CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Understanding and Enforcing Opacity

Daniel Schoepe (Institutionen för data- och informationsteknik, Datavetenskap, Algoritmer (Chalmers)) ; Andrei Sabelfeld (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers))
28th IEEE Computer Security Foundations Symposium, CSF 2015, Verona, Italy, 13 July-17 July (1063-6900). Vol. 2015-September (2015), p. 539-553.
[Konferensbidrag, refereegranskat]

This paper puts a spotlight on the specification and enforcement of opacity, a security policy for protecting sensitive properties of system behavior. We illustrate the fine granularity of the opacity policy by location privacy and privacy-preserving aggregation scenarios. We present a framework for opacity and explore its key differences and formal connections with such well-known information-flow models as noninterference, knowledge-based security, and declassification. Our results are machine-checked and parameterized in the observational power of the attacker, including progress-insensitive, progress-sensitive, and timing-sensitive attackers. We present two approaches to enforcing opacity: a whitebox monitor and a blackbox sampling-based enforcement. We report on experiments with prototypes that utilize state-of-the-art Satisfiability Modulo Theories (SMT) solvers and the random testing tool QuickCheck to establish opacity for the location and aggregation-based scenarios.

Den här publikationen ingår i följande styrkeområden:

Läs mer om Chalmers styrkeområden  

Denna post skapades 2015-12-04. Senast ändrad 2016-08-23.
CPL Pubid: 227236


Läs direkt!

Länk till annan sajt (kan kräva inloggning)