SlideShare a Scribd company logo

Static-talk

G
giunti
TechnologyEducation
1 of 40
Download to read offline
Static semantics of secret channel abstractions Marco Giunti Imperial College, May 15 2014
Abstractions for message-passing • We study the secret channel abstraction for concurrent systems communicating through message-passing (MP) • We are interested in showing that the high-level abstraction can be represented in a standard π-calculus by means of static typing • Plan: 1. A language for secret message-passing 2. A type system for the π-calculus featuring static and dynamic scope for channels 3. A semantics-preserving translation (API) of the language into the typed π-calculus
Dynamic scope vs Security • One of the main features of the π-calculus is dynamic scope for channels • Sending a restricted channels to the context allows to enlarge its scope (ν h)(h CreditCard | h(x).p h )
Dynamic scope vs Security • One of the main features of the π-calculus is dynamic scope for channels • Sending a restricted channels to the context allows to enlarge its scope (ν h)(h CreditCard | h(x).p h ) • Two main security issues in disclosing restricted channels: 1. Reasoning on the knowledge of the context is complex 2. Cryptographic implementations of programs in open networks suffer from the “forward secrecy problem” net {CreditCard}h+ | net(y).decrypt y as{x}h−in net {h+ , h− }p+
Hide and New in the pi calculus • Based on this motivation in [GPV12] we introduced the secret π-calculus • Conservative extension of the (untyped) π-calculus obtained by adding an hide construct: [hide h][h CreditCard | h(x).p h ] h cannot be extruded • Aim is confidentiality, obtained by restricting the access of the object of communication • Standard channels are accessible by the context: (new h)(h CreditCard | h(x).p h ) h can be extruded
This talk: An API for secure MP • We show that the hide construct can be translated in a typed π-calculus enjoying a standard semantics • Guideline: the source language must be “untyped’’, the security type abstractions are inferred during the compilation • Motivation: we want to make available the secret channel macro without burdening programmers with the security mechanism • Soundness result: if a source program is (compiled and type-)checked then the context cannot receive a channel protected by hide during the computation
Source language: basic types • We consider basic types of the form below D ::= (E, E) | bool E ::= ?D | !D • End point ?D: unbounded input use to receive values of type D • End point !D: unbounded output use to send values of type D • Basic types allow to avoid runtime errors of the form: x true | x(y).y(z)
Source language: basic types • We consider basic types of the form below D ::= (E, E) | bool E ::= ?D | !D • End point ?D: unbounded input use to receive values of type D • End point !D: unbounded output use to send values of type D • Basic types allow to avoid runtime errors of the form: x true | x(y).y(z) • In the source language we decorate fresh variables with basic types (simplifies translation, but it could be obtained by type inference
Source language: processes • The source language features two operators for creating channels M ::= x(y).M | x v .M | M | N | if v then M else N | !M | 0 | (new x: D)M | [hide x: D]M • Channels created with new can be sent to the context • Channels created with hide are only available locally
Source language: processes • The source language features two operators for creating channels M ::= x(y).M | x v .M | M | N | if v then M else N | !M | 0 | (new x: D)M | [hide x: D]M • Channels created with new can be sent to the context • Channels created with hide are only available locally • Example: a program sending a dynamic channel (new y: (?bool, !bool))(x y ) | x(z).(z true | z(u).if u then 0 else 0)
Source language: processes • The source language features two operators for creating channels M ::= x(y).M | x v .M | M | N | if v then M else N | !M | 0 | (new x: D)M | [hide x: D]M • Channels created with new can be sent to the context • Channels created with hide are only available locally • Example: a program sending a standard channel (new y: (?bool, !bool))(x y ) | x(z).(z true | z(u).if u then 0 else 0) • Example: a program sending a secret channel [hide y: (?bool, !bool)][x y | x(z)]
Target language: typed pi calculus • Pi calculus types have the syntax: T ::= (S, S) | bool S ::= m ?T | m !T m ::= dyn | st • We compile source programs into typed pi calculus processes P ::= x v .P | x(y ÷ B).P | · · · | (ν x: T)P • The input process is decorated with set of blocked types • Dynamic semantics unaffected, blocked set used by typing system x v .P | x(y ÷ B).Q → P | Q{v/x}
Toy example and translation • Take a source program forwarding a channel protected by hide M1 = (new x: D)[hide y: Ds][x y | x(w).z1 w ] | z2(u) D = (?Ds, !Ds) Ds = (?bool, !bool)
Toy example and translation • Take a source program forwarding a channel protected by hide M1 = (new x: D)[hide y: Ds][x y | x(w).z1 w ] | z2(u) D = (?Ds, !Ds) Ds = (?bool, !bool) • The translation of M1 is: [[M1]] = (ν x: T, y: Ts)(x y | x(w).z1 w ) | z2(u) T = (dyn ?Td, dyn !Td) Ts = (st ?bool, st !bool) Td = (dyn ?bool, dyn !bool)
Toy example and translation • Take a source program forwarding a channel protected by hide M1 = (new x: D)[hide y: Ds][x y | x(w).z1 w ] | z2(u) D = (?Ds, !Ds) Ds = (?bool, !bool) • The translation of M1 is: [[M1]] = (ν x: T, y: Ts)(x y | x(w).z1 w ) | z2(u) T = (dyn ?Td, dyn !Td) Ts = (st ?bool, st !bool) Td = (dyn ?bool, dyn !bool) • We type-check the program by upcasting the payload of x
Pi calculus: Type upcast in output • We consider typing rules of the form Γ P ∆ (dom(∆) = dom(Γ) • ∆ on the right of the symbol is a return environment produced by the type system that convey the actual use of channels
Pi calculus: Type upcast in output • We consider typing rules of the form Γ P ∆ (dom(∆) = dom(Γ) • ∆ on the right of the symbol is a return environment produced by the type system that convey the actual use of channels • E.g. typing rule to upcast of the payload of x to static: x: (dyn ?Ts, dyn !Ts), y: Ts 0 x: (dyn ?Ts, dyn !Ts), y: Ts x: T, y: Ts x y x: (dyn ?Ts, dyn !Ts), y: Ts T = (dyn?Td, dyn!Td) Ts = (st?bool, st!bool) Td = (dyn?bool, dyn!bool)
Blocked types in struct. congr. • Scope of π-calculus channels can be opened through axioms ≡ • We account for this by abstracting block function in ≡ x(y ÷ B).P T = x(y ÷ B ∪ {T}).(P T) (ν y: T)(P) | Q ≡ (ν y: T)(P | Q T) T static
Blocked types in struct. congr. • Scope of π-calculus channels can be opened through axioms ≡ • We account for this by abstracting block function in ≡ x(y ÷ B).P T = x(y ÷ B ∪ {T}).(P T) (ν y: T)(P) | Q ≡ (ν y: T)(P | Q T) T static • To avoid clashes we register identifiers for types: T = (S1, S2)i • Typing rules for input disallow to receive blocked types
Blocked types in struct. congr. • Scope of π-calculus channels can be opened through axioms ≡ • We account for this by abstracting block function in ≡ x(y ÷ B).P T = x(y ÷ B ∪ {T}).(P T) (ν y: T)(P) | Q ≡ (ν y: T)(P | Q T) T static • To avoid clashes we register identifiers for types: T = (S1, S2)i • Typing rules for input disallow to receive blocked types • Example: forbidden upcast x: (dyn ?T, dyn !T)∀, z : (dyn ?Ts, dyn !Ts)∀ x(y ÷ Ts).z y ∆ T = (dyn ?Td, dyn !Td)∀ Td = (dyn ?b, dyn !b)∀ Ts = (st ?b, st !b)1
