research-article

You Sank My Battleship!: A Case Study in Secure Programming

Authors:
Alley Stoughton

MIT Lincoln Laboratory

MIT Lincoln Laboratory
View Profile

,
Andrew Johnson

MIT Lincoln Laboratory

MIT Lincoln Laboratory
View Profile

,
Samuel Beller

Brandeis University

Brandeis University
View Profile

,
Karishma Chadha

Wellesley College

Wellesley College
View Profile

,
Dennis Chen

Tufts University

Tufts University
View Profile

,
Kenneth Foner

Brandeis University

Brandeis University
View Profile

,
Michael Zhivich

MIT Lincoln Laboratory

MIT Lincoln Laboratory
View Profile

PLAS'14: Proceedings of the Ninth Workshop on Programming Languages and Analysis for SecurityJuly 2014Pages 2–14https://doi.org/10.1145/2637113.2637115

Published:28 July 2014Publication History

PLAS'14: Proceedings of the Ninth Workshop on Programming Languages and Analysis for Security

Pages 2–14

ABSTRACT

We report on a case study in secure programming, focusing on the design, implementation and auditing of programs for playing the board game Battleship. We begin by precisely defining the security of Battleship programs, borrowing ideas from theoretical cryptography. We then consider three implementations of Battleship: one in Concurrent ML featuring a trusted referee; one in Haskell/LIO using information flow control to avoid needing a trusted referee; and one in Concurrent ML using access control to avoid needing such a referee. All three implementations employ data abstraction in key ways.

References

O. Arden, S. Chong, A. Myers, K. Vikram, and D. Zhang. Jif Distribution, Version 3.4.1, April 2013. www.cs.cornell.edu/jif.Google Scholar
A. Askarov and A. Sabelfeld. Security-typed languages for implementation of cryptographic protocols: A case study. In Proc. of the 10th European Conference on Research in Computer Security, ESORICS'05, pages 197--221. Springer-Verlag, 2005. Google ScholarDigital Library
R. Canetti. Security and composition of multi-party cryptographic protocols. J. Cryptology, 13(1):143--202, 2000.Google ScholarDigital Library
D. B. Giffin, A. Levy, D. Stefan, D. Terei, D. Mazières, J. C. Mitchell, and A. Russo. Hails: Protecting data privacy in untrusted web applications. In Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation, OSDI'12, pages 47--60, Berkeley, CA, USA, 2012. USENIX Association. Google ScholarDigital Library
C. Hriţcu, M. Greenberg, B. Karel, B. C. Pierce, and G. Morrisett. All your IFCException are belong to us. In Proc. of the 2013 IEEE Symposium on Security and Privacy, SP '13, pages 3--17. IEEE Computer Society, 2013. Google ScholarDigital Library
B. W. Lampson. Protection. In Proc. of the Fifth Princeton Symposium on Information Sciences and Systems, pages 437--443. Princeton University, 1971. Reprinted in Operating Systems Review, 8, 1, January 1974, pages 18--24.Google Scholar
J. Liu, M. D. George, K. Vikram, X. Qi, L. Waye, and A. C. Myers. Fabric: A platform for secure distributed computation and storage. In Proc. of the ACM Symposium on Operating Systems Principles, pages 321--334. ACM, 2009. Google ScholarDigital Library
R. Milner, M. Tofte, R. Harper, and D. MacQueen. The Definition of Standard ML---Revised 1997. MIT Press, 1997. Google ScholarDigital Library
A. C. Myers. JFlow: Practical mostly-static information flow control. In Proc. of the 26th ACM Symposium on Principles of Programming Languages (POPL), pages 228--241. ACM, 1999. Google ScholarDigital Library
A. C. Myers and B. Liskov. A decentralized model for information flow control. In Proc. of the 16th ACM Symposium on Operating System Principles (SOSP), pages 129--142. ACM, 1997. Google ScholarDigital Library
J. H. Reppy. Concurrent Programming in ML. Cambridge University Press, 1999. Google ScholarDigital Library
A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5--19, Sept. 2006. Google ScholarDigital Library
D. Stefan, A. Russo, J. C. Mitchell, and D. Mazières. Flexible dynamic information flow control in Haskell. SIGPLAN Notices, 46(12):95--106, Sept. 2011. Google ScholarDigital Library
D. Stefan, A. Russo, D. Mazières, and J. C. Mitchell. Disjunction category labels. In Proc. of the 16th Nordic Conference on Information Security Technology for Applications, NordSec'11, pages 223--239. Springer-Verlag, 2012. Google ScholarDigital Library
D. Terei, S. Marlow, S. Peyton Jones, and D. Mazières. Safe Haskell. In Proc. of the 2012 Haskell Symposium, pages 137--148. ACM, 2012. Google ScholarDigital Library
S. Zdancewic. Challenges for information-flow security. In Proc. Programming Language Interference and Dependence (PLID), 2004.Google Scholar
L. Zheng, S. Chong, A. C. Myers, and S. Zdancewic. Using replication and partitioning to build secure distributed systems. In Proc. of the 2003 IEEE Symposium on Security and Privacy, pages 236--250. IEEE, 2003. Google ScholarDigital Library

