CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Lazy Programs Leak Secrets

Pablo Buiras (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers)) ; Alejandro Russo (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers))
Lecture Notes in Computer Science: Secure IT Systems, NORDSEC 2013. 18th Nordic Conference on Secure IT Systems (NordSec) (0302-9743). Vol. 8208 (2013), p. 116-122.
[Konferensbidrag, refereegranskat]

To preserve confidentiality, information-flow control (IFC) restricts how untrusted code handles secret data. While promising, IFC systems are not perfect; they can still leak sensitive information via covert channels. In this work, we describe a novel exploit of lazy evaluation to reveal secrets in IFC systems. Specifically, we show that lazy evaluation might transport information through the internal timing covert channel, a channel present in systems with concurrency and shared resources. We illustrate our claim with an attack for LIO, a concurrent IFC system for Haskell. We propose a countermeasure based on restricting the implicit sharing caused by lazy evaluation.

Nyckelord: information flow control, language-based security, Haskell, lazy evaluation, covert channels

Den här publikationen ingår i följande styrkeområden:

Läs mer om Chalmers styrkeområden  

Denna post skapades 2013-09-11. Senast ändrad 2016-11-02.
CPL Pubid: 183098


Läs direkt!

Lokal fulltext (fritt tillgänglig)

Länk till annan sajt (kan kräva inloggning)