: Abstract Interpretation-Guided SynthesisProceedings of the ACM on Programming Languages10.1145/35912857:PLDI(1584-1607)Online publication date: 6-Jun-2023
ANOSY: approximated knowledge synthesis with refinement types for declassification
Pages 15 - 30
Abstract
Non-interference is a popular way to enforce confidentiality of sensitive data. However, declassification of sensitive information is often needed in realistic applications but breaks non-interference. We present ANOSY, an approximate knowledge synthesizer for quantitative declassification policies. ANOSY uses refinement types to automatically construct machine checked over- and under-approximations of attacker knowledge for boolean queries on multi-integer secrets. It also provides an AnosyT monad to track the attacker knowledge over multiple declassification queries and checks for violations against user-specified policies in information flow control applications. We implement a prototype of ANOSY and show that it is precise and permissive: up to 14 declassification queries are permitted before a policy violation occurs using the powerset of intervals domain.
References
[1]
Owen Arden, Michael D. George, Jed Liu, K. Vikram, Aslan Askarov, and Andrew C. Myers. 2012. Sharing Mobile Code Securely with Information Flow Control. In IEEE Symposium on Security and Privacy, (S&P 2012), 21-23 May 2012, San Francisco, California, USA. IEEE Computer Society, 191–205. https://doi.org/10.1109/SP.2012.22
[2]
Aslan Askarov and Andrei Sabelfeld. 2007. Gradual Release: Unifying Declassification, Encryption and Key Release Policies. In 2007 IEEE Symposium on Security and Privacy (S&P 2007), 20-23 May 2007, Oakland, California, USA. IEEE Computer Society, 207–221. https://doi.org/10.1109/SP.2007.22
[3]
Michael Backes, Boris Köpf, and Andrey Rybalchenko. 2009. Automatic Discovery and Quantification of Information Leaks. In 30th IEEE Symposium on Security and Privacy (S&P 2009), 17-20 May 2009, Oakland, California, USA. IEEE Computer Society, 141–153. https://doi.org/10.1109/SP.2009.18
[4]
Roberto Bagnara, Patricia M. Hill, and Enea Zaffanella. 2007. Widening operators for powerset domains. International Journal on Software Tools for Technology Transfer, 9, 3-4 (2007), 413–414. https://doi.org/10.1007/s10009-007-0029-y
[5]
Nikolaj Bjørner, Anh-Dung Phan, and Lars Fleckenstein. 2015. ν Z - An Optimizing SMT Solver. In Tools and Algorithms for the Construction and Analysis of Systems - 21st International Conference, TACAS 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, London, UK, April 11-18, 2015. Proceedings (Lecture Notes in Computer Science, Vol. 9035). Springer, 194–199. https://doi.org/10.1007/978-3-662-46681-0_14
[6]
Niklas Broberg, Bart van Delft, and David Sands. 2017. Paragon - Practical programming with information flow control. Journal of Computer Security, 25, 4-5 (2017), 323–365. https://doi.org/10.3233/JCS-15791
[7]
José González Cabañas, Ángel Cuevas, Rubén Cuevas, Juan López-Fernández, and David García. 2021. Unique on Facebook: formulation and evidence of (nano)targeting individual users with non-PII data. In IMC ’21: ACM Internet Measurement Conference, Virtual Event, USA, November 2-4, 2021. ACM, 464–479. https://doi.org/10.1145/3487552.3487861
[8]
Stephen Chong and Andrew C Myers. 2004. Security policies for downgrading. In Proceedings of the 11th ACM conference on Computer and communications security. 198–209. https://doi.org/10.1145/1030083.1030110
[9]
David Clark, Sebastian Hunt, and Pasquale Malacaria. 2005. Quantitative Information Flow, Relations and Polymorphic Types. Journal of Logic and Computation, 15, 2 (2005), 181–199. https://doi.org/10.1093/logcom/exi009
[10]
Adele Cooper. 2011. Facebook Ads: A Guide to Targeting and Reporting. https://web.archive.org/web/20110521050104/http://www.openforum.com/articles/facebook-ads-a-guide-to-targeting-and-reporting-adele-cooper
[11]
Patrick Cousot and Radhia Cousot. 1976. Static determination of dynamic properties of programs. In Proceedings of the 2nd International Symposium on Programming, Paris, France.
