Secure information flow with random assignment and encryption

Type systems for secure information flow aim to prevent a program from leaking information from variables classified as $H$ to variables classified as $L$. In this work we extend such a type system to address encryption and decryption; our intuition is that encrypting a $H$ plaintext yields a $L$ ciphertext. We argue that well-typed, polynomial-time programs in our system satisfy a computational probabilistic noninterference property, provided that the encryption scheme is IND-CCA secure. As a part of our proof, we first consider secure information flow in a language with a random assignment operator (but no encryption). We establish a result that may be of independent interest, namely, that well-typed, probabilistically total programs with random assignments satisfy probabilistic noninterference. We establish this result using a weak probabilistic bisimulation.

[1]  Birgit Pfitzmann,et al.  Computational probabilistic noninterference , 2002, International Journal of Information Security.

[2]  Peeter Laud,et al.  Handling Encryption in an Analysis for Secure Information Flow , 2003, ESOP.

[3]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[4]  Geoffrey Smith,et al.  A new type system for secure information flow , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[5]  Peeter Laud,et al.  Secrecy types for a simulatable cryptographic library , 2005, CCS '05.

[6]  Kim Guldstrand Larsen,et al.  Specification and refinement of probabilistic processes , 1991, [1991] Proceedings Sixth Annual IEEE Symposium on Logic in Computer Science.

[7]  David Clark,et al.  Quantitative Analysis of the Leakage of Confidential Data , 2002, QAPL.

[8]  Bogdan Warinschi A computational analysis of the Needham-Schroeder-(Lowe) protocol , 2005 .

[9]  Chris Hankin,et al.  Approximate non-interference , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[10]  Birgit Pfitzmann,et al.  Computational probabilistic noninterference , 2004, International Journal of Information Security.

[11]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[12]  Andrew C. Myers,et al.  Jif: java information flow , 1999 .

[13]  Frank E. Grubbs,et al.  An Introduction to Probability Theory and Its Applications , 1951 .

[14]  Ira S. Moskowitz,et al.  A pump for rapid, reliable, secure communication , 1993, CCS '93.

[15]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[16]  Varmo Vene,et al.  A Type System for Computationally Secure Information Flow , 2005, FCT.

[17]  B. Harshbarger An Introduction to Probability Theory and its Applications, Volume I , 1958 .

[18]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)* , 2001, Journal of Cryptology.

[19]  Peng Li,et al.  Downgrading policies and relaxed noninterference , 2005, POPL '05.

[20]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[21]  Peeter Laud Semantics and Program Analysis of Computationally Secure Information Flow , 2001, ESOP.

[22]  D. V. Lindley,et al.  An Introduction to Probability Theory and Its Applications. Volume II , 1967, The Mathematical Gazette.

[23]  H. Stamer Security-Typed Languages for Implementation of Cryptographic Protocols : A Case Study , 2007 .

[24]  David Sands,et al.  Dimensions and principles of declassification , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[25]  Dennis M. Volpano Secure introduction of one-way functions , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[26]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[27]  Geoffrey Smith,et al.  Probabilistic noninterference through weak probabilistic bisimulation , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[28]  Birgit Pfitzmann,et al.  Relating Symbolic and Cryptographic Secrecy , 2005, IEEE Trans. Dependable Secur. Comput..