Cryptographic Enforcement of Language-Based Information Erasure

DSpace/Manakin Repository

Cryptographic Enforcement of Language-Based Information Erasure

Citable link to this page


Title: Cryptographic Enforcement of Language-Based Information Erasure
Author: Askarov, Aslan; Moore, Scott; Dimoulas, Christos; Chong, Stephen N

Note: Order does not necessarily reflect citation order of authors.

Citation: Askarov, Aslan, Scott Moore, Christos Dimoulas, and Stephen Chong. 2015. Cryptographic Enforcement of Language-Based Information Erasure. Harvard Computer Science Group Technical Report TR-01-15.
Full Text & Related Files:
Abstract: Information erasure is a formal security requirement that stipulates when sensitive data must be removed from computer systems. In a system that correctly enforces erasure requirements, an attacker who observes the system after sensitive data is required to have been erased cannot deduce anything about the data. Practical obstacles to enforcing information erasure include: (1) correctly determining which data requires erasure; and (2) reliably deleting potentially large volumes of data, despite untrustworthy storage services. In this paper, we present a novel formalization of language-based information erasure that supports cryptographic enforcement of erasure requirements: sensitive data is encrypted before storage, and upon erasure, only a relatively small set of decryption keys needs to be deleted. This cryptographic technique has been used by a number of systems that implement data deletion to allow the use of untrustworthy storage services. However, these systems provide no support to correctly determine which data requires erasure, nor have the formal semantic properties of these systems been explained or proven to hold. We address these shortcomings. Specifically, we study a programming language extended with primitives for public-key cryptography, and demonstrate how information-flow control mechanisms can automatically track data that requires erasure and provably enforce erasure requirements even when programs employ cryptographic techniques for erasure.
Terms of Use: This article is made available under the terms and conditions applicable to Other Posted Material, as set forth at
Citable link to this page:
Downloads of this work:

Show full Dublin Core record

This item appears in the following Collection(s)


Search DASH

Advanced Search