[12]
Dominique Devriese and Frank Piessens. 2011. Information flow enforcement in monadic libraries. In Proceedings of TLDI 2011: 2011 ACM SIGPLAN International Workshop on Types in Languages Design and Implementation, Austin, TX, USA, January 25, 2011. ACM, 59–72. https://doi.org/10.1145/1929553.1929564
[13]
Yu Feng, Ruben Martins, Jacob Van Geffen, Isil Dillig, and Swarat Chaudhuri. 2017. Component-based synthesis of table consolidation and transformation tasks from examples. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017, Barcelona, Spain, June 18-23, 2017. ACM, 422–436. https://doi.org/10.1145/3062341.3062351
[14]
Marco Guarnieri, Musard Balliu, Daniel Schoepe, David A. Basin, and Andrei Sabelfeld. 2019. Information-Flow Control for Database-Backed Applications. In IEEE European Symposium on Security and Privacy, EuroS&P 2019, Stockholm, Sweden, June 17-19, 2019. IEEE, 79–94. https://doi.org/10.1109/EuroSP.2019.00016
[15]
Marco Guarnieri, Srdjan Marinovic, and David Basin. 2017. Securing Databases from Probabilistic Inference. In Proceedings of the 30th IEEE Computer Security Foundations Symposium. IEEE, 343–359. https://doi.org/10.1109/CSF.2017.30
[16]
Sankha Narayan Guria, Jeffrey S. Foster, and David Van Horn. 2021. RbSyn: Type- and Effect-Guided Program Synthesis. In Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation (PLDI 2021). Association for Computing Machinery, New York, NY, USA. 344–358. isbn:9781450383912 https://doi.org/10.1145/3453483.3454048
[17]
Andrew Johnson, Lucas Waye, Scott Moore, and Stephen Chong. 2015. Exploring and Enforcing Security Guarantees via Program Dependence Graphs. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’15). ACM. https://doi.org/10.1145/2737924.2737957
[18]
Oleg Kiselyov, Ralf Lämmel, and Keean Schupke. 2004. Strongly Typed Heterogeneous Collections. In Proceedings of the 2004 ACM SIGPLAN Workshop on Haskell (Haskell ’04). Association for Computing Machinery, New York, NY, USA. 96–107. isbn:1581138504 https://doi.org/10.1145/1017472.1017488
[19]
Boris Köpf and Andrey Rybalchenko. 2010. Approximation and Randomization for Quantitative Information-Flow Analysis. In Proceedings of the 23rd IEEE Computer Security Foundations Symposium, CSF 2010, Edinburgh, United Kingdom, July 17-19, 2010. IEEE Computer Society, 3–14. https://doi.org/10.1109/CSF.2010.8
[20]
Martin Kucera, Petar Tsankov, Timon Gehr, Marco Guarnieri, and Martin Vechev. 2017. Synthesis of Probabilistic Privacy Enforcement. In Proceedings of the 24th ACM Conference on Computer and Communications Security. ACM, 391–408. https://doi.org/10.1145/3133956.3134079
[21]
Nico Lehmann, Rose Kunkel, Jordan Brown, Jean Yang, Niki Vazou, Nadia Polikarpova, Deian Stefan, and Ranjit Jhala. 2021. STORM: Refinement Types for Secure Web Applications. In 15th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2021, July 14-16, 2021. USENIX Association, 441–459. https://www.usenix.org/conference/osdi21/presentation/lehmann
[22]
Peng Li and Steve Zdancewic. 2006. Encoding Information Flow in Haskell. In 19th IEEE Computer Security Foundations Workshop, (CSFW-19 2006), 5-7 July 2006, Venice, Italy. IEEE Computer Society, 16. https://doi.org/10.1109/CSFW.2006.13
[23]
Sheng Liang, Paul Hudak, and Mark Jones. 1995. Monad Transformers and Modular Interpreters. In Proceedings of the 22nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’95). Association for Computing Machinery, New York, NY, USA. 333–343. isbn:0897916921 https://doi.org/10.1145/199448.199528
[24]
Justin Lubin, Nick Collins, Cyrus Omar, and Ravi Chugh. 2020. Program sketching with live bidirectional evaluation. Proceedings of the ACM on Programming Languages, 4, ICFP (2020), 109:1–109:29. https://doi.org/10.1145/3408991
[25]
Piotr Mardziel, Stephen Magill, Michael Hicks, and Mudhakar Srivatsa. 2013. Dynamic enforcement of knowledge-based security policies using probabilistic abstract interpretation. Journal of Computer Security, 21, 4 (2013), 463–532. https://doi.org/10.3233/JCS-130469