Type-bulletting to the rescue • To rule out attackers leaking a static channel we bullet the return type of the output channel z1 : (dyn ?Td, dyn !Td) (ν x: T, y: Ts)(x y | x(w).z1 w ) z1 : (•, dyn !Ts) • Type identifiers allow to avoid clashes
Type-bulletting to the rescue • To rule out attackers leaking a static channel we bullet the return type of the output channel z1 : (dyn ?Td, dyn !Td) (ν x: T, y: Ts)(x y | x(w).z1 w ) z1 : (•, dyn !Ts) • Type identifiers allow to avoid clashes • Composition with inputs z2 allowed only if z1 = z2: [[M1]] = (ν x: T, y: Ts)(x y | x(w).z1 w ) | z2(u) Γ, z1 : (dyn ?Td, dyn !Td) [[M1]] Γ, z1 : (•, dyn !Ts)
Type-bulletting to the rescue • To rule out attackers leaking a static channel we bullet the return type of the output channel z1 : (dyn ?Td, dyn !Td) (ν x: T, y: Ts)(x y | x(w).z1 w ) z1 : (•, dyn !Ts) • Type identifiers allow to avoid clashes • Composition with inputs z2 allowed only if z1 = z2: [[M1]] = (ν x: T, y: Ts)(x y | x(w).z1 w ) | z2(u) Γ, z1 : (dyn ?Td, dyn !Td) [[M1]] Γ, z1 : (•, dyn !Ts) (z1 = z2) • How? Exploit return environments!
Composing return environments • Return contexts allow to rule out processes of the form [[M1]] = (ν x: T, y: Ts)(x y | x(w).z w ) | z(u)
Composing return environments • Return contexts allow to rule out processes of the form [[M1]] = (ν x: T, y: Ts)(x y | x(w).z w ) | z(u) • As seen, the left thread produces the return context z : (•, dyn !Ts)
Composing return environments • Return contexts allow to rule out processes of the form [[M1]] = (ν x: T, y: Ts)(x y | x(w).z w ) | z(u) • As seen, the left thread produces the return context z : (•, dyn !Ts) • Parallel composition allowed if partial binary operation ⊗ over return contexts is defined: Γ P1 ∆1 Γ P2 ∆2 Γ P1 | P2 ∆1 ⊗ ∆2
Composing return environments • Return contexts allow to rule out processes of the form [[M1]] = (ν x: T, y: Ts)(x y | x(w).z w ) | z(u) • As seen, the left thread produces the return context z : (•, dyn !Ts) • Parallel composition allowed if partial binary operation ⊗ over return contexts is defined: Γ P1 ∆1 Γ P2 ∆2 Γ P1 | P2 ∆1 ⊗ ∆2 • Process above rejected: ⊗ operator only allows to compose the bullet with an end point not using the input (noted end) • ⊗ S is undefined
Ruling out aliasing attacks • Consider the variant below specified in the source language: M2 = (new x: D)(p x | [hide y: Ds][x y ] | p(u).u(z) [[M2]] = (ν x: T)(p x | (ν y: Ts)[x y ] | p(u).u(z) D = (?Ds, !Ds) Ds = (?b, !b) T = (dyn ?Td, dyn !Td)∀ Ts = (st ?b, st !b)1
Ruling out aliasing attacks • Consider the variant below specified in the source language: M2 = (new x: D)(p x | [hide y: Ds][x y ] | p(u).u(z) [[M2]] = (ν x: T)(p x | (ν y: Ts)[x y ] | p(u).u(z) D = (?Ds, !Ds) Ds = (?b, !b) T = (dyn ?Td, dyn !Td)∀ Ts = (st ?b, st !b)1 • The rule for output enforces the type of x to do not change p: Tp, x: T 0 p: Tp, x: T p: Tp, x: T p x p: Tp, x: T
Ruling out aliasing attacks • Consider the variant below specified in the source language: M2 = (new x: D)(p x | [hide y: Ds][x y ] | p(u).u(z) [[M2]] = (ν x: T)(p x | (ν y: Ts)[x y ] | p(u).u(z) D = (?Ds, !Ds) Ds = (?b, !b) T = (dyn ?Td, dyn !Td)∀ Ts = (st ?b, st !b)1 • The rule for output enforces the type of x to do not change p: Tp, x: T 0 p: Tp, x: T p: Tp, x: T p x p: Tp, x: T • Type checking fails because the context uses x at different type Γ [[M2]] ∆
Ruling out aliasing attacks • Consider the variant below specified in the source language: M2 = (new x: D)(p x | [hide y: Ds][x y ] | p(u).u(z) [[M2]] = (ν x: T)(p x | (ν y: Ts)[x y ] | p(u).u(z) D = (?Ds, !Ds) Ds = (?b, !b) T = (dyn ?Td, dyn !Td)∀ Ts = (st ?b, st !b)1 • The rule for output enforces the type of x to do not change p: Tp, x: T 0 p: Tp, x: T p: Tp, x: T p x p: Tp, x: T • Process M3 = (new x: D)(p x .[hide y: Ds][x y ]) also rejected Γ [[M3]] ∆
Type system results • Let Γ be a map to balanced types of the form (dyn ?T, dyn !T)∀, Γ P ∆, and P →∗ (ν ˜y: T)(Q | R).
Type system results • Let Γ be a map to balanced types of the form (dyn ?T, dyn !T)∀, Γ P ∆, and P →∗ (ν ˜y: T)(Q | R). • Error-freedom: Q is not of the form if x then Q1 else Q2, or x v .Q1 | x(y).Q2 and Q2{v/y} undefined
Type system results • Let Γ be a map to balanced types of the form (dyn ?T, dyn !T)∀, Γ P ∆, and P →∗ (ν ˜y: T)(Q | R). • Error-freedom: Q is not of the form if x then Q1 else Q2, or x v .Q1 | x(y).Q2 and Q2{v/y} undefined • Soundness: none of the following cases happen: Q = (ν y: (st ?T, st !T)n)(x y .Q1 | Q2) | x(z ÷ B).Q3
Type system results • Let Γ be a map to balanced types of the form (dyn ?T, dyn !T)∀, Γ P ∆, and P →∗ (ν ˜y: T)(Q | R). • Error-freedom: Q is not of the form if x then Q1 else Q2, or x v .Q1 | x(y).Q2 and Q2{v/y} undefined • Soundness: none of the following cases happen: Q = (ν y: (st ?T, st !T)n)(x y .Q1 | Q2) | x(z ÷ B).Q3 Q = (ν y: (st?T, st!T)n)(x y .Q1 | Q2 | x(z÷B∪(st?T, st!T)n).Q3)
A semantics-preserving encoding • The mapping[[·]] from the source language to typed π is: [[?D]] = dyn?[[D]] [[!D]] = dyn?[[D]] [[(E, E)]] = ([[E]], [[E]])∀ [[[hide x: (?D, !D)]M]]Γ = (ν x: T)[[M]]Γ,x: T T = (st [[?D]], st [[!D]])n [[(new x: (?D, !D))M]] = (ν x: T)[[M]]Γ T = (dyn[[?D]], dyn[[!D]])∀ [[x(y: B).M]]Γ = x(y: [[B]]Γ).[[M]]Γ
A semantics-preserving encoding • The mapping[[·]] from the source language to typed π is: [[?D]] = dyn?[[D]] [[!D]] = dyn?[[D]] [[(E, E)]] = ([[E]], [[E]])∀ [[[hide x: (?D, !D)]M]]Γ = (ν x: T)[[M]]Γ,x: T T = (st [[?D]], st [[!D]])n [[(new x: (?D, !D))M]] = (ν x: T)[[M]]Γ T = (dyn[[?D]], dyn[[!D]])∀ [[x(y: B).M]]Γ = x(y: [[B]]Γ).[[M]]Γ • Operational correspondence: secret π semantics: x v .M | x(y ÷ B).N → M | N{v/y} (v ∈ B) • Assume Γ, Γ1 [[M]]Γ ∆ with Γ weakly-balanced and P Γ. 1 If M → M then [[M]]Γ → [[M ]]Γ 2 If [[M]]Γ → Q then M → M and [[M ]]Γ = Q
Discussion • Aim of this work: shift middleware support for secret channels (cf. [GPV12]) to software support transparently • Motivation is different for approaches that require programmers to manage the security type abstractions • Example: π-calculus with groups (CGG05) Γ (new p: U)(P | (new G)(new x: G[])(p x )) • Ill-typed since type U of public channel p ignores secret type G • This work: infer “group” types and send secrets on “untyped” chan Γ [[(new p: (?D, !D))(p (y) | [hide x: D](p x ))]] ∆ (p = p)
Discussion • Structure of types leads to several extensions • Read/write only modalities: (end, m !T), subtyping • Linear and session types: (lin m ?T.S1, lin m!T.S2), Si behaviour of continuation • Algorithmic type-checking: return contexts allow refined analysis • Typed behavioural equivalences to reason on processes
Thanks! [CGG05 ] L. Cardelli, G. Ghelli, A.D. Gordon: Secrecy and group creation. Inf. Comput. (2005) [G14 ] M. Giunti. Static semantics of secret channel abstractions (2014), tinyurl.com/n14-report [GPV12 ] M. Giunti, C. Palamidessi, F. Valencia. Hide and New in the Pi-Calculus. EXPRESS/SOS (2012) [GV13 ] M. Giunti, V. Vasconcelos. Linearity, session types and the pi calculus. Math. Struc. Comp. Sci., in press (2013) [BG07 ] M. Bugliesi, M. Giunti.: Secure implementations of typed channel abstractions. POPL (2007)

