A Library for Removing Cache-based Attacks in Concurrent Information Flow Systems
Paper i proceeding, 2013

Information-flow control (IFC) allows untrusted code to manipulate sensitive data while preserving confidentiality. Although this is a promising approach to building extensible applications, IFC is susceptible to attacks that leak information through covert channels. In this paper we focus on LIO, a concurrent IFC system. LIO is vulnerable to attacks that leak information through the internal timing covert channel by leveraging the effects of the underlying CPU cache. We present a resumption-based library to address such attacks. Resumptions provide fine-gained control over the interleaving of thread computations. Leveraging this, our library removes cache-based attacks by enforcing that every thread yield after executing an "instruction." Importantly, our library allows for porting the full LIO library -- our resumption approach handles local state and exceptions, both complex features present in LIO. To amend for performance degradations due to library-level thread scheduling, our library provides two novel primitives. First, we allow pure code to securely execute in parallel. Second, we allow developers to control the granularity of instructions, i.e., atomic actions, that threads execute; this allows developers to adjust the frequency of context switching according to their application.

Författare

Pablo Buiras

Chalmers, Data- och informationsteknik, Programvaruteknik

Amit Levy

Stanford University

Deian Stefan

Stanford University

Alejandro Russo

Chalmers, Data- och informationsteknik, Programvaruteknik

David Mazières

Stanford University

Lecture Notes in Computer Science

0302-9743 (ISSN)

Vol. 8358 199-216

Styrkeområden

Informations- och kommunikationsteknik

Ämneskategorier

Datavetenskap (datalogi)

DOI

10.1007/978-3-319-05119-2_12

ISBN

978-3-319-05118-5

Mer information

Senast uppdaterat

2018-03-06