kth.sePublications
Change search
Link to record
Permanent link

Direct link
Ahmadian, Amir M.
Publications (3 of 3) Show all publications
Ahmadian, A. M. & Balliu, M. (2022). Dynamic Policies Revisited. In: Proceedings - 7th IEEE European Symposium on Security and Privacy, Euro S and P 2022: . Paper presented at 7th IEEE European Symposium on Security and Privacy, Genoa, 6 June 2022,through 10 June 2022 (pp. 448-466). Institute of Electrical and Electronics Engineers (IEEE)
Open this publication in new window or tab >>Dynamic Policies Revisited
2022 (English)In: Proceedings - 7th IEEE European Symposium on Security and Privacy, Euro S and P 2022, Institute of Electrical and Electronics Engineers (IEEE), 2022, p. 448-466Conference paper, Published paper (Refereed)
Abstract [en]

Information flow control and dynamic policies is a difficult relationship yet to be fully understood. While dynamic policies are a natural choice in many real-world applications that downgrade and upgrade the sensitivity of information, understanding the meaning of security in this setting is challenging. In this paper we revisit the knowledge-based security conditions to reinstate a simple and intuitive security condition for dynamic policies: A program is secure if at any point during the execution the attacker's knowledge is in accordance with the active security policy at that execution point. Our key observation is the new notion of policy consistency to prevent policy changes whenever an attacker is already in possession of the information that the new policy intends to protect. We use this notion to study a range of realistic attackers including the perfect recall attacker, bounded attackers, and forgetful attackers, and their relationship. Importantly, our new security condition provides a clean connection between the dynamic policy and the underlying attacker model independently of the specific use case. We illustrate this by considering the different facets of dynamic policies in our framework. On the verification side, we design and implement DynCoVer, a tool for checking dynamic information-flow policies for Java programs via symbolic execution and SMT solving. Our verification operates by first extracting a graph of program dependencies and then visiting the graph to check dynamic policies for a range of attackers. We evaluate the effectiveness and efficiency of DyncoVeron a benchmark of use cases from the literature and designed by ourselves, as well as the case study of a social network. The results show that DynCoVer can analyze small but intricate programs indicating that it can help verify security-critical parts of Java applications. We release Dyncover publicly to support open science and encourage researchers to explore the topic further.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2022
National Category
Computer Systems Other Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:kth:diva-309603 (URN)10.1109/EuroSP53844.2022.00035 (DOI)000851574500027 ()2-s2.0-85134038311 (Scopus ID)
Conference
7th IEEE European Symposium on Security and Privacy, Genoa, 6 June 2022,through 10 June 2022
Projects
JointForceInferVizTrustFull
Note

QC 20220927

Part of proceedings: ISBN 978-166541614-6

Available from: 2022-03-07 Created: 2022-03-07 Last updated: 2022-09-27Bibliographically approved
Oak, A., Ahmadian, A. M., Balliu, M. & Salvaneschi, G. (2021). Enclave-Based Secure Programming with JE. In: 2021 IEEE SECURE DEVELOPMENT CONFERENCE (SECDEV 2021): . Paper presented at 6th IEEE Secure Development Conference (SecDev'21), 18-20 October, 2021, Virtual/Online. Institute of Electrical and Electronics Engineers (IEEE)
Open this publication in new window or tab >>Enclave-Based Secure Programming with JE
2021 (English)In: 2021 IEEE SECURE DEVELOPMENT CONFERENCE (SECDEV 2021), Institute of Electrical and Electronics Engineers (IEEE) , 2021Conference paper, Published paper (Refereed)
Abstract [en]

Over the past few years, major hardware vendors have started offering processors that support Trusted Execution Environments (TEEs) allowing confidential computations over sensitive data on untrusted hosts. Unfortunately, developing applications that use TEEs remains challenging. Current solutions require using low-level languages (e.g., C/C++) to handle the TEE management process manually a complex and error-prone task. Worse, the separation of the application into components that run inside and outside the TEE may lead to information leaks. In summary, TEEs are a powerful means to design secure applications, but there is still a long way to building secure software with TEEs alone. In this work, we present J(E), a programming model for developing TEE-enabled applications where developers only need to annotate Java programs to define application-level security policies and run them securely inside enclaves.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2021
Keywords
Information Flow Control, Trusted Execution Environment, Security Type System
National Category
Computer Systems
Identifiers
urn:nbn:se:kth:diva-301750 (URN)10.1109/SecDev51306.2021.00026 (DOI)000797871400015 ()2-s2.0-85124349071 (Scopus ID)
Conference
6th IEEE Secure Development Conference (SecDev'21), 18-20 October, 2021, Virtual/Online
Projects
TrustFullJointForceSOS
Note

QC 20210923

QC 20220708

Available from: 2021-09-10 Created: 2021-09-10 Last updated: 2022-07-08Bibliographically approved
Oak, A., Ahmadian, A. M., Balliu, M. & Salvaneschi, G. (2021). Language Support for Secure Software Development with Enclaves. In: : . Paper presented at IEEE Computer Security Foundations Symposium (CSF 2021).
Open this publication in new window or tab >>Language Support for Secure Software Development with Enclaves
2021 (English)Conference paper, Published paper (Refereed)
National Category
Computer Systems
Identifiers
urn:nbn:se:kth:diva-295509 (URN)10.1109/CSF51468.2021.00037 (DOI)000719322000019 ()2-s2.0-85125316246 (Scopus ID)
Conference
IEEE Computer Security Foundations Symposium (CSF 2021)
Note

QC 20210524

Available from: 2021-05-21 Created: 2021-05-21 Last updated: 2022-06-25Bibliographically approved
Organisations

Search in DiVA

Show all publications