[26]
J.L. Massey. 1994. Guessing and entropy. In Proceedings of 1994 IEEE International Symposium on Information Theory. 204–. https://doi.org/10.1109/ISIT.1994.394764
[27]
Peter-Michael Osera and Steve Zdancewic. 2015. Type-and-example-directed program synthesis. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Portland, OR, USA, June 15-17, 2015. ACM, 619–630. https://doi.org/10.1145/2737924.2738007
[28]
James Parker, Niki Vazou, and Michael Hicks. 2019. LWeb: information flow security for multi-tier web applications. Proceedings of the ACM on Programming Languages, 3, POPL (2019), 75:1–75:30. https://doi.org/10.1145/3290388
[29]
Nadia Polikarpova, Ivan Kuraj, and Armando Solar-Lezama. 2016. Program synthesis from polymorphic refinement types. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2016, Santa Barbara, CA, USA, June 13-17, 2016. ACM, 522–538. https://doi.org/10.1145/2908080.2908093
[30]
Nadia Polikarpova, Deian Stefan, Jean Yang, Shachar Itzhaky, Travis Hance, and Armando Solar-Lezama. 2020. Liquid information flow control. Proceedings of the ACM on Programming Languages, 4, ICFP (2020), 105:1–105:30. https://doi.org/10.1145/3408987
[31]
Corneliu Popeea and Wei-Ngan Chin. 2006. Inferring Disjunctive Postconditions. In Advances in Computer Science - ASIAN 2006. Secure Software and Related Issues, 11th Asian Computing Science Conference, Tokyo, Japan, December 6-8, 2006, Revised Selected Papers (Lecture Notes in Computer Science, Vol. 4435). Springer, 331–345. https://doi.org/10.1007/978-3-540-77505-8_26
[32]
François Pottier and Vincent Simonet. 2002. Information flow inference for ML. In Conference Record of POPL 2002: The 29th SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Portland, OR, USA, January 16-18, 2002. ACM, 319–330. https://doi.org/10.1145/503272.503302
[33]
Alejandro Russo. 2015. Functional pearl: two can keep a secret, if one of them uses Haskell. In Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming, ICFP 2015, Vancouver, BC, Canada, September 1-3, 2015. ACM, 280–288. https://doi.org/10.1145/2784731.2784756
[34]
Andrei Sabelfeld and Andrew C. Myers. 2003. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21, 1 (2003), 5–19. https://doi.org/10.1109/JSAC.2002.806121
[35]
Andrei Sabelfeld and David Sands. 2009. Declassification: Dimensions and principles. Journal of Computer Security, 17, 5 (2009), 517–548. https://doi.org/10.3233/JCS-2009-0352
[36]
Claude E. Shannon. 2001. A mathematical theory of communication. ACM SIGMOBILE Mobile Computing and Communications Review, 5, 1 (2001), 3–55. https://doi.org/10.1145/584091.584093
[37]
Geoffrey Smith. 2009. On the Foundations of Quantitative Information Flow. In Foundations of Software Science and Computational Structures, 12th International Conference, FOSSACS 2009, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009, York, UK, March 22-29, 2009. Proceedings (Lecture Notes in Computer Science, Vol. 5504). Springer, 288–302. https://doi.org/10.1007/978-3-642-00596-1_21
[38]
Armando Solar-Lezama, Liviu Tancau, Rastislav Bodík, Sanjit A. Seshia, and Vijay A. Saraswat. 2006. Combinatorial sketching for finite programs. In Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2006, San Jose, CA, USA, October 21-25, 2006. ACM, 404–415. https://doi.org/10.1145/1168857.1168907
[39]
Deian Stefan, Alejandro Russo, John C. Mitchell, and David Mazières. 2011. Flexible dynamic information flow control in Haskell. In Proceedings of the 4th ACM SIGPLAN Symposium on Haskell, Haskell 2011, Tokyo, Japan, 22 September 2011. ACM, 95–106. https://doi.org/10.1145/2034675.2034688
[40]
Ian Sweet, José Manuel Calderón Trilla, Chad Scherrer, Michael Hicks, and Stephen Magill. 2018. What’s the Over/Under? Probabilistic Bounds on Information Leakage. In Principles of Security and Trust - 7th International Conference, POST 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, Thessaloniki, Greece, April 14-20, 2018, Proceedings (Lecture Notes in Computer Science, Vol. 10804). Springer, 3–27. https://doi.org/10.1007/978-3-319-89722-6_1