Recommended

Searching
SearchingSearching
SearchingProf.Dharmishtha R. Chaudhari
 
Network security CS2
Network security CS2Network security CS2
Network security CS2Infinity Tech Solutions
 
Discrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve CryptosystemsDiscrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve CryptosystemsNIT Sikkim
 
Stacks queues lists
Stacks queues listsStacks queues lists
Stacks queues listsHarry Potter
 
Kolmogorov complexity and topological arguments
Kolmogorov complexity and topological argumentsKolmogorov complexity and topological arguments
Kolmogorov complexity and topological argumentsshenmontpellier
 
Acm aleppo cpc training fifth session
Acm aleppo cpc training fifth sessionAcm aleppo cpc training fifth session
Acm aleppo cpc training fifth sessionAhmad Bashar Eter
 
Computing on Encrypted Data
Computing on Encrypted DataComputing on Encrypted Data
Computing on Encrypted DataNew York Technology Council
 
Unit 3
Unit 3Unit 3
Unit 3guna287176
 

Recommended

Searching
SearchingSearching
SearchingProf.Dharmishtha R. Chaudhari
 
Network security CS2
Network security CS2Network security CS2
Network security CS2Infinity Tech Solutions
 
Discrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve CryptosystemsDiscrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve CryptosystemsNIT Sikkim
 
Stacks queues lists
Stacks queues listsStacks queues lists
Stacks queues listsHarry Potter
 
Kolmogorov complexity and topological arguments
Kolmogorov complexity and topological argumentsKolmogorov complexity and topological arguments
Kolmogorov complexity and topological argumentsshenmontpellier
 
Acm aleppo cpc training fifth session
Acm aleppo cpc training fifth sessionAcm aleppo cpc training fifth session
Acm aleppo cpc training fifth sessionAhmad Bashar Eter
 
Computing on Encrypted Data
Computing on Encrypted DataComputing on Encrypted Data
Computing on Encrypted DataNew York Technology Council
 
Unit 3
Unit 3Unit 3
Unit 3guna287176
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionGöktuğ Serez
 
Noise infotheory1
Noise infotheory1Noise infotheory1
Noise infotheory1vmspraneeth
 
Graph Traversal Algorithms - Depth First Search Traversal
Graph Traversal Algorithms - Depth First Search TraversalGraph Traversal Algorithms - Depth First Search Traversal
Graph Traversal Algorithms - Depth First Search TraversalAmrinder Arora
 
Cryptography
CryptographyCryptography
CryptographyHardik Sondagar
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionVictor Pereira
 
