Abstract | ||
---|---|---|
Recently, much progress has been made on achieving information-flow security via secure multi-execution. Secure multi-execution (SME) is an elegant way to enforce security by executing a given program multiple times, once for each security level, while carefully dispatching inputs and ensuring that an execution at a given level is responsible for producing outputs for information sinks at that level. Secure multi-execution guarantees noninterference, in the sense of no dependencies from secret inputs to public outputs, and transparency, in the sense that if a program is secure then its secure multi-execution does not destroy its original behavior. This paper pushes the boundary of what can be achieved with secure multi-execution. First, we lift the assumption from the original secure multi-execution work on the totality of the input environment (that there is always assumed to be input) and on the cooperative scheduling. Second, we generalize secure multi-execution to distinguish between security levels of presence and content of messages. Third, we introduce a declassification model for secure multi-execution that allows expressing what information can be released. Fourth, we establish a full transparency result showing how secure multi-execution can preserve the original order of messages in secure programs. We demonstrate that full transparency is a key enabler for discovering attacks with secure multi-execution. |
Year | DOI | Venue |
---|---|---|
2013 | 10.1109/CSF.2013.10 | Computer Security Foundations Symposium |
Keywords | Field | DocType |
information-flow security,full transparency result,security level,full transparency,secure multi-execution guarantees noninterference,original order,secure multi-execution,secure program,original secure multi-execution work,original behavior,integrated circuits,lattices,semantics,security,communication channels | Transparency (graphic),Secure multi-party computation,Computer security,Computer science,Declassification,Secure input and output handling,Commitment scheme,Secure by default,Secure two-party computation,Distributed computing,Secure by design | Conference |
Volume | Issue | ISSN |
24 | 1 | 1063-6900 |
Citations | PageRank | References |
17 | 0.55 | 25 |
Authors | ||
2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Willard Rafnsson | 1 | 41 | 2.72 |
Andrei Sabelfeld | 2 | 2692 | 121.16 |