Write a Blog >>
Sat 25 Jan 2020 11:18 - 11:42 at Rosalie - Foundations and timing channels Chair(s): Marco Vassena

Practitioners of secure information flow often face a design challenge: what is the right semantic treatment of leaks via termination? On the one hand, the potential harm of untrusted code calls for strong progress-sensitive security. On the other hand, when the code is trusted to not aggressively exploit termination channels, practical concerns, such as permissiveness of the enforcement, make a case for settling for weaker, progress-insensitive security. This binary situation, however, provides no suitable middle point for systems that mix trusted and untrusted code. This work connects the two extremes by viewing progress-insensitivity as a particular form of declassification. Our novel semantic condition reconciles progress-insensitive security as a declassification bound on the so-called progress knowledge (in an otherwise progress-sensitive setting). We show how the new condition can be soundly enforced using a mostly standard information-flow monitor.

Slides (PriSC.pdf)2.30MiB

Sat 25 Jan
Times are displayed in time zone: Saskatchewan, Central America change

10:30 - 12:30: Foundations and timing channelsPriSC at Rosalie
Chair(s): Marco VassenaCISPA Helmholtz Center for Information Security
10:30 - 10:54
Talk
Exorcising Spectres with Secure Compilers
PriSC
Marco PatrignaniStanford University & CISPA , Marco GuarnieriIMDEA Software Institute
Media Attached File Attached
10:54 - 11:18
Talk
Trace-Relating Compiler Correctness and Secure Compilation
PriSC
Carmine AbateInria Paris, Roberto BlancoInria, Stefan CiobacaAlexandru Ioan Cuza University of Iasi, Deepak GargMax Planck Institute for Software Systems, Cătălin HriţcuInria Paris, Marco PatrignaniStanford University & CISPA , Éric TanterUniversity of Chile, Jérémy ThibaultInria Paris
Media Attached File Attached
11:18 - 11:42
Talk
Reconciling progress-insensitive noninterference and declassification
PriSC
Johan BayAarhus University, Aslan AskarovAarhus University
Media Attached File Attached
11:42 - 12:06
Talk
Hermes: Implementing Cryptography without Side-channels
PriSC
Ken Friis LarsenDIKU, University of Copenhagen, Torben MogensenDIKU, University of Copenhagen, Michael Kirkedal ThomsenDIKU, University of Copenhagen
12:06 - 12:30
Talk
A CompCert Compiler that Preserves Cryptographic Constant-time
PriSC
Sandrine BlazyUniv Rennes- IRISA, Rémi HutinIRISA / ENS Rennes, David PichardieUniv Rennes, ENS Rennes, IRISA
Media Attached