A Library for Removing Cache-based Attacks in Concurrent Information Flow Systems
Paper in proceedings, 2013

Information-flow control (IFC) allows untrusted code to manipulate sensitive data while preserving confidentiality. Although this is a promising approach to building extensible applications, IFC is susceptible to attacks that leak information through covert channels. In this paper we focus on LIO, a concurrent IFC system. LIO is vulnerable to attacks that leak information through the internal timing covert channel by leveraging the effects of the underlying CPU cache. We present a resumption-based library to address such attacks. Resumptions provide fine-gained control over the interleaving of thread computations. Leveraging this, our library removes cache-based attacks by enforcing that every thread yield after executing an "instruction." Importantly, our library allows for porting the full LIO library -- our resumption approach handles local state and exceptions, both complex features present in LIO. To amend for performance degradations due to library-level thread scheduling, our library provides two novel primitives. First, we allow pure code to securely execute in parallel. Second, we allow developers to control the granularity of instructions, i.e., atomic actions, that threads execute; this allows developers to adjust the frequency of context switching according to their application.

Author

Pablo Buiras

Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)

Amit Levy

Stanford University

Deian Stefan

Stanford University

Alejandro Russo

Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)

David Mazières

Stanford University

Lecture Notes in Computer Science

0302-9743 (ISSN)

Vol. 8358 199-216

Areas of Advance

Information and Communication Technology

Subject Categories

Computer Science

DOI

10.1007/978-3-319-05119-2_12

ISBN

978-3-319-05118-5

More information

Latest update

3/6/2018 1