Abstract
An oblivious computation is one that is free of direct and indirect information leaks, e.g., due to observable differences in timing and memory access patterns. This paper presents Lambda Obliv, a core language whose type system enforces obliviousness. Prior work on type-enforced oblivious computation has focused on deterministic programs. Lambda Obliv is new in its consideration of programs that implement probabilistic algorithms, such as those involved in cryptography. Lambda Obliv employs a substructural type system and a novel notion of probability region to ensure that information is not leaked via the observed distribution of visible events. Probability regions support reasoning about probabilistic correlation and independence between values, and our use of probability regions is motivated by a source of unsoundness that we discovered in the type system of ObliVM, a language for implementing state of the art oblivious algorithms. We prove that Lambda Obliv's type system enforces obliviousness and show that it is expressive enough to typecheck advanced tree-based oblivious RAMs.
Supplemental Material
- Johan Agat. 2000. Transforming out Timing Leaks. In POPL.Google Scholar
- Aslan Askarov, Danfeng Zhang, and Andrew C. Myers. 2010. Predictive black-box mitigation of timing channels. In CCS.Google Scholar
- Henry G. Baker. 1992. Lively Linear Lisp: “Look Ma, No Garbage!”;. SIGPLAN Not. 27, 8 (Aug. 1992), 89–98. Google Scholar
Digital Library
- Tyler Barker. 2016. A Monad for Randomized Algorithms. Electronic Notes in Theoretical Computer Science 325 (2016), 47 – 62. Google Scholar
Cross Ref
- Gilles Barthe, Thomas Espitau, Marco Gaboardi, Benjamin Grégoire, Justin Hsu, and Pierre-Yves Strub. 2018. An AssertionBased Program Logic for Probabilistic Programs. In Programming Languages and Systems, Amal Ahmed (Ed.). Springer International Publishing, Cham, 117–144.Google Scholar
- Gilles Barthe, Thomas Espitau, Benjamin Gr\’egoire, Justin Hsu, and Pierre-Yves Strub. 2017a. Proving uniformity and independence by self-composition and coupling. In LPAR-21. 21st International Conference on Logic for Programming, Artificial Intelligence and Reasoning (EPiC Series in Computing), Thomas Eiter and David Sands (Eds.), Vol. 46. EasyChair, 385–403. Google Scholar
Cross Ref
- Gilles Barthe, Cédric Fournet, Benjamin Grégoire, Pierre-Yves Strub, Nikhil Swamy, and Santiago Zanella-Béguelin. 2014. Probabilistic Relational Verification for Cryptographic Implementations. In Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’14). ACM, New York, NY, USA, 193–205. Google Scholar
Digital Library
- Gilles Barthe, Marco Gaboardi, Emilio Jesús Gallego Arias, Justin Hsu, Aaron Roth, and Pierre-Yves Strub. 2015. Higher-order approximate relational refinement types for mechanism design and differential privacy. In ACM SIGPLAN Notices, Vol. 50. ACM, 55–68.Google Scholar
- Gilles Barthe, Benjamin Grégoire, Justin Hsu, and Pierre-Yves Strub. 2017b. Coupling Proofs Are Probabilistic Product Programs. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL 2017). ACM, New York, NY, USA, 161–174. Google Scholar
Digital Library
- Gilles Barthe, Justin Hsu, and Kevin Liao. 2020. A Probabilistic Separation Logic. PACMPL 4, POPL (2020).Google Scholar
- Gilles Barthe, Boris Köpf, Federico Olmedo, and Santiago Zanella Béguelin. 2013. Probabilistic Relational Reasoning for Differential Privacy. ACM Trans. Program. Lang. Syst. 35, 3 (2013), 9:1–9:49.Google Scholar
Digital Library
