CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

A Library for Removing Cache-based Attacks in Concurrent Information Flow Systems

Pablo Buiras (Institutionen för data- och informationsteknik (Chalmers)) ; Amit Levy ; Deian Stefan ; Alejandro Russo (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers)) ; David Mazières
Lecture notes in computer science: 8th International Symposium on Trustworthy Global Computing, TGC 2013, Buenos Aires, Argentina, 30-31 August 2013 (0302-9743). Vol. 8358 (2013), p. 199-216.
[Konferensbidrag, refereegranskat]

Information-flow control (IFC) allows untrusted code to manipulate sensitive data while preserving confidentiality. Although this is a promising approach to building extensible applications, IFC is susceptible to attacks that leak information through covert channels. In this paper we focus on LIO, a concurrent IFC system. LIO is vulnerable to attacks that leak information through the internal timing covert channel by leveraging the effects of the underlying CPU cache. We present a resumption-based library to address such attacks. Resumptions provide fine-gained control over the interleaving of thread computations. Leveraging this, our library removes cache-based attacks by enforcing that every thread yield after executing an "instruction." Importantly, our library allows for porting the full LIO library -- our resumption approach handles local state and exceptions, both complex features present in LIO. To amend for performance degradations due to library-level thread scheduling, our library provides two novel primitives. First, we allow pure code to securely execute in parallel. Second, we allow developers to control the granularity of instructions, i.e., atomic actions, that threads execute; this allows developers to adjust the frequency of context switching according to their application.



Den här publikationen ingår i följande styrkeområden:

Läs mer om Chalmers styrkeområden  

Denna post skapades 2013-07-19. Senast ändrad 2016-07-25.
CPL Pubid: 180217

 

Läs direkt!


Länk till annan sajt (kan kräva inloggning)