Security ECS 289M
Popular in Course
Popular in Engineering Computer Science
This 14 page Class Notes was uploaded by Ashleigh Dare on Tuesday September 8, 2015. The Class Notes belongs to ECS 289M at University of California - Davis taught by Staff in Fall. Since its upload, it has received 25 views. For similar materials see /class/187797/ecs-289m-university-of-california-davis in Engineering Computer Science at University of California - Davis.
Reviews for Security
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 09/08/15
ECS 289M Lecture 18 May 12 2006 Example Program proc tmX array110110 of int class x var y array110110 of int class y var i j int i begin m i 1 b2 L2 if i gt 10 goto L7 b3 j 1 b4 L4 if j gt 10 then goto L6 b5 yijiii Xij j j 1 goto L4 b6 L6 i i 1 goto L2 b7 L7 end May 12 2006 ECS 289M Foundations of Computer Slide 2 and Information Security Flow of Control May 12 2006 ECS 289M Foundations of Computer Slide 3 and Information Security IFD Example In previous procedure FDb1 b2 one path FDb2 b7 bzeb7 or bzeb3eb6eb2eb7 FDb3 b4 one path FDb4 b6 b4eb6 or b4eb5eb6 FDb5 b4 one path FDb6 b2 one path May 12 2006 ECS 289M Foundations of Computer Slide 4 and Information Security Example of Requirements Within each basic block b1 Lowsj b3 Lowsj b5 lub LOW j 51 bsi lubxl l 115 M111ubL0WJSI Combining lub m j s W From declarations true when lub j s 1 B2 b37 b4 b5 b6 Assignments to i j yI conditional is is 10 Requiresjs gb 139 j l From declarations true when 1 May 12 2006 ECS 289M Foundations of Computer Slide 5 and Information Security Example continued 0 B4 b5 Assignments toj yI conditional ist 10 Requiresjs gbj1l1 From declarations means i s y Result May 12 2006 Combine lubg Sy 51 SM Requirement is lub g i s y ECS 289M Foundations of Computer Slide 6 and Information Security Procedure Calls tma b From previous slides to be secure ub j S ymust hold ncaHXconespondstoaytob Means that lub g j S Q or g s 9 More generally proc pni1 im int var ol on int begin S end 8 must be secure For alljand k ifjj 5 9k then I s yk For alljand k ifgjs 9k then 1 s yk May 12 2006 ECS 289M Foundations of Computer Slide 7 and Information Security Excep ons proc copyX int class x var y1 int class Low var sum int class x Z int class Low begin y39 Z sum 0 while Z 0 do begln sum sum X y39 y 1 end end May 12 2006 ECS 289M Foundations of Computer Slide 8 and Information Security Exceptions cont When sum over ows integer over ow trap Procedure exits Value ofx is MAXINTy Info flows from yto x but lt S 1 never checked Need to handle exceptions explicitly Idea on integer over ow terminate loop on integeroverflowexception sum do 2 l Now info flows from sum to 2 meaning sum 5 g This is false sum x dominates Low May 12 2006 ECS 289M Foundations of Computer Slide 9 and Information Security Infinite Loops proc copyX int 01 class x var y1 int 01 class Low begin y 0 while X 0 do nothing y 1 end lfx 0 initially in nite loop lfx 1 initially terminates with yset to 1 No explicit flows but implicit ow from x to y May 12 2006 ECS 289M Foundations of Computer Slide 10 and Information Security Semaphores Use these constructs waitX if X 0 then block until X gt 0 X signalX X X l x is semaphore a shared variable Both executed atomically Consider statement waitsem X X l Implicit flow from sem to X Certification must take this into account X l May 12 2006 ECS 289M Foundations of Computer Slide 11 and Information Security Flow Requirements Semaphores in signal irrelevant Don t affect information ow in that process Statement 8 is a wait sharedS set of shared variables read Idea information flows out of variables in sharedS fgbS glb of assignment targets following 8 So requirement is sharedS S fgbS begin S1 8 end All 8 must be secure For all i sharedS S fgbS May 12 2006 ECS 289M Foundations of Computer Slide 12 and Information Security Example begin X39 y Z S waitsem a b C X end Requirements lubM S x lubQgxSg sem s g Because fglbS2 a and sharedS2 sem May 12 2006 ECS 289M Foundations of Computer Slide 13 and Information Security Concurrent Loops Similar but wait in loop affects all statements in loop Because if flow of control loops statements in loop before wait may be executed after wait Requirements Loop terminates All statements 81 8 in loop secure lub shared Si sharedS S