- Gilles Barthe, Tamara Rezk, Alejandro Russo, and Andrei Sabelfeld. 2010. Security of multithreaded programs by compilation. ACM Transactions on Information and System Security (TISSEC) 13, 3 (2010), 21.Google Scholar
Digital Library
- Marina Blanton, Aaron Steele, and Mehrdad Alisagari. 2013. Data-oblivious Graph Algorithms for Secure Computation and Outsourcing. In ASIA CCS.Google Scholar
- David Brumley and Dan Boneh. 2003. Remote Timing Attacks Are Practical. In USENIX Security.Google Scholar
- T-H. Hubert Chan, Kai-Min Chung, Bruce M. Maggs, and Elaine Shi. 2019. Foundations of Differentially Oblivious Algorithms. In Proceedings of the Thirtieth Annual ACM-SIAM Symposium on Discrete Algorithms (SODA ’19). Society for Industrial and Applied Mathematics, Philadelphia, PA, USA, 2448–2467. http://dl.acm.org/citation.cfm?id=3310435.3310585Google Scholar
Cross Ref
- David Darais, Ian Sweet, Chang Liu, and Michael Hicks. 2019. A Language for Probabilistically Oblivious Computation. Technical Report abs/1711.09305. CoRR. arXiv: 1711.09305Google Scholar
- D. Dolev and A. C. Yao. 1981. On the Security of Public Key Protocols. In Proceedings of the 22nd Annual Symposium on Foundations of Computer Science (SFCS).Google Scholar
- Maryam Emami, Rakesh Ghiya, and Laurie J. Hendren. 1994. Context-sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers. In PLDI.Google Scholar
- David Eppstein, Michael T. Goodrich, and Roberto Tamassia. 2010. Privacy-preserving data-oblivious geometric algorithms for geographic data. In GIS.Google Scholar
- Matthias Felleisen and Robert Hieb. 1992. The revised report on the syntactic theories of sequential control and state. Theoretical computer science 103, 2 (1992), 235–271.Google Scholar
- Christopher W. Fletcher, Ling Ren, Xiangyao Yu, Marten van Dijk, Omer Khan, and Srinivas Devadas. 2014. Suppressing the Oblivious RAM timing channel while making information leakage and program efficiency trade-offs. In HPCA.Google Scholar
- Marco Gaboardi, Andreas Haeberlen, Justin Hsu, Arjun Narayan, and Benjamin C Pierce. 2013. Linear dependent types for differential privacy. In ACM SIGPLAN Notices, Vol. 48. ACM, 357–370.Google Scholar
Digital Library
- Michèle Giry. 1982. A categorical approach to probability theory. In Categorical Aspects of Topology and Analysis, B. Banaschewski (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 68–85.Google Scholar
- J.A. Goguen and J. Meseguer. 1982. Security policy and security models. In IEEE S & P.Google Scholar
- O. Goldreich. 1987. Towards a theory of software protection and simulation by oblivious RAMs. In STOC.Google Scholar
- O. Goldreich, S. Micali, and A. Wigderson. 1987. How to play ANY mental game. In STOC.Google Scholar
- Oded Goldreich and Rafail Ostrovsky. 1996. Software protection and simulation on oblivious RAMs. J. ACM (1996).Google Scholar
- Michael T. Goodrich, Olga Ohrimenko, and Roberto Tamassia. 2012. Data-Oblivious Graph Drawing Model and Algorithms. CoRR abs/1209.0756 (2012).Google Scholar
- Matt Hoekstra. 2015. Intel SGX for Dummies (Intel SGX Design Objectives). https://software.intel.com/en- us/blogs/2013/ 09/26/protecting- application- secrets- with- intel- sgx .Google Scholar
- Justin Hsu. 2017. Probabilistic Couplings for Probabilistic Reasoning. CoRR abs/1710.09951 (2017). arXiv: 1710.09951 http://arxiv.org/abs/1710.09951Google Scholar
- Daniel Huang and Greg Morrisett. 2016. An Application of Computable Distributions to the Semantics of Probabilistic Programming Languages. In Programming Languages and Systems, Peter Thiemann (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 337–363.Google Scholar
