Article

On Confidentiality and Algorithms

Authors:

Johan Agat,

David SandsAuthors Info & Claims

SP '01: Proceedings of the 2001 IEEE Symposium on Security and Privacy

Page 64

Published: 14 May 2001 Publication History

Publisher Site

Abstract

Abstract: Recent interest in methods for certifying programs for secure information flow (noninterference) have failed to raise a key question: can efficient algorithms be written so as to satisfy the requirements of secure information flow? In this paper we discuss how algorithms for searching and sorting can be adapted to work on collections of secret data without leaking any confidential information, either directly, indirectly, or through timing behaviour. We pay particular attention to the issue of timing channels caused by cache behaviour, and argue that it is necessary to disable the effect of the cache in order to construct algorithms manipulating pointers to objects in such a way that they satisfy the conditions of noninterference. We also discuss how randomisation can be used to implement secure algorithms, and discuss how randomised hash tables might be made practically secure.

Cited By

View all

Mantel HSabelfeld A(2018)A unifying approach to the security of distributed and multi-threaded programsJournal of Computer Security10.5555/959088.95909411:4(615-676)Online publication date: 24-Dec-2018
https://dl.acm.org/doi/10.5555/959088.959094
Doychev GKöpf BMauborgne LReineke J(2015)CacheAuditACM Transactions on Information and System Security (TISSEC)10.1145/275655018:1(1-32)Online publication date: 9-Jun-2015
https://dl.acm.org/doi/10.1145/2756550
Almeida JBarbosa MBarthe GDupressoir FSadeghi AGligor VYung M(2013)Certified computer-aided cryptographyProceedings of the 2013 ACM SIGSAC conference on Computer & communications security10.1145/2508859.2516652(1217-1230)Online publication date: 4-Nov-2013
https://dl.acm.org/doi/10.1145/2508859.2516652
Show More Cited By

On Confidentiality and Algorithms
1. Security and privacy
  1. Systems security

Recommendations

Preserving Data Confidentiality in Internet of Things
Abstract
The Internet of Things (IoT) is a network of linked physical objects worldwide, communicating via the Internet to one another. IoT expects the interconnection between a few trillions of intelligent things and the collected information offers a lot ...
Flash controller-based secure execution environment for protecting code confidentiality
Abstract
With the rapid evolution of Internet-of-Things (IoT), billions of IoT devices have connected to the Internet, collecting information via tags and sensors. For an IoT device, the application code itself and data collected by sensors can be of ...
Ensuring Confidentiality in the Cloud of Things
Leveraging low-cost public clouds for gathering and processing data from large numbers of devices is an appealing approach to unleash the potential of the Internet of Things (IoT). This combination of clouds with the IoT—dubbed Cloud of Things (CoT)—is, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SP '01: Proceedings of the 2001 IEEE Symposium on Security and Privacy

May 2001

Publisher

IEEE Computer Society

United States

Publication History

Published: 14 May 2001

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 31 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Mantel HSabelfeld A(2018)A unifying approach to the security of distributed and multi-threaded programsJournal of Computer Security10.5555/959088.95909411:4(615-676)Online publication date: 24-Dec-2018
https://dl.acm.org/doi/10.5555/959088.959094
Doychev GKöpf BMauborgne LReineke J(2015)CacheAuditACM Transactions on Information and System Security (TISSEC)10.1145/275655018:1(1-32)Online publication date: 9-Jun-2015
https://dl.acm.org/doi/10.1145/2756550
Almeida JBarbosa MBarthe GDupressoir FSadeghi AGligor VYung M(2013)Certified computer-aided cryptographyProceedings of the 2013 ACM SIGSAC conference on Computer & communications security10.1145/2508859.2516652(1217-1230)Online publication date: 4-Nov-2013
https://dl.acm.org/doi/10.1145/2508859.2516652
Svenningsson JSands D(2009)Specification and verification of side channel declassificationProceedings of the 6th international conference on Formal Aspects in Security and Trust10.1007/978-3-642-12459-4_9(111-125)Online publication date: 5-Nov-2009
https://dl.acm.org/doi/10.1007/978-3-642-12459-4_9
Buchholtz MGilmore SHillston JNielson F(2005)Securing Statically-verified Communications Protocols Against Timing AttacksElectronic Notes in Theoretical Computer Science (ENTCS)10.1016/j.entcs.2005.01.016128:4(123-143)Online publication date: 1-Apr-2005
https://dl.acm.org/doi/10.1016/j.entcs.2005.01.016
Mantel HSabelfeld A(2001)A Generic Approach to the Security of Multi-Threaded ProgramsProceedings of the 14th IEEE workshop on Computer Security Foundations10.5555/872752.873516Online publication date: 11-Jun-2001
https://dl.acm.org/doi/10.5555/872752.873516

Abstract

Cited By

Recommendations

Preserving Data Confidentiality in Internet of Things

Flash controller-based secure execution environment for protecting code confidentiality

Ensuring Confidentiality in the Cloud of Things

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations