Compositional Security Definitions for Higher-Order Where Declassification (SPLASH 2023 - OOPSLA)

Sun 22 - Fri 27 October 2023 Cascais, Portugal

Who

Jan Menz, Andrew K. Hirsch, Peixuan Li, Deepak Garg

Track

SPLASH 2023 OOPSLA

Time Zone

The program is currently displayed in (GMT+01:00) Lisbon.

Use conference time zone: (GMT+01:00) LisbonSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Fri 27 Oct 2023 14:00 - 14:18 at Room XII - security & privacy Chair(s): Arjun Guha

Abstract

To ensure programs do not leak private data, we often want to be able to provide formal guarantees ensuring such data is handled correctly. Often, we cannot keep such data secret entirely; instead programmers specify how private data may be declassified. While security definitions for declassification exist, they mostly do not handle higher-order programs. In fact, in the higher-order setting no compositional security definition exists for intensional information-flow properties such as where declassification, which allows declassification in specific parts of a program. We use logical relations to build a model (and thus security definition) of where declassification. The key insight required for our model is that we must stop enforcing indistinguishability once a relevant declassification has occurred. We show that the resulting security definition provides more security than the most related previous definition, which is for the lower-order setting.

DOI

https://doi.org/10.1145/3586041

Jan Menz

MPI-SWS

Germany

Andrew K. Hirsch

University at Buffalo, SUNY

United States

Peixuan Li

Pennsylvania State University