Two-Bit Pattern Analysis For Quantitative Information Flow

Meng, Ziyuan

27 March 2014

Protecting confidential information from improper disclosure is a fundamental security goal. While encryption and access control are important tools for ensuring confidentiality, they cannot prevent an authorized system from leaking confidential information to its publicly observable outputs, whether inadvertently or maliciously. Hence, secure information flow aims to provide end-to-end control of information flow. Unfortunately, the traditionally-adopted policy of noninterference, which forbids all improper leakage, is often too restrictive. Theories of quantitative information flow address this issue by quantifying the amount of confidential information leaked by a system, with the goal of showing that it is intuitively “small” enough to be tolerated. Given such a theory, it is crucial to develop automated techniques for calculating the leakage in a system. This dissertation is concerned with program analysis for calculating the maximum leakage, or capacity, of confidential information in the context of deterministic systems and under three proposed entropy measures of information leakage: Shannon entropy leakage, min-entropy leakage, and g-leakage. In this context, it turns out that calculating the maximum leakage of a program reduces to counting the number of possible outputs that it can produce. The new approach introduced in this dissertation is to determine two-bit patterns, the relationships among pairs of bits in the output; for instance we might determine that two bits must be unequal. By counting the number of solutions to the two-bit patterns, we obtain an upper bound on the number of possible outputs. Hence, the maximum leakage can be bounded. We first describe a straightforward computation of the two-bit patterns using an automated prover. We then show a more efficient implementation that uses an implication graph to represent the two- bit patterns. It efficiently constructs the graph through the use of an automated prover, random executions, STP counterexamples, and deductive closure. The effectiveness of our techniques, both in terms of efficiency and accuracy, is shown through a number of case studies found in recent literature.

security

language

quantitative information flow

measure

Information Security

Programming Languages and Compilers

Model-Checking Infinite-State Systems For Information Flow Security Properties

Raghavendra, K R

12 1900

Information flow properties are away of specifying security properties of systems ,dating back to the work of Goguen and Meseguer in the eighties. In this framework ,a system is modeled as having high-level (or confidential)events as well as low-level (or public) events, and a typical property requires that the high-level events should not “influence ”the occurrence of low-level events. In other words, the sequence of low-level events observed from a system execution should not reveal “too much” information about the high-level events that may have taken place. For example, the trace-based “non-inference” property states that for every trace produced by the system, its projection to low-level events must also be a possible trace of the system. For a system satisfying non-inference, a low-level adversary (who knows the language generated by the system) viewing only the low-level events in any execution cannot infer any in-formation about the occurrence of high-level events in that execution. Other well-known properties include separability, generalized non-interference, non-deducibility of outputs etc. These properties are trace-based. Similarly there is another class of properties based on the structure of the transition system called bisimulation-based information flow properties, defined by Focardiand Gorrieriin1995. In our thesis we study the problem of model-checking the well-known trace-based and bisimulation-based properties for some popular classes of infinite-state system models. We first consider trace-based properties. We define some language-theoretic operations that help to characterize language-inclusion in terms of satisfaction of these properties. This gives us a reduction of the language inclusion problem for a class of system models, say F, to the model-checking problem for F, whenever F, is effectively closed under these language-theoretic operations. We apply this result to show that the model-checking problem for Petri nets, push down systems and for some properties on deterministic push down systems is undecidable. We also consider the class of visibly pushdown systems and show that their model-checking problem is undecidable in general(for some properties).Then we show that for the restricted class of visibly pushdown systems in which all the high (confidential) event are internal, the model-checking problem becomes decidable. Similarly we show that the problem of model-checking bisimulation-based properties is undecidable for Petrinets, pushdown systems and process algebras. Next we consider the problem of detecting information leakage in programs. Here the programs are modeled to have low and high inputs and low outputs. The well known definition of“ non-interference” on programs says that in no execution should the low outputs depend on the high inputs. However this definition was shown to be too strong to be used in practice, with a simple(and considered to be safe)“password-checking” program failing it.“Abstract non-interference(ANI)”and its variants were proposed in the literature to generalize or weaken non-interference. We call these definitions qualitative refinements of non-interference. We study the problem of model-checking many classes of finite-data programs(variables taking values from a bounded domain)for these refinements. We give algorithms and show that this problem is in PSPACE for while, EXPTIME for recursive and EXPSPACE for asynchronous finite-data programs. We finally study different quantitative refinements of non-interference pro-posed in the literature. We first characterize these measures in terms of pre images. These characterizations potentially help designing analysis computing over and under approximations for these measures. Then we investigate the applicability of these measures on standard cryptographic functions.

