Gradual Release: Unifying Declassification, Encryption and Key Release Policies

Information security has a challenge to address: enabling information-flow controls with expressive information release (or declassification) policies. Existing approaches tend to address some aspects of information release, exposing the other aspects for possible attacks. It is striking that these approaches fall into two mostly separate categories: revelation-based (as in information purchase, aggregate computation, moves in a game, etc.) and encryption-based declassification (as in sending encrypted secrets over an untrusted network, storing passwords, etc.). This paper introduces gradual release, a policy that unifies declassification, encryption, and key release policies. We model an attacker's knowledge by the sets of possible secret inputs as functions of publicly observable outputs. The essence of gradual release is that this knowledge must remain constant between releases. Gradual release turns out to be a powerful foundation for release policies, which we demonstrate by formally connecting revelation-based and encryption-based declassification. Furthermore, we show that gradual release can be provably enforced by security types and effects.

[1]  John C. Mitchell Probabilistic Polynomial-Time Process Calculus and Security Protocol Analysis , 2001, ESOP.

[2]  Birgit Pfitzmann,et al.  Intransitive non-interference for cryptographic purposes , 2003, 2003 Symposium on Security and Privacy, 2003..

[3]  Andrew C. Myers,et al.  Security policies for downgrading , 2004, CCS '04.

[4]  Peeter Laud,et al.  Handling Encryption in an Analysis for Secure Information Flow , 2003, ESOP.

[5]  Dennis M. Volpano Secure introduction of one-way functions , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[6]  H. Stamer Security-Typed Languages for Implementation of Cryptographic Protocols : A Case Study , 2007 .

[7]  Jan Vitek,et al.  Type-based distributed access control , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[8]  Gérard Boudol,et al.  On Declassification and the Non-Disclosure Policy , 2005, CSFW.

[9]  John C. Mitchell,et al.  A probabilistic poly-time framework for protocol analysis , 1998, CCS '98.

[10]  Peeter Laud Semantics and Program Analysis of Computationally Secure Information Flow , 2001, ESOP.

[11]  John Rushby,et al.  Noninterference, Transitivity, and Channel-Control Security Policies 1 , 2005 .

[12]  David Sands,et al.  Declassification: Dimensions and principles , 2009, J. Comput. Secur..

[13]  Gérard Boudol,et al.  On declassification and the non-disclosure policy , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[14]  Andrew C. Myers,et al.  Enforcing Robust Declassification and Qualified Robustness , 2006, J. Comput. Secur..

[15]  Varmo Vene,et al.  A Type System for Computationally Secure Information Flow , 2005, FCT.

[16]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[17]  David Sands,et al.  Controlled Declassification Based on Intransitive Noninterference , 2004, APLAS.

[18]  Andrew C. Myers,et al.  A Model for Delimited Information Release , 2003, ISSS.

[19]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[20]  Boniface Hicks,et al.  Trusted declassification:: high-level policy for a security-typed language , 2006, PLAS '06.

[21]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[22]  Andrew D. Gordon,et al.  Secrecy Despite Compromise: Types, Cryptography, and the Pi-Calculus , 2005, CONCUR.

[23]  Heiko Mantel,et al.  Possibilistic definitions of security-an assembly kit , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[24]  Dominic Duggan Cryptographic types , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[25]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[26]  Geoffrey Smith,et al.  Verifying secrets and relative secrecy , 2000, POPL '00.

[27]  Andrei Sabelfeld,et al.  Cryptographically-masked flows , 2006, Theor. Comput. Sci..

[28]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[29]  Josep Domingo-Ferrer,et al.  Practical Mental Poker Without a TTP Based on Homomorphic Encryption , 2003, INDOCRYPT.

[30]  David Sands,et al.  Dimensions and principles of declassification , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[31]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[32]  Heiko Mantel,et al.  Controlling the What and Where of Declassification in Language-Based Security , 2007, ESOP.

[33]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.

[34]  E. Stewart Lee,et al.  A general theory of security properties , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[35]  David Sands,et al.  Flow Locks: Towards a Core Calculus for Dynamic Flow Policies , 2006, ESOP.

[36]  J. Todd Wittbold,et al.  Information flow in nondeterministic systems , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[37]  Joseph Y. Halpern,et al.  Secrecy in multiagent systems , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[38]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[39]  Steve Zdancewic,et al.  Challenges for Information-flow Security , 2004 .

[40]  C. Dima,et al.  Nondeterministic noninterference and deducible information flow , 2022 .

[41]  Michael R. Clarkson,et al.  Information-flow security for interactive programs , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).