Oblivious Program Execution and Path-Sensitive Non-interference
- 1 June 2013
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
Various cryptographic constructions allow an untrusted cloud server to compute over encrypted data, without decrypting the data. However, this prevents the cloud server from branching according to encrypted values. We study the constraints imposed by this important scenario by formulating and solving an equivalent information-flow problem, based on assuming an adversary could observe the control path. We develop a type system that prevents control-path information leaks, prove soundness, and compare with traditional implicit information-flow. Because simply preventing programs that leak information severely restricts the language, we define alternate (and easily implemented) semantics that execute multiple paths and combine the results using data operations. This produces a termination problem which we address with a more refined type system that characterizes a useful class of obliviously executable programs. We prove fundamental results about this language, semantics, and type system and conclude by comparing with traditional timing-based information-flow.Keywords
This publication has 15 references indexed in Scilit:
- Information-Flow Control for Programming on Encrypted DataPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2012
- Computing arbitrary functions of encrypted dataCommunications of the ACM, 2010
- Fully homomorphic encryption using ideal latticesPublished by Association for Computing Machinery (ACM) ,2009
- A domain-specific programming language for secure multiparty computationPublished by Association for Computing Machinery (ACM) ,2007
- The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel AttacksLecture Notes in Computer Science, 2006
- Language-based information-flow securityIEEE Journal on Selected Areas in Communications, 2003
- Information flow inference for MLACM Transactions on Programming Languages and Systems, 2003
- Communication preserving protocols for secure function evaluationPublished by Association for Computing Machinery (ACM) ,2001
- Secure information flow in a multi-threaded imperative languagePublished by Association for Computing Machinery (ACM) ,1998
- Security Policies and Security ModelsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,1982