Partial Homomorphic Encryption
Partial Homomorphic EncryptionPartial Homomorphic Encryption
Partial Homomorphic Encryptionsecurityxploded
 
Information and Network Security
Information and Network SecurityInformation and Network Security
Information and Network SecurityMaulik Togadiya
 
Codes and Isogenies
Codes and IsogeniesCodes and Isogenies
Codes and IsogeniesPriyanka Aash
 
Computer graphics lab report with code in cpp
Computer graphics lab report with code in cppComputer graphics lab report with code in cpp
Computer graphics lab report with code in cppAlamgir Hossain
 
Computer security
Computer security Computer security
Computer security Harry Potter
 
REACH 2.0 Incorporating Peer Feedback and Peer Evaluation Policy Brief Teach ...
REACH 2.0 Incorporating Peer Feedback and Peer Evaluation Policy Brief Teach ...REACH 2.0 Incorporating Peer Feedback and Peer Evaluation Policy Brief Teach ...
REACH 2.0 Incorporating Peer Feedback and Peer Evaluation Policy Brief Teach ...Micah Miner
 
【婦科5問】從10-70歲 疼惜女人的身體
【婦科5問】從10-70歲 疼惜女人的身體【婦科5問】從10-70歲 疼惜女人的身體
【婦科5問】從10-70歲 疼惜女人的身體Richy Kung
 
Pot master
Pot masterPot master
Pot masterpotmaster11
 
Latin americapowerpoint
Latin americapowerpointLatin americapowerpoint
Latin americapowerpointMicah Miner
 
StepGreen Final Presentation
StepGreen Final PresentationStepGreen Final Presentation
StepGreen Final Presentationcgauvin
 
Step green assembly
Step green assemblyStep green assembly
Step green assemblycgauvin
 
StepGreen Final Presentation
StepGreen Final PresentationStepGreen Final Presentation
StepGreen Final Presentationcgauvin
 
Step green guide power point
Step green guide power pointStep green guide power point
Step green guide power pointcgauvin
 
Signal and image processing on satellite communication using MATLAB
Signal and image processing on satellite communication using MATLABSignal and image processing on satellite communication using MATLAB
Signal and image processing on satellite communication using MATLABEmbedded Plus Trichy
 
Clipping & Rasterization
Clipping & RasterizationClipping & Rasterization
Clipping & RasterizationAhmed Daoud
 
Ch6 information theory
Ch6 information theoryCh6 information theory
Ch6 information theoryDr. Sachin Kumar Gupta
 
Convolution codes - Coding/Decoding Tree codes and Trellis codes for multiple...
Convolution codes - Coding/Decoding Tree codes and Trellis codes for multiple...Convolution codes - Coding/Decoding Tree codes and Trellis codes for multiple...
Convolution codes - Coding/Decoding Tree codes and Trellis codes for multiple...Madhumita Tamhane
 

More Related Content

What's hot

Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionGöktuğ Serez
 
Noise infotheory1
Noise infotheory1Noise infotheory1
Noise infotheory1vmspraneeth
 
Graph Traversal Algorithms - Depth First Search Traversal
Graph Traversal Algorithms - Depth First Search TraversalGraph Traversal Algorithms - Depth First Search Traversal
Graph Traversal Algorithms - Depth First Search TraversalAmrinder Arora
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionVictor Pereira
 
Partial Homomorphic Encryption
Partial Homomorphic EncryptionPartial Homomorphic Encryption
Partial Homomorphic Encryptionsecurityxploded
 
Information and Network Security
Information and Network SecurityInformation and Network Security
Information and Network SecurityMaulik Togadiya
 
Computer graphics lab report with code in cpp
Computer graphics lab report with code in cppComputer graphics lab report with code in cpp
Computer graphics lab report with code in cppAlamgir Hossain
 
Computer security
Computer security Computer security
Computer security Harry Potter
 

What's hot (10)

Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic Encryption
 
Noise infotheory1
Noise infotheory1Noise infotheory1
Noise infotheory1
 
Graph Traversal Algorithms - Depth First Search Traversal
Graph Traversal Algorithms - Depth First Search TraversalGraph Traversal Algorithms - Depth First Search Traversal
Graph Traversal Algorithms - Depth First Search Traversal
 
Cryptography
CryptographyCryptography
Cryptography
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic Encryption
 
Partial Homomorphic Encryption
Partial Homomorphic EncryptionPartial Homomorphic Encryption
Partial Homomorphic Encryption
 
Information and Network Security
Information and Network SecurityInformation and Network Security
Information and Network Security
 
Codes and Isogenies
Codes and IsogeniesCodes and Isogenies
Codes and Isogenies
 
Computer graphics lab report with code in cpp
Computer graphics lab report with code in cppComputer graphics lab report with code in cpp
Computer graphics lab report with code in cpp
 
Computer security
Computer security Computer security
Computer security
 

Viewers also liked

REACH 2.0 Incorporating Peer Feedback and Peer Evaluation Policy Brief Teach ...
REACH 2.0 Incorporating Peer Feedback and Peer Evaluation Policy Brief Teach ...REACH 2.0 Incorporating Peer Feedback and Peer Evaluation Policy Brief Teach ...
REACH 2.0 Incorporating Peer Feedback and Peer Evaluation Policy Brief Teach ...Micah Miner
 
【婦科5問】從10-70歲 疼惜女人的身體
【婦科5問】從10-70歲 疼惜女人的身體【婦科5問】從10-70歲 疼惜女人的身體
【婦科5問】從10-70歲 疼惜女人的身體Richy Kung
 
Latin americapowerpoint
Latin americapowerpointLatin americapowerpoint
Latin americapowerpointMicah Miner
 
StepGreen Final Presentation
StepGreen Final PresentationStepGreen Final Presentation
StepGreen Final Presentationcgauvin
 
Step green assembly
Step green assemblyStep green assembly
Step green assemblycgauvin
 
StepGreen Final Presentation
StepGreen Final PresentationStepGreen Final Presentation
StepGreen Final Presentationcgauvin
 
Step green guide power point
Step green guide power pointStep green guide power point
Step green guide power pointcgauvin
 

Viewers also liked (8)

REACH 2.0 Incorporating Peer Feedback and Peer Evaluation Policy Brief Teach ...
REACH 2.0 Incorporating Peer Feedback and Peer Evaluation Policy Brief Teach ...REACH 2.0 Incorporating Peer Feedback and Peer Evaluation Policy Brief Teach ...
REACH 2.0 Incorporating Peer Feedback and Peer Evaluation Policy Brief Teach ...
 
