A Library for Removing Cache-based Attacks in Concurrent Information Flow Systems
Paper i proceeding, 2014

Information-flow control (IFC) allows untrusted code to manipulate sensitive data while preserving confidentiality. Although this is a promising approach to building extensible applications, IFC is susceptible to attacks that leak information through covert channels. In this paper we focus on LIO, a concurrent IFC system. LIO is vulnerable to attacks that leak information through the internal timing covert channel by leveraging the effects of the underlying CPU cache. We present a resumption-based library to address such attacks. Resumptions provide fine-gained control over the interleaving of thread computations. Leveraging this, our library removes cache-based attacks by enforcing that every thread yield after executing an "instruction." Importantly, our library allows for porting the full LIO library -- our resumption approach handles local state and exceptions, both complex features present in LIO. To amend for performance degradations due to library-level thread scheduling, our library provides two novel primitives. First, we allow pure code to securely execute in parallel. Second, we allow developers to control the granularity of instructions, i.e., atomic actions, that threads execute; this allows developers to adjust the frequency of context switching according to their application.


Pablo Buiras

Chalmers, Data- och informationsteknik, Programvaruteknik

Amit Levy

Stanford University

Deian Stefan

Stanford University

Alejandro Russo

Chalmers, Data- och informationsteknik, Programvaruteknik

David Mazières

Stanford University

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 8358 199-216

8th International Symposium on Trustworthy Global Computing, TGC 2013
Buenos Aires, Argentina,


Informations- och kommunikationsteknik


Datavetenskap (datalogi)



Mer information

Senast uppdaterat