Optimising Faceted Secure Multi-Execution
Paper in proceeding, 2019

Language-Based Information Flow Control (IFC) provides strong security guarantees for untrusted code, but often suffers from a non-negligible rate of false alarms. Multi-execution based techniques promise to provide security guarantees without raising any false alarms. However, all known multi-execution approaches introduce extraneous performance overheads which are rarely studied. In this work, we lay down the foundations for optimisation techniques aimed at reducing these overheads to a managable level, thus helping to make multi-execution more practical. We characterise our optimisations as data-and control-oriented. Data-oriented optimisations reduce storage overheads- which also helps to remove unnecessary repeated computations. In contrast, computation-oriented optimisations rely on program annotations in order to reduce needless computation. These annotations motivate the need for a new, stronger, theoretical notion of transparency- i.e., a stronger notion for characterising the lack of false alarms. To show the efficacy of our optimisation techniques, we apply them to two case-studies: a secure (faceted) database and a chat server written in a multi-execution based IFC framework. Our case-studies clearly show that our optimisations significantly reduce the storage and computational overhead, sometimes from exponential to polynomial order. All of our formal results are accompanied by mechanised proofs in Agda.

Multiple-Facets

Secure Multi-Execution

Faceted Values

Information Flow Control

Optimisation

Author

Maximilian Algehed

Chalmers, Computer Science and Engineering (Chalmers), Functional Programming

Alejandro Russo

Chalmers, Computer Science and Engineering (Chalmers), Information Security

Cormac Flanagan

University of California

Proceedings - IEEE Computer Security Foundations Symposium

19401434 (ISSN)

Vol. 2019-June 1-16 8823673
978-1-7281-1407-1 (ISBN)

2019 IEEE 32nd Computer Security Foundations Symposium (CSF)
Hoboken, NJ, USA,

WebSec: Securing Web-driven Systems

Swedish Foundation for Strategic Research (SSF) (RIT17-0011), 2018-03-01 -- 2023-02-28.

Octopi: Säker Programering för Sakernas Internet

Swedish Foundation for Strategic Research (SSF) (RIT17-0023), 2018-03-01 -- 2023-02-28.

Subject Categories

Computer and Information Science

DOI

10.1109/CSF.2019.00008

More information

Latest update

11/20/2019