Index Terms

You Sank My Battleship!: A Case Study in Secure Programming
1. Security and privacy
  1. Systems security
    1. Operating systems security
2. Software and its engineering
  1. Software notations and tools
    1. General programming languages
      1. Language features

Recommendations

Flow-Limited Authorization
CSF '15: Proceedings of the 2015 IEEE 28th Computer Security Foundations Symposium

Because information flow control mechanisms often rely on an underlying authorization mechanism, their security guarantees can be subverted by weaknesses in authorization. Conversely, the security of authorization can be subverted by information flows ...
Read More
Taxonomy and analysis of security protocols for Internet of Things
Abstract
The Internet of Things (IoT) is a system of physical as well as virtual objects (each with networking capabilities incorporated) that are interconnected to exchange and collect information locally or remotely over the Internet. Since ...
Highlights
- We first discuss essential security requirements that are needed to secure IoT environment. We also discuss the threat model and various attacks related to ...
Read More
Access Control and Information Flow Control for Web Services Security

With the advancement of web services technology, security has become an increasingly important issue. Various security standards have been developed to secure web services at the transport and message level, but application level has received less ...
Read More

Reviews

Reviewer: Michael G. Murphy

A secure programming case study focusing on the board game Battleship is the focus of this interesting and significant paper. Security is defined with techniques from theoretical cryptography. Three Battleship implementations are considered: one with a trusted referee; one with information flow control (IFC); and one with access control (AC). After discussing the motivation for the case study, the second section provides the rules for Battleship, the underlying client/server architecture, and how program security is defined. Next, the third, fourth, and fifth sections describe the various implementations, which are a trusted referee implementation in concurrent ML (CML), an IFC implementation in Haskell/LIO, and an AC implementation in CML, respectively. Section 6 presents conclusions based on the case study and indicates future research directions. An observation in section 6 regarding module sandboxing (requiring library access and communication only through interfaces) is a promising feature for ML/CML. Source code is available to download in .tqz format at http://www.ll.mit.edu/mission/cybersec/CST/CSTcorpora/Cybersystemscorpora.html. There are ten helpful figures that offer structural and flow items, Battleship board layouts with annotations, and code snippets. Seventeen key references lay out the foundations leading to the approach and alternatives chosen by the authors. This insightful and well-written report is a valuable contribution to the area of secure programming and is written to benefit a variety of readers while focusing on an understandable application over theory. It will be interesting to see subsequent work by these authors and other researchers who seek to push the envelope on this important topic. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
PLAS'14: Proceedings of the Ninth Workshop on Programming Languages and Analysis for Security
July 2014
83 pages
ISBN:9781450328623
DOI:10.1145/2637113
General Chairs:
Alejandro Russo
Chalmers University of Technology
,
Omer Tripp
IBM T. J. Watson Research Center
Copyright © 2014 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 28 July 2014
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
access control
auditing
concurrent functional programming
data abstraction
information flow control
real/ideal paradigm
security
Qualifiers
- research-article
- Research
- Refereed limited
Conference

Acceptance Rates
PLAS'14 Paper Acceptance Rate6of10submissions,60%Overall Acceptance Rate43of77submissions,56%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 2
  Total Citations
  View Citations
- 283
  Total Downloads
- Downloads (Last 12 months)16
- Downloads (Last 6 weeks)5
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

You Sank My Battleship!: A Case Study in Secure Programming

PLAS'14: Proceedings of the Ninth Workshop on Programming Languages and Analysis for Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Flow-Limited Authorization

Taxonomy and analysis of security protocols for Internet of Things

Access Control and Information Flow Control for Web Services Security

Reviews

Access critical reviews of Computing literature here

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

You Sank My Battleship!: A Case Study in Secure Programming

PLAS'14: Proceedings of the Ninth Workshop on Programming Languages and Analysis for Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Flow-Limited Authorization

Taxonomy and analysis of security protocols for Internet of Things

Access Control and Information Flow Control for Web Services Security

Reviews

Access critical reviews of Computing literature here

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media