【婦科5問】從10-70歲 疼惜女人的身體
【婦科5問】從10-70歲 疼惜女人的身體【婦科5問】從10-70歲 疼惜女人的身體
【婦科5問】從10-70歲 疼惜女人的身體
 
Pot master
Pot masterPot master
Pot master
 
Latin americapowerpoint
Latin americapowerpointLatin americapowerpoint
Latin americapowerpoint
 
StepGreen Final Presentation
StepGreen Final PresentationStepGreen Final Presentation
StepGreen Final Presentation
 
Step green assembly
Step green assemblyStep green assembly
Step green assembly
 
StepGreen Final Presentation
StepGreen Final PresentationStepGreen Final Presentation
StepGreen Final Presentation
 
Step green guide power point
Step green guide power pointStep green guide power point
Step green guide power point
 

Similar to Static-talk

Signal and image processing on satellite communication using MATLAB
Signal and image processing on satellite communication using MATLABSignal and image processing on satellite communication using MATLAB
Signal and image processing on satellite communication using MATLABEmbedded Plus Trichy
 
Clipping & Rasterization
Clipping & RasterizationClipping & Rasterization
Clipping & RasterizationAhmed Daoud
 
Convolution codes - Coding/Decoding Tree codes and Trellis codes for multiple...
Convolution codes - Coding/Decoding Tree codes and Trellis codes for multiple...Convolution codes - Coding/Decoding Tree codes and Trellis codes for multiple...
Convolution codes - Coding/Decoding Tree codes and Trellis codes for multiple...Madhumita Tamhane
 
[Harvard CS264] 09 - Machine Learning on Big Data: Lessons Learned from Googl...
[Harvard CS264] 09 - Machine Learning on Big Data: Lessons Learned from Googl...[Harvard CS264] 09 - Machine Learning on Big Data: Lessons Learned from Googl...
[Harvard CS264] 09 - Machine Learning on Big Data: Lessons Learned from Googl...npinto
 
The Concurrent Constraint Programming Research Programmes -- Redux (part2)
The Concurrent Constraint Programming Research Programmes -- Redux (part2)The Concurrent Constraint Programming Research Programmes -- Redux (part2)
The Concurrent Constraint Programming Research Programmes -- Redux (part2)Pierre Schaus
 
Towards typesafe deep learning in scala
Towards typesafe deep learning in scalaTowards typesafe deep learning in scala
Towards typesafe deep learning in scalaTongfei Chen
 
Sampling and Reconstruction (Online Learning).pptx
Sampling and Reconstruction (Online Learning).pptxSampling and Reconstruction (Online Learning).pptx
Sampling and Reconstruction (Online Learning).pptxHamzaJaved306957
 
Security of Artificial Intelligence
Security of Artificial IntelligenceSecurity of Artificial Intelligence
Security of Artificial IntelligenceFederico Cerutti
 
Higher-order Factorization Machines(第5回ステアラボ人工知能セミナー)
Higher-order Factorization Machines(第5回ステアラボ人工知能セミナー)Higher-order Factorization Machines(第5回ステアラボ人工知能セミナー)
Higher-order Factorization Machines(第5回ステアラボ人工知能セミナー)STAIR Lab, Chiba Institute of Technology
 
Divide_and_Contrast__Source_free_Domain_Adaptation_via_Adaptive_Contrastive_L...
Divide_and_Contrast__Source_free_Domain_Adaptation_via_Adaptive_Contrastive_L...Divide_and_Contrast__Source_free_Domain_Adaptation_via_Adaptive_Contrastive_L...
Divide_and_Contrast__Source_free_Domain_Adaptation_via_Adaptive_Contrastive_L...Huang Po Chun
 
Explanation on Tensorflow example -Deep mnist for expert
Explanation on Tensorflow example -Deep mnist for expertExplanation on Tensorflow example -Deep mnist for expert
Explanation on Tensorflow example -Deep mnist for expert홍배 김
 
Lecture 2.A: Convolutional Networks - Full Stack Deep Learning - Spring 2021
Lecture 2.A: Convolutional Networks - Full Stack Deep Learning - Spring 2021Lecture 2.A: Convolutional Networks - Full Stack Deep Learning - Spring 2021
Lecture 2.A: Convolutional Networks - Full Stack Deep Learning - Spring 2021Sergey Karayev
 
Design of infinite impulse response digital filters 2
Design of infinite impulse response digital filters 2Design of infinite impulse response digital filters 2
Design of infinite impulse response digital filters 2HIMANSHU DIWAKAR
 
Brief Introduction About Topological Interference Management (TIM)
Brief Introduction About Topological Interference Management (TIM)Brief Introduction About Topological Interference Management (TIM)
Brief Introduction About Topological Interference Management (TIM)Pei-Che Chang
 
Digital communication
Digital communicationDigital communication
Digital communicationmeashi
 

Similar to Static-talk (20)

Signal and image processing on satellite communication using MATLAB
Signal and image processing on satellite communication using MATLABSignal and image processing on satellite communication using MATLAB
Signal and image processing on satellite communication using MATLAB
 
Clipping & Rasterization
Clipping & RasterizationClipping & Rasterization
Clipping & Rasterization
 
Ch6 information theory
Ch6 information theoryCh6 information theory
Ch6 information theory
 
Convolution codes - Coding/Decoding Tree codes and Trellis codes for multiple...
Convolution codes - Coding/Decoding Tree codes and Trellis codes for multiple...Convolution codes - Coding/Decoding Tree codes and Trellis codes for multiple...
Convolution codes - Coding/Decoding Tree codes and Trellis codes for multiple...
 
Unit 3
Unit 3Unit 3
Unit 3
 
Tdm fdm
Tdm fdmTdm fdm
Tdm fdm
 
Dsp lab manual
Dsp lab manualDsp lab manual
Dsp lab manual
 
[Harvard CS264] 09 - Machine Learning on Big Data: Lessons Learned from Googl...
[Harvard CS264] 09 - Machine Learning on Big Data: Lessons Learned from Googl...[Harvard CS264] 09 - Machine Learning on Big Data: Lessons Learned from Googl...
[Harvard CS264] 09 - Machine Learning on Big Data: Lessons Learned from Googl...
 
The Concurrent Constraint Programming Research Programmes -- Redux (part2)
The Concurrent Constraint Programming Research Programmes -- Redux (part2)The Concurrent Constraint Programming Research Programmes -- Redux (part2)
The Concurrent Constraint Programming Research Programmes -- Redux (part2)
 
Towards typesafe deep learning in scala
Towards typesafe deep learning in scalaTowards typesafe deep learning in scala
Towards typesafe deep learning in scala
 
Sampling and Reconstruction (Online Learning).pptx
Sampling and Reconstruction (Online Learning).pptxSampling and Reconstruction (Online Learning).pptx
Sampling and Reconstruction (Online Learning).pptx
 
Security of Artificial Intelligence
Security of Artificial IntelligenceSecurity of Artificial Intelligence
Security of Artificial Intelligence
 
Higher-order Factorization Machines(第5回ステアラボ人工知能セミナー)
Higher-order Factorization Machines(第5回ステアラボ人工知能セミナー)Higher-order Factorization Machines(第5回ステアラボ人工知能セミナー)
Higher-order Factorization Machines(第5回ステアラボ人工知能セミナー)
 
Divide_and_Contrast__Source_free_Domain_Adaptation_via_Adaptive_Contrastive_L...
Divide_and_Contrast__Source_free_Domain_Adaptation_via_Adaptive_Contrastive_L...Divide_and_Contrast__Source_free_Domain_Adaptation_via_Adaptive_Contrastive_L...
Divide_and_Contrast__Source_free_Domain_Adaptation_via_Adaptive_Contrastive_L...
 
Explanation on Tensorflow example -Deep mnist for expert
Explanation on Tensorflow example -Deep mnist for expertExplanation on Tensorflow example -Deep mnist for expert
Explanation on Tensorflow example -Deep mnist for expert
 
Lecture 2.A: Convolutional Networks - Full Stack Deep Learning - Spring 2021
Lecture 2.A: Convolutional Networks - Full Stack Deep Learning - Spring 2021Lecture 2.A: Convolutional Networks - Full Stack Deep Learning - Spring 2021
Lecture 2.A: Convolutional Networks - Full Stack Deep Learning - Spring 2021
 
Design of infinite impulse response digital filters 2
Design of infinite impulse response digital filters 2Design of infinite impulse response digital filters 2
Design of infinite impulse response digital filters 2
 
ISCAS2013_v5
ISCAS2013_v5ISCAS2013_v5
ISCAS2013_v5
 
Brief Introduction About Topological Interference Management (TIM)
Brief Introduction About Topological Interference Management (TIM)Brief Introduction About Topological Interference Management (TIM)
Brief Introduction About Topological Interference Management (TIM)
 
Digital communication
Digital communicationDigital communication
Digital communication
 

Recently uploaded

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Recently uploaded (20)

