Paper in proceedings, 2014
This paper is about ensuring security in unreliable systems. We study
systems which are subject to transient faults – soft errors that cause stored values
to be corrupted. The classic problem of fault tolerance is to modify a system so
that it works despite a limited number of faults. We introduce a novel variant
of this problem. Instead of demanding that the system works despite faults, we
simply require that it remains secure: wrong answers may be given but secrets
will not be revealed. We develop a software-based technique to achieve this fault tolerant
non-interference property. The method is defined on a simple assembly
language, and guarantees security for any assembly program provided as input.
The security property is defined on top of a formal model that encompasses both
the fault-prone machine and the faulty environment. A precise characterization of
the class of programs for which the method guarantees transparency is provided.