Lazy Programs Leak Secrets
Paper i proceeding, 2013

To preserve confidentiality, information-flow control (IFC) restricts how untrusted code handles secret data. While promising, IFC systems are not perfect; they can still leak sensitive information via covert channels. In this work, we describe a novel exploit of lazy evaluation to reveal secrets in IFC systems. Specifically, we show that lazy evaluation might transport information through the internal timing covert channel, a channel present in systems with concurrency and shared resources. We illustrate our claim with an attack for LIO, a concurrent IFC system for Haskell. We propose a countermeasure based on restricting the implicit sharing caused by lazy evaluation.

language-based security

covert channels

lazy evaluation

Haskell

information flow control

Författare

Pablo Buiras

Chalmers, Data- och informationsteknik, Programvaruteknik

Alejandro Russo

Chalmers, Data- och informationsteknik, Programvaruteknik

Lecture Notes in Computer Science

0302-9743 (ISSN)

Vol. 8208 116-122

Styrkeområden

Informations- och kommunikationsteknik

Ämneskategorier

Datavetenskap (datalogi)

DOI

10.1007/978-3-642-41488-6_8

ISBN

978-3-642-41488-6

Mer information

Skapat

2017-10-07