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

Static-talk

  • 1. Static semantics of secret channel abstractions Marco Giunti Imperial College, May 15 2014
  • 2. Abstractions for message-passing • We study the secret channel abstraction for concurrent systems communicating through message-passing (MP) • We are interested in showing that the high-level abstraction can be represented in a standard π-calculus by means of static typing • Plan: 1. A language for secret message-passing 2. A type system for the π-calculus featuring static and dynamic scope for channels 3. A semantics-preserving translation (API) of the language into the typed π-calculus
  • 3. Dynamic scope vs Security • One of the main features of the π-calculus is dynamic scope for channels • Sending a restricted channels to the context allows to enlarge its scope (ν h)(h CreditCard | h(x).p h )
  • 4. Dynamic scope vs Security • One of the main features of the π-calculus is dynamic scope for channels • Sending a restricted channels to the context allows to enlarge its scope (ν h)(h CreditCard | h(x).p h ) • Two main security issues in disclosing restricted channels: 1. Reasoning on the knowledge of the context is complex 2. Cryptographic implementations of programs in open networks suffer from the “forward secrecy problem” net {CreditCard}h+ | net(y).decrypt y as{x}h−in net {h+ , h− }p+
  • 5. Hide and New in the pi calculus • Based on this motivation in [GPV12] we introduced the secret π-calculus • Conservative extension of the (untyped) π-calculus obtained by adding an hide construct: [hide h][h CreditCard | h(x).p h ] h cannot be extruded • Aim is confidentiality, obtained by restricting the access of the object of communication • Standard channels are accessible by the context: (new h)(h CreditCard | h(x).p h ) h can be extruded
  • 6. This talk: An API for secure MP • We show that the hide construct can be translated in a typed π-calculus enjoying a standard semantics • Guideline: the source language must be “untyped’’, the security type abstractions are inferred during the compilation • Motivation: we want to make available the secret channel macro without burdening programmers with the security mechanism • Soundness result: if a source program is (compiled and type-)checked then the context cannot receive a channel protected by hide during the computation
  • 7. Source language: basic types • We consider basic types of the form below D ::= (E, E) | bool E ::= ?D | !D • End point ?D: unbounded input use to receive values of type D • End point !D: unbounded output use to send values of type D • Basic types allow to avoid runtime errors of the form: x true | x(y).y(z)
  • 8. Source language: basic types • We consider basic types of the form below D ::= (E, E) | bool E ::= ?D | !D • End point ?D: unbounded input use to receive values of type D • End point !D: unbounded output use to send values of type D • Basic types allow to avoid runtime errors of the form: x true | x(y).y(z) • In the source language we decorate fresh variables with basic types (simplifies translation, but it could be obtained by type inference
  • 9. Source language: processes • The source language features two operators for creating channels M ::= x(y).M | x v .M | M | N | if v then M else N | !M | 0 | (new x: D)M | [hide x: D]M • Channels created with new can be sent to the context • Channels created with hide are only available locally
  • 10. Source language: processes • The source language features two operators for creating channels M ::= x(y).M | x v .M | M | N | if v then M else N | !M | 0 | (new x: D)M | [hide x: D]M • Channels created with new can be sent to the context • Channels created with hide are only available locally • Example: a program sending a dynamic channel (new y: (?bool, !bool))(x y ) | x(z).(z true | z(u).if u then 0 else 0)
  • 11. Source language: processes • The source language features two operators for creating channels M ::= x(y).M | x v .M | M | N | if v then M else N | !M | 0 | (new x: D)M | [hide x: D]M • Channels created with new can be sent to the context • Channels created with hide are only available locally • Example: a program sending a standard channel (new y: (?bool, !bool))(x y ) | x(z).(z true | z(u).if u then 0 else 0) • Example: a program sending a secret channel [hide y: (?bool, !bool)][x y | x(z)]
  • 12. Target language: typed pi calculus • Pi calculus types have the syntax: T ::= (S, S) | bool S ::= m ?T | m !T m ::= dyn | st • We compile source programs into typed pi calculus processes P ::= x v .P | x(y ÷ B).P | · · · | (ν x: T)P • The input process is decorated with set of blocked types • Dynamic semantics unaffected, blocked set used by typing system x v .P | x(y ÷ B).Q → P | Q{v/x}
  • 13. Toy example and translation • Take a source program forwarding a channel protected by hide M1 = (new x: D)[hide y: Ds][x y | x(w).z1 w ] | z2(u) D = (?Ds, !Ds) Ds = (?bool, !bool)
  • 14. Toy example and translation • Take a source program forwarding a channel protected by hide M1 = (new x: D)[hide y: Ds][x y | x(w).z1 w ] | z2(u) D = (?Ds, !Ds) Ds = (?bool, !bool) • The translation of M1 is: [[M1]] = (ν x: T, y: Ts)(x y | x(w).z1 w ) | z2(u) T = (dyn ?Td, dyn !Td) Ts = (st ?bool, st !bool) Td = (dyn ?bool, dyn !bool)
  • 15. Toy example and translation • Take a source program forwarding a channel protected by hide M1 = (new x: D)[hide y: Ds][x y | x(w).z1 w ] | z2(u) D = (?Ds, !Ds) Ds = (?bool, !bool) • The translation of M1 is: [[M1]] = (ν x: T, y: Ts)(x y | x(w).z1 w ) | z2(u) T = (dyn ?Td, dyn !Td) Ts = (st ?bool, st !bool) Td = (dyn ?bool, dyn !bool) • We type-check the program by upcasting the payload of x
  • 16. Pi calculus: Type upcast in output • We consider typing rules of the form Γ P ∆ (dom(∆) = dom(Γ) • ∆ on the right of the symbol is a return environment produced by the type system that convey the actual use of channels
  • 17. Pi calculus: Type upcast in output • We consider typing rules of the form Γ P ∆ (dom(∆) = dom(Γ) • ∆ on the right of the symbol is a return environment produced by the type system that convey the actual use of channels • E.g. typing rule to upcast of the payload of x to static: x: (dyn ?Ts, dyn !Ts), y: Ts 0 x: (dyn ?Ts, dyn !Ts), y: Ts x: T, y: Ts x y x: (dyn ?Ts, dyn !Ts), y: Ts T = (dyn?Td, dyn!Td) Ts = (st?bool, st!bool) Td = (dyn?bool, dyn!bool)
  • 18. Blocked types in struct. congr. • Scope of π-calculus channels can be opened through axioms ≡ • We account for this by abstracting block function in ≡ x(y ÷ B).P T = x(y ÷ B ∪ {T}).(P T) (ν y: T)(P) | Q ≡ (ν y: T)(P | Q T) T static
  • 19. Blocked types in struct. congr. • Scope of π-calculus channels can be opened through axioms ≡ • We account for this by abstracting block function in ≡ x(y ÷ B).P T = x(y ÷ B ∪ {T}).(P T) (ν y: T)(P) | Q ≡ (ν y: T)(P | Q T) T static • To avoid clashes we register identifiers for types: T = (S1, S2)i • Typing rules for input disallow to receive blocked types
  • 20. Blocked types in struct. congr. • Scope of π-calculus channels can be opened through axioms ≡ • We account for this by abstracting block function in ≡ x(y ÷ B).P T = x(y ÷ B ∪ {T}).(P T) (ν y: T)(P) | Q ≡ (ν y: T)(P | Q T) T static • To avoid clashes we register identifiers for types: T = (S1, S2)i • Typing rules for input disallow to receive blocked types • Example: forbidden upcast x: (dyn ?T, dyn !T)∀, z : (dyn ?Ts, dyn !Ts)∀ x(y ÷ Ts).z y ∆ T = (dyn ?Td, dyn !Td)∀ Td = (dyn ?b, dyn !b)∀ Ts = (st ?b, st !b)1