Information Flow Properties

Computer Security

Computer Access Control

Infinite-State System Models

Trace-based Information Flow Properties

System Models

Petri Nets

Process Algebra - Model Checking

Pushdown Systems - Model Checking

Access Control Models

Computer Science

Vers l’établissement du flux d’information sûr dans les applications Web côté client / Enforcing secure information flow in client-side Web applications

Fragoso Femenin dos Santos, José

08 December 2014

Nous nous intéressons à la mise en œuvre des politiques de confidentialité et d'intégrité des données dans le contexte des applications Web côté client. Étant donné que la plupart des applications Web est développée en JavaScript, on propose des mécanismes statiques, dynamiques et hybrides pour sécuriser le flux d'information en Core JavaScript - un fragment de JavaScript qui retient ses caractéristiques fondamentales. Nous étudions en particulier: une sémantique à dispositif de contrôle afin de garantir dynamiquement le respect des politiques de sécurité en Core JavaScript aussi bien qu'un compilateur qui instrumente un programme avec le dispositif de contrôle proposé, un système de types qui vérifie statiquement si un programme respecte une politique de sécurité donnée, un système de types hybride qui combine des techniques d'analyse statique à des techniques d'analyse dynamique afin d'accepter des programmes surs que sa version purement statique est obligée de rejeter. La plupart des programmes JavaScript s'exécute dans un navigateur Web dans le contexte d'une page Web. Ces programmes interagissent avec la page dans laquelle ils sont inclus parmi des APIs externes fournies par le navigateur. Souvent, l'exécution d'une API externe dépasse le périmètre de l'interprète du langage. Ainsi, une analyse réaliste des programmes JavaScript côté client doit considérer l'invocation potentielle des APIs externes. Pour cela, on présente une méthodologie générale qui permet d'étendre des dispositifs de contrôle de sécurité afin qu'ils prennent en compte l'invocation potentielle des APIs externes et on applique cette méthodologie à un fragment important de l'API DOM Core Level 1. / In this thesis, we address the issue of enforcing confidentiality and integrity policies in the context of client-side Web applications. Since most Web applications are developed in the JavaScript programming language, we study static, dynamic, and hybrid enforcement mechanisms for securing information flow in Core JavaScript --- a fragment of JavaScript that retains its defining features. Specifically, we propose: a monitored semantics for dynamically enforcing secure information flow in Core JavaScript as well as a source-to-source transformation that inlines the proposed monitor, a type system that statically checks whether or not a program abides by a given information flow policy, and a hybrid type system that combines static and dynamic analyses in order to accept more secure programs than its fully static counterpart. Most JavaScript programs are designed to be executed in a browser in the context of a Web page. These programs often interact with the Web page in which they are included via a large number of external APIs provided by the browser. The execution of these APIs usually takes place outside the perimeter of the language. Hence, any realistic analysis of client-side JavaScript must take into account possible interactions with external APIs. To this end, we present a general methodology for extending security monitors to take into account the possible invocation of arbitrary APIs and we apply this methodology to a representative fragment of the DOM Core Level 1 API that captures DOM-specific information flows.

Analyse des programmes

Systèmes de réécriture

JavaScript

Flux d'information sûr

Program analysis

Program instrumentation

JavaScript

Secure information flow

Informační toky projektového řízení zakázkové výroby v kooperaci dvou firem / Information flows custom manufacturing project management in cooperation of two companies

Maule, Lukáš

January 2015

The thesis is focused on system design of information flows. These flows contribute to coordination of transmission of orders between companies Melecs ETS s.r.o. and Melecs SWL GmbH & CO KG. In the theoretical part are included theories of production management of custom manufacturing, project management, information flows and business process modeling. In the practical part is characterized company Melecs ETS s.r.o. The analytical part contains an analysis of the information flows and documentation of orders and production process. The outcomes represent the bottlenecks in the information flows and their causes. Based on the analysis of flows and their bottlenecks is designed the standardized system of information flows in orders transmission.