- Mohammad Islam, Mehmet Kuzu, and Murat Kantarcioglu. 2012. Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation. In Network and Distributed System Security Symposium (NDSS).Google Scholar
- Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, and Derek Dreyer. 2018. RustBelt: Securing the Foundations of the Rust Programming Language. Proc. ACM Program. Lang. POPL (2018).Google Scholar
Digital Library
- Paul Kocher, Jann Horn, Anders Fogh, , Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In IEEE Symposium on Security and Privacy (S&P).Google Scholar
- Paul Kocher, Ruby Lee, Gary McGraw, and Anand Raghunathan. 2004. Security As a New Dimension in Embedded System Design. In Proceedings of the 41st Annual Design Automation Conference (DAC ’04). 753–760. Moderator-Ravi, Srivaths.Google Scholar
Digital Library
- Paul C. Kocher. 1996. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In CRYPTO.Google Scholar
- Boris Köpf and Andrey Rybalchenko. 2013. Automation of quantitative information-flow analysis. In Formal Methods for Dynamical Systems.Google Scholar
- Dexter Kozen. 1979. Semantics of Probabilistic Programs. In Proceedings of the 20th Annual Symposium on Foundations of Computer Science (SFCS ’79). IEEE Computer Society, Washington, DC, USA, 101–114. Google Scholar
Digital Library
- Butler W. Lampson. 1973. A Note on the Confinement Problem. Commun. ACM (1973).Google Scholar
- Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In USENIX Security.Google Scholar
- Chang Liu, Austin Harris, Martin Maas, Michael Hicks, Mohit Tiwari, and Elaine Shi. 2015a. GhostRider: A HardwareSoftware System for Memory Trace Oblivious Computation. In ASPLOS.Google Scholar
- Chang Liu, Michael Hicks, and Elaine Shi. 2013. Memory Trace Oblivious Program Execution. In CSF.Google Scholar
- Chang Liu, Yan Huang, Elaine Shi, Jonathan Katz, and Michael Hicks. 2014. Automating Efficient RAM-Model Secure Computation. In IEEE S & P.Google Scholar
- Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, and Elaine Shi. 2015b. ObliVM: A Programming Framework for Secure Computation. In IEEE S & P.Google Scholar
- Isaac Liu, Jan Reineke, David Broman, Michael Zimmer, and Edward A. Lee. 2012. A PRET microarchitecture implementation with repeatable timing and competitive performance. In ICCD.Google Scholar
- Martin Maas, Eric Love, Emil Stefanov, Mohit Tiwari, Elaine Shi, Kriste Asanovic, John Kubiatowicz, and Dawn Song. 2013. Phantom: Practical Oblivious Computation in a Secure Processor. In CCS.Google Scholar
Digital Library
- David Molnar, Matt Piotrowski, David Schultz, and David Wagner. 2006. The Program Counter Security Model: Automatic Detection and Removal of Control-flow Side Channel Attacks. In ICISC.Google Scholar
- David Monniaux. 2000. Abstract Interpretation of Probabilistic Semantics. In Seventh International Static Analysis Symposium (SAS’00) (Lecture Notes in Computer Science). Springer Verlag, 322–339. Google Scholar
Cross Ref
- Chunyan Mu and David Clark. 2009. An abstraction quantifying information flow over probabilistic semantics. In Workshop on Quantitative Aspects of Programming Languages (QAPL).Google Scholar
- Tri Minh Ngo, Mariëlle Stoelinga, and Marieke Huisman. 2014. Effective verification of confidentiality for multi-threaded programs. Journal of computer security 22, 2 (2014).Google Scholar
Cross Ref
