Timing Aware Information Flow Security for a JavaCard-like Bytecode
Paper in proceeding, 2005

Common protection mechanisms fail to provide end-to-end security; programs with legitimate access to secret information are not prevented from leaking this to the world. Information-flow aware analyses track the flow of information through the program to prevent such leakages, but often ignore information flows through covert channels even though they pose a serious threat. A typical covert channel is to use the timing of certain events to carry information. We present a timing-aware information-flow type system for a low-level language similar to a non-trivial subset of a sequential Java bytecode. The type system is parameterized over the time model of the instructions of the language and over the algorithm enforcing low-observational equivalence, used in the prevention of implicit and timing flows.

Author

Daniel Hedin

Chalmers, Computer Science and Engineering (Chalmers), Computing Science (Chalmers)

David Sands

Chalmers, Computer Science and Engineering (Chalmers), Computing Science (Chalmers)

Electronic Notes in Theoretical Computer Science

1571-0661 (ISSN)

Vol. 141 1 163-182

Subject Categories

Computer Science

DOI

10.1016/j.entcs.2005.02.031

More information

Created

10/6/2017