1 / 8

Security Properties & Language-Based Security

Security Properties & Language-Based Security. Andrew Myers. The need for definitions. Need a notion of what security means Drives design decisions Formal  Assurance Candidates?. Some security properties. Need higher-level descriptions What can we specify? What can we enforce?

gada
Download Presentation

Security Properties & Language-Based Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Properties &Language-Based Security Andrew Myers

  2. The need for definitions • Need a notion of what security means • Drives design decisions • Formal  Assurance • Candidates?

  3. Some security properties • Need higher-level descriptions • What can we specify? • What can we enforce? • Sweet spot? “System does what it’s supposed to” Digital Rights Privacy End-to-end confidentiality & integrity ‘Enforceable policies’ Access controls Encapsulation Type safety Memory safety Performance Availability LIVENESS SAFETY

  4. Language-based security • Moves the sweet spot • Program is no longer a black box • Can analyze fine-grained behavior • Not just safety properties • Connect formal definitions of security to formal models of execution • Might be cheaper too…

  5. The static analysis game |- M = “M passes the analysis” |- M  M’ = “M’ is a transformation of M that passes the analysis M |= F = “M has security property F” Soundness: |- M => M |= F -- can prove it!

  6. Compositionality M1 |= F & M2 |= F does not mean M1 + M2 |= F But…define a static analysis so that |- M1 & |- M2 => |- M1+M2

More Related