  • 21. Type-bulletting to the rescue • To rule out attackers leaking a static channel we bullet the return type of the output channel z1 : (dyn ?Td, dyn !Td) (ν x: T, y: Ts)(x y | x(w).z1 w ) z1 : (•, dyn !Ts) • Type identifiers allow to avoid clashes
  • 22. Type-bulletting to the rescue • To rule out attackers leaking a static channel we bullet the return type of the output channel z1 : (dyn ?Td, dyn !Td) (ν x: T, y: Ts)(x y | x(w).z1 w ) z1 : (•, dyn !Ts) • Type identifiers allow to avoid clashes • Composition with inputs z2 allowed only if z1 = z2: [[M1]] = (ν x: T, y: Ts)(x y | x(w).z1 w ) | z2(u) Γ, z1 : (dyn ?Td, dyn !Td) [[M1]] Γ, z1 : (•, dyn !Ts)
  • 23. Type-bulletting to the rescue • To rule out attackers leaking a static channel we bullet the return type of the output channel z1 : (dyn ?Td, dyn !Td) (ν x: T, y: Ts)(x y | x(w).z1 w ) z1 : (•, dyn !Ts) • Type identifiers allow to avoid clashes • Composition with inputs z2 allowed only if z1 = z2: [[M1]] = (ν x: T, y: Ts)(x y | x(w).z1 w ) | z2(u) Γ, z1 : (dyn ?Td, dyn !Td) [[M1]] Γ, z1 : (•, dyn !Ts) (z1 = z2) • How? Exploit return environments!
  • 24. Composing return environments • Return contexts allow to rule out processes of the form [[M1]] = (ν x: T, y: Ts)(x y | x(w).z w ) | z(u)
  • 25. Composing return environments • Return contexts allow to rule out processes of the form [[M1]] = (ν x: T, y: Ts)(x y | x(w).z w ) | z(u) • As seen, the left thread produces the return context z : (•, dyn !Ts)
  • 26. Composing return environments • Return contexts allow to rule out processes of the form [[M1]] = (ν x: T, y: Ts)(x y | x(w).z w ) | z(u) • As seen, the left thread produces the return context z : (•, dyn !Ts) • Parallel composition allowed if partial binary operation ⊗ over return contexts is defined: Γ P1 ∆1 Γ P2 ∆2 Γ P1 | P2 ∆1 ⊗ ∆2
  • 27. Composing return environments • Return contexts allow to rule out processes of the form [[M1]] = (ν x: T, y: Ts)(x y | x(w).z w ) | z(u) • As seen, the left thread produces the return context z : (•, dyn !Ts) • Parallel composition allowed if partial binary operation ⊗ over return contexts is defined: Γ P1 ∆1 Γ P2 ∆2 Γ P1 | P2 ∆1 ⊗ ∆2 • Process above rejected: ⊗ operator only allows to compose the bullet with an end point not using the input (noted end) • ⊗ S is undefined
  • 28. Ruling out aliasing attacks • Consider the variant below specified in the source language: M2 = (new x: D)(p x | [hide y: Ds][x y ] | p(u).u(z) [[M2]] = (ν x: T)(p x | (ν y: Ts)[x y ] | p(u).u(z) D = (?Ds, !Ds) Ds = (?b, !b) T = (dyn ?Td, dyn !Td)∀ Ts = (st ?b, st !b)1
  • 29. Ruling out aliasing attacks • Consider the variant below specified in the source language: M2 = (new x: D)(p x | [hide y: Ds][x y ] | p(u).u(z) [[M2]] = (ν x: T)(p x | (ν y: Ts)[x y ] | p(u).u(z) D = (?Ds, !Ds) Ds = (?b, !b) T = (dyn ?Td, dyn !Td)∀ Ts = (st ?b, st !b)1 • The rule for output enforces the type of x to do not change p: Tp, x: T 0 p: Tp, x: T p: Tp, x: T p x p: Tp, x: T
  • 30. Ruling out aliasing attacks • Consider the variant below specified in the source language: M2 = (new x: D)(p x | [hide y: Ds][x y ] | p(u).u(z) [[M2]] = (ν x: T)(p x | (ν y: Ts)[x y ] | p(u).u(z) D = (?Ds, !Ds) Ds = (?b, !b) T = (dyn ?Td, dyn !Td)∀ Ts = (st ?b, st !b)1 • The rule for output enforces the type of x to do not change p: Tp, x: T 0 p: Tp, x: T p: Tp, x: T p x p: Tp, x: T • Type checking fails because the context uses x at different type Γ [[M2]] ∆
  • 31. Ruling out aliasing attacks • Consider the variant below specified in the source language: M2 = (new x: D)(p x | [hide y: Ds][x y ] | p(u).u(z) [[M2]] = (ν x: T)(p x | (ν y: Ts)[x y ] | p(u).u(z) D = (?Ds, !Ds) Ds = (?b, !b) T = (dyn ?Td, dyn !Td)∀ Ts = (st ?b, st !b)1 • The rule for output enforces the type of x to do not change p: Tp, x: T 0 p: Tp, x: T p: Tp, x: T p x p: Tp, x: T • Process M3 = (new x: D)(p x .[hide y: Ds][x y ]) also rejected Γ [[M3]] ∆
  • 32. Type system results • Let Γ be a map to balanced types of the form (dyn ?T, dyn !T)∀, Γ P ∆, and P →∗ (ν ˜y: T)(Q | R).
  • 33. Type system results • Let Γ be a map to balanced types of the form (dyn ?T, dyn !T)∀, Γ P ∆, and P →∗ (ν ˜y: T)(Q | R). • Error-freedom: Q is not of the form if x then Q1 else Q2, or x v .Q1 | x(y).Q2 and Q2{v/y} undefined
  • 34. Type system results • Let Γ be a map to balanced types of the form (dyn ?T, dyn !T)∀, Γ P ∆, and P →∗ (ν ˜y: T)(Q | R). • Error-freedom: Q is not of the form if x then Q1 else Q2, or x v .Q1 | x(y).Q2 and Q2{v/y} undefined • Soundness: none of the following cases happen: Q = (ν y: (st ?T, st !T)n)(x y .Q1 | Q2) | x(z ÷ B).Q3
  • 35. Type system results • Let Γ be a map to balanced types of the form (dyn ?T, dyn !T)∀, Γ P ∆, and P →∗ (ν ˜y: T)(Q | R). • Error-freedom: Q is not of the form if x then Q1 else Q2, or x v .Q1 | x(y).Q2 and Q2{v/y} undefined • Soundness: none of the following cases happen: Q = (ν y: (st ?T, st !T)n)(x y .Q1 | Q2) | x(z ÷ B).Q3 Q = (ν y: (st?T, st!T)n)(x y .Q1 | Q2 | x(z÷B∪(st?T, st!T)n).Q3)
  • 36. A semantics-preserving encoding • The mapping[[·]] from the source language to typed π is: [[?D]] = dyn?[[D]] [[!D]] = dyn?[[D]] [[(E, E)]] = ([[E]], [[E]])∀ [[[hide x: (?D, !D)]M]]Γ = (ν x: T)[[M]]Γ,x: T T = (st [[?D]], st [[!D]])n [[(new x: (?D, !D))M]] = (ν x: T)[[M]]Γ T = (dyn[[?D]], dyn[[!D]])∀ [[x(y: B).M]]Γ = x(y: [[B]]Γ).[[M]]Γ
  • 37. A semantics-preserving encoding • The mapping[[·]] from the source language to typed π is: [[?D]] = dyn?[[D]] [[!D]] = dyn?[[D]] [[(E, E)]] = ([[E]], [[E]])∀ [[[hide x: (?D, !D)]M]]Γ = (ν x: T)[[M]]Γ,x: T T = (st [[?D]], st [[!D]])n [[(new x: (?D, !D))M]] = (ν x: T)[[M]]Γ T = (dyn[[?D]], dyn[[!D]])∀ [[x(y: B).M]]Γ = x(y: [[B]]Γ).[[M]]Γ • Operational correspondence: secret π semantics: x v .M | x(y ÷ B).N → M | N{v/y} (v ∈ B) • Assume Γ, Γ1 [[M]]Γ ∆ with Γ weakly-balanced and P Γ. 1 If M → M then [[M]]Γ → [[M ]]Γ 2 If [[M]]Γ → Q then M → M and [[M ]]Γ = Q
  • 38. Discussion • Aim of this work: shift middleware support for secret channels (cf. [GPV12]) to software support transparently • Motivation is different for approaches that require programmers to manage the security type abstractions • Example: π-calculus with groups (CGG05) Γ (new p: U)(P | (new G)(new x: G[])(p x )) • Ill-typed since type U of public channel p ignores secret type G • This work: infer “group” types and send secrets on “untyped” chan Γ [[(new p: (?D, !D))(p (y) | [hide x: D](p x ))]] ∆ (p = p)
  • 39. Discussion • Structure of types leads to several extensions • Read/write only modalities: (end, m !T), subtyping • Linear and session types: (lin m ?T.S1, lin m!T.S2), Si behaviour of continuation • Algorithmic type-checking: return contexts allow refined analysis • Typed behavioural equivalences to reason on processes
  • 40. Thanks! [CGG05 ] L. Cardelli, G. Ghelli, A.D. Gordon: Secrecy and group creation. Inf. Comput. (2005) [G14 ] M. Giunti. Static semantics of secret channel abstractions (2014), tinyurl.com/n14-report [GPV12 ] M. Giunti, C. Palamidessi, F. Valencia. Hide and New in the Pi-Calculus. EXPRESS/SOS (2012) [GV13 ] M. Giunti, V. Vasconcelos. Linearity, session types and the pi calculus. Math. Struc. Comp. Sci., in press (2013) [BG07 ] M. Bugliesi, M. Giunti.: Secure implementations of typed channel abstractions. POPL (2007)