[41]
Bart van Delft, Sebastian Hunt, and David Sands. 2015. Very static enforcement of dynamic policies. In Principles of Security and Trust - 4th International Conference, POST 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, London, UK, April 11-18, 2015, Proceedings. 32–52. https://doi.org/10.1007/978-3-662-46666-7_3
[42]
Niki Vazou, Joachim Breitner, Rose Kunkel, David Van Horn, and Graham Hutton. 2018. Theorem Proving for All: Equational Reasoning in Liquid Haskell (Functional Pearl). In Proceedings of the 11th ACM SIGPLAN International Symposium on Haskell (Haskell 2018). Association for Computing Machinery, New York, NY, USA. 132–144. isbn:9781450358354 https://doi.org/10.1145/3242744.3242756
[43]
Niki Vazou, Patrick Maxim Rondon, and Ranjit Jhala. 2013. Abstract Refinement Types. In Programming Languages and Systems - 22nd European Symposium on Programming, ESOP 2013, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2013, Rome, Italy, March 16-24, 2013. Proceedings (Lecture Notes in Computer Science, Vol. 7792). Springer, 209–228. https://doi.org/10.1007/978-3-642-37036-6_13
[44]
Niki Vazou, Eric L. Seidel, Ranjit Jhala, Dimitrios Vytiniotis, and Simon Peyton-Jones. 2014. Refinement Types for Haskell. In Proceedings of the 19th ACM SIGPLAN International Conference on Functional Programming (ICFP ’14). Association for Computing Machinery, New York, NY, USA. 269–282. isbn:9781450328739 https://doi.org/10.1145/2628136.2628161
[45]
Niki Vazou, Anish Tondwalkar, Vikraman Choudhury, Ryan G. Scott, Ryan R. Newton, Philip Wadler, and Ranjit Jhala. 2018. Refinement reflection: complete verification with SMT. Proceedings of the ACM on Programming Languages, 2, POPL (2018), 53:1–53:31. https://doi.org/10.1145/3158141
Index Terms
- ANOSY: approximated knowledge synthesis with refinement types for declassification
Recommendations
Trusted declassification:: high-level policy for a security-typed language
PLAS '06: Proceedings of the 2006 workshop on Programming languages and analysis for securitySecurity-typed languages promise to be a powerful tool with which provably secure software applications may be developed. Programs written in these languages enforce a strong, global policy of noninterferencewhich ensures that high-security data will ...
A Type System for Robust Declassification
Language-based approaches to information security have led to the development of security type systems that permit the programmer to describe confidentiality policies on data. Security type systems are usually intended to enforce noninterference, a ...
A semantic framework for declassification and endorsement
ESOP'10: Proceedings of the 19th European conference on Programming Languages and SystemsLanguage-based information flow methods offer a principled way to enforce strong security properties, but enforcing noninterference is too inflexible for realistic applications. Security-typed languages have therefore introduced declassification ...
Comments
Information & Contributors
Information
Published In
June 2022
1038 pages
Copyright © 2022 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 09 June 2022
Check for updates
Badges
Author Tags
Qualifiers
- Research-article
Conference
PLDI '22
Sponsor:
PLDI '22: 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation
June 13 - 17, 2022
CA, San Diego, USA
Acceptance Rates
Overall Acceptance Rate 406 of 2,067 submissions, 20%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 185Total Downloads
- Downloads (Last 12 months)43
- Downloads (Last 6 weeks)8
Reflects downloads up to 09 Nov 2024
Other Metrics
Citations
Cited By
View all- Guria SFoster JVan Horn D(2023)Absynthe: Abstract Interpretation-Guided SynthesisProceedings of the ACM on Programming Languages10.1145/35912857:PLDI(1584-1607)Online publication date: 6-Jun-2023
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in