Desclasificación basada en tipos en DART: Implementación y elaboración de herramientas de inferencia

Meneses Cortés, Matías Ignacio

January 2018

Ingeniero Civil en Computación / La protección de la confidencialidad de la información manipulada por los programas computacionales es abordada a nivel del código fuente con distintas técnicas. Una de ellas es tipado de seguridad para el control de flujo, que controla el nivel de seguridad donde fluye la información agregando anotaciones a las variables tipadas. La propiedad de seguridad fundamental de control de flujo es conocida como no-interferencia (noninterference), que establece que un observador público no puede obtener conocimiento desde datos confidenciales. A pesar de ser una propiedad muy atractiva, los sistemas reales la vulneran fácilmente, y necesitan mecanismos para desclasificar selectivamente alguna información. En esta dirección, Cruz et al. proponen una forma de desclasificación basada en tipos (type-based declassification), en donde se utilizan las relaciones de subtipos del lenguaje para expresar las políticas de desclasificación de los datos que maneja el programa, en una forma simple y expresiva. A pesar de que el fundamento teórico de la desclasificación basada en tipos está bien descrito, carece de una implementación que permita comprobar la utilidad práctica de la propuesta. En este trabajo, se implementa el análisis de la desclasificación basada en tipos para un subconjunto del lenguaje Dart, un lenguaje de programación de propósito general orientado a objetos desarrollado por Google. Además, se implementó un sistema de inferencia de políticas de desclasificación y una extensión para ambientes de desarrollo, con el objetivo de facilitar el trabajo al programador y mejorar su experiencia.

Protección de datos

Seguridad informática

Dart

Relaxed Noninterference

Information Flow Control

A Framework for anonymous background data delivery and feedback

Timchenko, Maxim

28 October 2015

The current state of the industry’s methods of collecting background data reflecting diagnostic and usage information are often opaque and require users to place a lot of trust in the entity receiving the data. For vendors, having a centralized database of potentially sensitive data is a privacy protection headache and a potential liability should a breach of that database occur. Unfortunately, high profile privacy failures are not uncommon, so many individuals and companies are understandably skeptical and choose not to contribute any information. It is a shame, since the data could be used for improving reliability, or getting stronger security, or for valuable academic research into real-world usage patterns. We propose, implement and evaluate a framework for non-realtime anonymous data collection, aggregation for analysis, and feedback. Departing from the usual “trusted core” approach, we aim to maintain reporters’ anonymity even if the centralized part of the system is compromised. We design a peer-to-peer mix network and its protocol that are tuned to the properties of background diagnostic traffic. Our system delivers data to a centralized repository while maintaining (i) source anonymity, (ii) privacy in transit, and (iii) the ability to provide analysis feedback back to the source. By removing the core’s ability to identify the source of data and to track users over time, we drastically reduce its attractiveness as a potential attack target and allow vendors to make concrete and verifiable privacy and anonymity claims.

Computer engineering

Anonymity

Data collection

Peer-to-peer networks

Privacy-preserving systems

Secure information flow

Tvorba logistické koncepce ve vybrané firmě / Creation of Logistic Concept in the Selected Company

Krejčí, Pavel

January 2017

The diploma thesis on the topic "Creating a Logistics Concept in a Selected Company" analyzes the logistics system of the company in terms of material and information flows in the production. The theoretical part explains the individual concepts of logistics. The analysis of the current situation of a selected company describes the current order processing, activities that affect order processing and how these activities contribute to the order realization. There are solution proposals in the field of information and material flows as a part of this thesis. These proposals contribute to streamline the course of the order management by the company.

Vnitropodniková komunikace ve vybrané společnosti / Internal Communication in Selected Company.

