CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Secure multi-execution: Fine-grained, declassification-aware, and transparent

Willard Rafnsson (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers)) ; Andrei Sabelfeld (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers))
Proceedings of the Computer Security Foundations Workshop (1063-6900). p. 33-48. (2013)
[Konferensbidrag, refereegranskat]

Recently, much progress has been made on achieving information-flow security via secure multi-execution. Secure multi-execution (SME) is an elegant way to enforce security by executing a given program multiple times, once for each security level, while carefully dispatching inputs and ensuring that an execution at a given level is responsible for producing outputs for information sinks at that level. Secure multi-execution guarantees noninterference, in the sense of no dependencies from secret inputs to public outputs, and transparency, in the sense that if a program is secure then its secure multi-execution does not destroy its original behavior. This paper pushes the boundary of what can be achieved with secure multi-execution. First, we lift the assumption from the original secure multi-execution work on the totality of the input environment (that there is always assumed to be input) and on the cooperative scheduling. Second, we generalize secure multi-execution to distinguish between security levels of presence and content of messages. Third, we introduce a declassification model for secure multi-execution that allows expressing what information can be released. Fourth, we establish a full transparency result showing how secure multi-execution can preserve the original order of messages in secure programs. We demonstrate that full transparency is a key enabler for discovering attacks with secure multi-execution.

Denna post skapades 2013-11-27. Senast ändrad 2016-03-10.
CPL Pubid: 187561


Läs direkt!

Länk till annan sajt (kan kräva inloggning)

Institutioner (Chalmers)

Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers)


Data- och informationsvetenskap

Chalmers infrastruktur

Relaterade publikationer

Denna publikation ingår i:

Securing Interactive Systems