- Olga Ohrimenko, Felix Schuster, Cédric Fournet, Aastha Mehta, Sebastian Nowozin, Kapil Vaswani, and Manuel Costa. 2016. Oblivious Multi-party Machine Learning on Trusted Processors. In Proceedings of the 25th USENIX Conference on Security Symposium (SEC’16). USENIX Association, Berkeley, CA, USA, 619–636. http://dl.acm.org/citation.cfm?id=3241094. 3241143Google Scholar
Digital Library
- Sungwoo Park, Frank Pfenning, and Sebastian Thrun. 2008. A Probabilistic Language Based on Sampling Functions. ACM Trans. Program. Lang. Syst. 31, 1, Article 4 (Dec. 2008), 46 pages. Google Scholar
Digital Library
- Norman Ramsey and Avi Pfeffer. 2002a. Stochastic Lambda Calculus and Monads of Probability Distributions. In POPL.Google Scholar
- Norman Ramsey and Avi Pfeffer. 2002b. Stochastic Lambda Calculus and Monads of Probability Distributions. In Proceedings of the 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’02). ACM, New York, NY, USA, 154–165. Google Scholar
Digital Library
- Robert Rand and Steve Zdancewic. 2015. VPHL. Electron. Notes Theor. Comput. Sci. 319, C (Dec. 2015), 351–367. Google Scholar
Digital Library
- Jason Reed and Benjamin C Pierce. 2010. Distance makes the types grow stronger: a calculus for differential privacy. ACM Sigplan Notices 45, 9 (2010), 157–168.Google Scholar
Digital Library
- Ling Ren, Xiangyao Yu, Christopher W. Fletcher, Marten van Dijk, and Srinivas Devadas. 2013. Design space exploration and optimization of path oblivious RAM in secure processors. In ISCA.Google Scholar
- Alejandro Russo, John Hughes, David A. Naumann, and Andrei Sabelfeld. 2006. Closing Internal Timing Channels by Transformation. In Annual Asian Computing Science Conference (ASIAN).Google Scholar
- Alejandro Russo and Andrei Sabelfeld. 2006. Securing interaction between threads and the scheduler. In CSF-W.Google Scholar
- A. Sabelfeld and A. C. Myers. 2006. Language-based Information-flow Security. IEEE J.Sel. A. Commun. 21, 1 (Sept. 2006).Google Scholar
Digital Library
- Andrei Sabelfeld and David Sands. 2000. Probabilistic noninterference for multi-threaded programs. In CSF-W.Google Scholar
- Tetsuya Sato, Alejandro Aguirre, Gilles Barthe, Marco Gaboardi, Deepak Garg, and Justin Hsu. 2019. Formal Verification of Higher-order Probabilistic Programs: Reasoning About Approximation, Convergence, Bayesian Inference, and Optimization. Proc. ACM Program. Lang. 3, POPL, Article 38 (Jan. 2019), 30 pages. Google Scholar
Digital Library
- Adam Ścibior, Zoubin Ghahramani, and Andrew D. Gordon. 2015. Practical Probabilistic Programming with Monads. In Proceedings of the 2015 ACM SIGPLAN Symposium on Haskell (Haskell ’15). ACM, New York, NY, USA, 165–176. Google Scholar
Digital Library
- Elaine Shi, T.-H. Hubert Chan, Emil Stefanov, and Mingfei Li. 2011. Oblivious RAM with O((log N ) 3 ) Worst-Case Cost. In ASIACRYPT.Google Scholar
- Calvin Smith, Justin Hsu, and Aws Albarghouthi. 2019. Trace Abstraction Modulo Probability. Proc. ACM Program. Lang. 3, POPL, Article 39 (Jan. 2019), 31 pages. Google Scholar
Digital Library
- Geoffrey Smith. 2003. Probabilistic noninterference through weak probabilistic bisimulation. In CSF-W.Google Scholar
- Geoffrey Smith and Rafael Alpízar. 2006. Secure Information Flow with Random Assignment and Encryption. In Workshop on Formal Methods in Security (FMSE).Google Scholar
- Geoffrey Smith and Rafael Alpízar. 2007. Fast Probabilistic Simulation, Nontermination, and Secure Information Flow. In PLAS.Google Scholar
- Emil Stefanov, Marten van Dijk, Elaine Shi, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. 2013. Path ORAM – an Extremely Simple Oblivious RAM Protocol. In CCS.Google Scholar
