[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/325694.325729acmconferencesArticle/Chapter ViewAbstractPublication PagespoplConference Proceedingsconference-collections
Article
Free access

Verifying secrets and relative secrecy

Published: 05 January 2000 Publication History

Abstract

Systems that authenticate a user based on a shared secret (such as a password or PIN) normally allow anyone to query whether the secret is a given value. For example, an ATM machine allows one to ask whether a string is the secret PIN of a (lost or stolen) ATM card. Yet such queries are prohibited in any model whose programs satisfy an information-flow property like Noninterference. But there is complexity-based justification for allowing these queries. A type system is given that provides the access control needed to prove that no well-typed program can leak secrets in polynomial time, or even leak them with nonnegligible probability if secrets are of sufficient length and randomly chosen. However, there are well-typed deterministic programs in a synchronous concurrent model capable of leaking secrets in linear time.

References

[1]
T. Baker, j. Gill, and R. Solovay. Relativizations of the P =? NP question. SIAM J. Computing, 4(4):431-442, 1975.]]
[2]
P. Beauchemin, G. Brassaxd, C. Cr~peau, C. Goutier, and C. Pomerance. The generation of random numbers that are provably prime. Journal of Cryptology, 1(1):53-64, 1988.]]
[3]
M. Bellare and P. Rogaway. The exact security of digital signatures--how to sign with RSA and Robin. In Proc. Eurocrypt 96. Lecture Notes in Computer Science 1070, 1996.]]
[4]
M. Bellare and P. Rogaway. Practice-oriented provable security. In Proc. of First International Workshop on Information Security. Lecture Notes in Computer Science 1396, 1998.]]
[5]
J. Goguen and J. Meseguer. Security policies and security models. In Proceedings 1982 IEEE Symposium on Security and Privacy, pages 11-20, Oakland, CA, 1982.]]
[6]
J. Gray, K. Ip, and K. Lui. Provable security for cryptographic protocols--exact analysis and engineering applications. Journal of Computer Security, 6(1,2):23-52, 1998.]]
[7]
P. Kocher. Timing attacks on implementations of Diffie-ttellman, RSA, DSS and other systems. In Proceedings 16th Annual Crypto Conference, August 1996.]]
[8]
P. Lincoln, J. Mitchell, M. Mitchell, and A. Scedrov. A probabilistic poly-time framework for protocol analysis. In Proceedings 5th A CM Conference on Computer and Communications Security~ San Francisco, CA, November 1998.]]
[9]
A. Myers. Jflow: Practical mostly-static information flow control. In Proceedings 26th Symposium on Principles of Programming Languages, pages 228-241, San Antonio, TX, January 1999.]]
[10]
B. Schneier. Applied Crypgography. John Wiley & Sons, 1996. Second Edition.]]
[11]
M. Sipser. Introduction to the Theory of Computation. PWS Publishing Company, 1997.]]
[12]
G. Smith and D. Volpano. Secure information flow in a multi-threaded imperative language. In Proceedings 25th Symposium on Principles of Programming Languages, pages 355-364, San Diego, CA, January 1998.]]
[13]
D. Voipano and G. Smith. Eliminating covert flows with minimum typings. In Proceedings l Oth IEEE Computer Security Foundations Workshop, pages 156-168, June 1997.]]
[14]
D. Volpano and G. Smith. Probabilistic noninterference in a concurrent language. Journal of Computer Security, 7(2,3):231-253, 1999.]]
[15]
D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(2,3):167-187, 1996.]]

Cited By

View all
  • (2024)Declassification Policy for Program Complexity AnalysisProceedings of the 39th Annual ACM/IEEE Symposium on Logic in Computer Science10.1145/3661814.3662100(1-14)Online publication date: 8-Jul-2024
  • (2023)Verifying Indistinguishability of Privacy-Preserving ProtocolsProceedings of the ACM on Programming Languages10.1145/36228497:OOPSLA2(1442-1469)Online publication date: 16-Oct-2023
  • (2020)RIFJournal of Computer Security10.3233/JCS-19131628:2(191-228)Online publication date: 1-Jan-2020
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
POPL '00: Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
January 2000
402 pages
ISBN:1581131259
DOI:10.1145/325694
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 January 2000

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Article

Conference

POPL00

Acceptance Rates

POPL '00 Paper Acceptance Rate 30 of 151 submissions, 20%;
Overall Acceptance Rate 824 of 4,130 submissions, 20%

Upcoming Conference

POPL '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)58
  • Downloads (Last 6 weeks)5
Reflects downloads up to 21 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Declassification Policy for Program Complexity AnalysisProceedings of the 39th Annual ACM/IEEE Symposium on Logic in Computer Science10.1145/3661814.3662100(1-14)Online publication date: 8-Jul-2024
  • (2023)Verifying Indistinguishability of Privacy-Preserving ProtocolsProceedings of the ACM on Programming Languages10.1145/36228497:OOPSLA2(1442-1469)Online publication date: 16-Oct-2023
  • (2020)RIFJournal of Computer Security10.3233/JCS-19131628:2(191-228)Online publication date: 1-Jan-2020
  • (2018)Compositional Non-interference for Concurrent Programs via Separation and FramingPrinciples of Security and Trust10.1007/978-3-319-89722-6_3(53-78)Online publication date: 14-Apr-2018
  • (2017)Hypercollecting semantics and its application to static analysis of information flowACM SIGPLAN Notices10.1145/3093333.300988952:1(874-887)Online publication date: 1-Jan-2017
  • (2017)Hypercollecting semantics and its application to static analysis of information flowProceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages10.1145/3009837.3009889(874-887)Online publication date: 1-Jan-2017
  • (2015)Cryptographic Enforcement of Language-Based Information ErasureProceedings of the 2015 IEEE 28th Computer Security Foundations Symposium10.1109/CSF.2015.30(334-348)Online publication date: 13-Jul-2015
  • (2014)Satisfiability modulo countingProceedings of the Joint Meeting of the Twenty-Third EACSL Annual Conference on Computer Science Logic (CSL) and the Twenty-Ninth Annual ACM/IEEE Symposium on Logic in Computer Science (LICS)10.1145/2603088.2603097(1-10)Online publication date: 14-Jul-2014
  • (2013)A Type System for Robust DeclassificationElectronic Notes in Theoretical Computer Science (ENTCS)10.1016/S1571-0661(03)50014-783(263-277)Online publication date: 1-Jan-2013
  • (2010)An empirical study of privacy-violating information flows in JavaScript web applicationsProceedings of the 17th ACM conference on Computer and communications security10.1145/1866307.1866339(270-283)Online publication date: 4-Oct-2010
  • Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media