Lazy Programs Leak Secrets

Pablo Buiras; Alejandro Russo

doi:10.1007/978-3-642-41488-6_8

Lazy Programs Leak Secrets
Paper i proceeding, 2013

To preserve confidentiality, information-flow control (IFC) restricts how untrusted code handles secret data. While promising, IFC systems are not perfect; they can still leak sensitive information via covert channels. In this work, we describe a novel exploit of lazy evaluation to reveal secrets in IFC systems. Specifically, we show that lazy evaluation might transport information through the internal timing covert channel, a channel present in systems with concurrency and shared resources. We illustrate our claim with an attack for LIO, a concurrent IFC system for Haskell. We propose a countermeasure based on restricting the implicit sharing caused by lazy evaluation.

language-based security

covert channels

lazy evaluation

Haskell

information flow control

Författare

Pablo Buiras

Chalmers, Data- och informationsteknik, Programvaruteknik

Forskning Andra publikationer

Alejandro Russo

Chalmers, Data- och informationsteknik, Programvaruteknik

Forskning Andra publikationer

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 8208 LNCS 116-122
978-3-642-41488-6 (ISBN)

Styrkeområden

Informations- och kommunikationsteknik

Ämneskategorier

Datavetenskap (datalogi)

DOI

10.1007/978-3-642-41488-6_8

Publikationsdata kopplat till DOI

ISBN

978-3-642-41488-6

Mer information

Senast uppdaterat

2024-10-28

Lazy Programs Leak Secrets Paper i proceeding, 2013