glbt1 tm WMmqwqamwmmwabmdebw May 12 2006 ECS 289M Foundations of Computer Slide 14 and Information Security Loop Example while i lt n do begin ai item Si waitsem 52 i i l S3 end Conditions forthis to be secure Loop terminates so this condition met S1 secure iflub M 5 gm 82secure if sland S S3 trivially secure May 12 2006 E08 289M Foundations of Computer Slide 15 and Information Security cobegincoend cobegin Xyz Sl abC y SZ coend No information ow among statements For 81 luby slt For 32 lubQ 2 1 5g Security requirement is both must hold So this is secure iflub y g S g lub Q g y s g May 12 2006 E08 289M Foundations of Computer Slide 16 and Information Security Soundness Above exposition intuitive Can be made rigorous Express flows as types Equate certification to correct use of types Checking for valid information flows same as checking types conform to semantics imposed by security policy May 12 2006 ECS 289M Foundations of Computer Slide 17 and Information Security ExecutionBased Mechanisms Detect and stop ows of information that violate policy Done at run time not compile time Obvious approach check explicit ows Problem assume for security x y ifX 1theny a When x at 1 lt High 1 Low g Low appears okay but implicit ow violates condition May 12 2006 ECS 289M Foundations of Computer Slide 18 and Information Security Fenton s Data Mark Machine Each variable has an associated class Program counter PC has one too Idea branches are assignments to PC so you can treat implicit flows as explicit flows Stackbased machine so everything done in terms of pushing onto and popping from a program stack May 12 2006 ECS 289M Foundations of Computer Slide 19 and Information Security Instruction Description skip means instruction not executed pushx lt means push variable X and its security class 5 onto program stack popx 5 means pop top value and security class from program stack assign them to variable X and its security class 5 respectively May 12 2006 ECS 289M Foundations of Computer Slide 20 and Information Security Instructions X 1 increment 39 X Sameas if E s X then X X 1 else skip 39 if X 0 then goto 11 else X X l branch and save PC on stack Sameas if X 0 then begin pushPC E E lubE X PC n end else if E s 3 then X X 1 else skip May 12 2006 ECS 289M Foundations of Computer Slide 21 and Information Security More Instructions X 1 branch 39 if X 0 then goto n else X without saving PC on stack Same as if X 0 then if X 5 g then PC n else skip else if PC 5 X then X X 1 else skip ECS 289M Foundations of Computer Slide 22 May 12 2006 and Information Security More Instructions return go to just after last if Same as p0pPC E halt stop Same as if program stack empty then halt Note stack empty to prevent user obtaining information from it after halting May 12 2006 ECS 289M Foundations of Computer Slide 23 and Information Security Example Program 1 ifX0then goto4elseXX 1 2 ifz0thengoto6elsezZ 1 3 halt 4 Z Z 1 5 return 6 y y 1 7 return InitiallyxOorx1y0z0 Program copies value ofX to y May 12 2006 ECS 289M Foundations of Computer Slide 24 and Information Security Example Execution X y z PC stack check 1 0 0 1 Low 0 0 0 2 Low Low S x o o o 6 g 3 Low 0 1 o 7 g 3 Low E s y 0 1 0 3 Low May 12 2006 E08 289M Foundations of Computer Slide 25 and Information Security Handling Errors Ignore statement that causes error but continue execution If aborted or a visible exception taken user could deduce information Means errors cannot be reported unless user has clearance at least equal to that of the information causing the error May 12 2006 E08 289M Foundations of Computer Slide 26 and Information Security Variable Classes Up to now classes fixed Check relationships on assignment etc Consider variable classes Fenton s Data Mark Machine does this for PC On assignment of form y fx1 xn y changed to lub g1 5n Need to consider implicit flows also May 12 2006 ECS 289M Foundations of Computer Slide 27 and Information Security Example Program Copy value from X to y Initially X is 0 or 1 proc copyX int class x var y1 int class y var Z int class variable Low begin y z if X if Z end changes when 2 assigned to Assume ylt X 0 then Z 0 then y 1 0 0 1 I I May 12 2006 ECS 289M Foundations of Computer Slide 28 and Information Security
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'