- G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, and Srinivas Devadas. 2003. AEGIS: architecture for tamper-evident and tamper-resistant processing. In ICS.Google Scholar
- David Lie Chandramohan Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell, and Mark Horowitz. 2000. Architectural support for copy and tamper resistant software. SIGOPS Oper. Syst. Rev. 34, 5 (Nov. 2000).Google Scholar
- Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-order Execution. In USENIX Security.Google Scholar
Digital Library
- Dennis Volpano, Cynthia Irvine, and Geoffrey Smith. 1996. A Sound Type System for Secure Flow Analysis. J. Comput. Secur. 4, 2-3 (Jan. 1996).Google Scholar
Digital Library
- Xiao Wang, Hubert Chan, and Elaine Shi. 2015. Circuit ORAM: On tightness of the Goldreich-Ostrovsky lower bound. In CCS.Google Scholar
- Xiao Shaun Wang, Kartik Nayak, Chang Liu, T-H. Hubert Chan, Elaine Shi, Emil Stefanov, and Yan Huang. 2014. Oblivious Data Structures. In CCS.Google Scholar
- Andrew Chi-Chih Yao. 1986. How to generate and exchange secrets. In FOCS.Google Scholar
- Samee Zahur and David Evans. 2013. Circuit Structures for Improving Efficiency of Security and Privacy Tools. In S & P.Google Scholar
- Danfeng Zhang, Aslan Askarov, and Andrew C. Myers. 2011. Predictive Mitigation of Timing Channels in Interactive Systems. In CCS.Google Scholar
- Danfeng Zhang, Aslan Askarov, and Andrew C. Myers. 2012. Language-based Control and Mitigation of Timing Channels. In PLDI.Google Scholar
- Danfeng Zhang and Daniel Kifer. 2017. LightDP: Towards Automating Differential Privacy Proofs. In POPL.Google Scholar
- Danfeng Zhang, Yao Wang, G. Edward Suh, and Andrew C. Myers. 2015. A Hardware Design Language for Timing-Sensitive Information-Flow Security. In ASPLOS.Google Scholar
- Hengchu Zhang, Edo Roth, Andreas Haeberlen, Benjamin C. Pierce, and Aaron Roth. 2019a. Fuzzi: A Three-level Logic for Differential Privacy. PACMPL 3, ICFP (2019).Google Scholar
- Hengchu Zhang, Edo Roth, Andreas Haeberlen, Benjamin C. Pierce, and Aaron Roth. 2019b. Fuzzi: A Three-Level Logic for Differential Privacy. CoRR abs/1905.12594 (2019). arXiv: 1905.12594 http://arxiv.org/abs/1905.12594Google Scholar
- Xiaotong Zhuang, Tao Zhang, and Santosh Pande. 2004. HIDE: an infrastructure for efficiently protecting information leakage on the address bus. SIGARCH Comput. Archit. News 32, 5 (Oct. 2004).Google Scholar
Digital Library
Index Terms
A language for probabilistically oblivious computation
Recommendations
Short Paper: Probabilistically Almost-Oblivious Computation
PLAS'20: Proceedings of the 15th Workshop on Programming Languages and Analysis for SecurityMemory-trace Obliviousness (MTO) is a noninterference property: programs that enjoy it have neither explicit nor implicit information leaks, even when the adversary can observe the program counter and the address trace of memory accesses. Probabilistic ...
Taype: A Policy-Agnostic Language for Oblivious Computation
Secure multiparty computation (MPC) allows for joint computation over private data from multiple entities, usually backed by powerful cryptographic techniques that protect sensitive data. Several high-level programming languages have been proposed to ...
Oblivious algebraic data types
Secure computation allows multiple parties to compute joint functions over private data without leaking any sensitive data, typically using powerful cryptographic techniques. Writing secure applications using these techniques directly can be challenging,...






Comments