Rampulová, Kateřina

January 2013

The diploma thesis concerns the internal communication in the company which I have selected. The theoretical part of the thesis describes generally the findings about communication and internal communication. The body focuses on an analysis of the internal communication within the selected company, using the questionnaire. The analysis includes recommendations based on the results of the survey, which could enhance the effectiveness of internal communication within the company structure.

En effektiv etablering av kundinfomation för att öka värdet i produktutveckling / How to establish efficient customer interaction to increase value in product development - A case study at a high technology company

Högstedt, Malin, KENNE, MIKAELA

January 2016

Idag är det vedertaget att det är vitalt för företag att involvera kunderna i produktutvecklingen för att bättre förstå marknadens behov och maximera värdeskapandet av produkterna. Denna involvering kommer att resultera i en ökad innovationskapacitet för organisationen. Denna fallstudie har för avsikt att besvara forskningsfrågan; hur ska ett medelstort högteknologiskt företag fördela kundinformationsflödet på ett systematiskt tillvägagångssätt för att öka innovationskapaciteten? Forskningsmetodiken består av tre delar; såsom förstudie, social nätverksanalys, samt intern och extern benchmarking. Förstudien består av 21 intervjuer internt i organisationen och det sociala nätverket baseras på en enkät, som 49 individer har besvarat. Benchmarkingen har involverat sex individer från en intern avdelning och två intervjuer med externa företag inom samma bransch. Resultatet tyder på att mängden interaktioner med externa kunder bör reduceras för att systematiskt och strukturerat inhämta kundinformationen. För att öka informationsflödet inom organisationen bör en särskild avdelning, som har daglig kontakt med alla avdelningar, ha en informationsspridande roll som överför informationen från marknadsavdelningen till resterande avdelningar internt. Därtill bör spridningen av kundinformation integreras i den dagliga arbetsprocessen, då det underlättar att anamma och använda informationen i det dagliga arbete. / Nowadays, it is well known that it is highly important to involve the customers in the product development in order to better understand the needs of the market, increase the relations to customers and maximize the value creation of the products. This will result in a higher innovation capacity for the organization. This case study intends to answer the research questions, how to allocate the customer information flow in a systematic approach at a medium size high technology company in order to increase the innovation capacity. The research methodology consists of three different parts including pre study, social network analysis, and internal and external benchmarking. The pre study consists of 21 interviews internally in the organization and the social network analysis is based on a survey, which 49 individuals have answered. The benchmarking involves six employees from another department and two interviews with external companies within the same business. The results indicate that the amount of customer interactions with external parties must be decreased in order to systematically receive and maintain customer information. In order to increase the information flow within the organization a specific department, that have daily contacts with almost all departments, should act as a transmitting function as they would connect marketing with research and development. Furthermore, the customer information should be included in the daily working process as it is easier for the employees to embrace and jointly utilize this information.

social network analysis

customer interaction

customer information flow

social nätverksanalys

kundinteraktion

kundinformationsflöde

innovationsförmåga.

Mechanical Engineering

Maskinteknik

Role informace a komunikace v organizaci. Diagnostické nástroje informačních a komunikačních procesů / The Role of Information and Communication in Organisations. Diagnostic Tools of Informatiopn and Communication Processes

Sluková, Petra Zia

January 2012

The Role of Information and Communication in Organisations Diagnostic Tools of Information and Communication Processes The thesis has the objective to explore the interaction of the terms information and communication in organizational settings, and to identify their common characteristics and direct mutual influence. By introducing settings with open and closed communication climates, and diagnostic tools of communication and information audits, the author highlights the mutual overlap of these terms. The first part of the thesis provides an introduction into the theoretical terms information and communication as used in the historical context of their mother disciplines, identifies their similarities and differences, and, most importantly, highlights the long-term intense overlap of these terms at various levels. The second part goes on to introduce the basic forms of organizational structures affecting information transfer, i.e. direction, speed and accuracy of formal and informal information flows in organizational communication networks. The concept of information is brought into context with communication climate which has a direct influence on its form, quantity, quality and timeliness. When characterizing the most frequently used communication diagnosis tools falling into the category of...