Securing Interaction between Threads and the Scheduler in the Presence of Synchronization
Artikel i vetenskaplig tidskrift, 2009

The problem of information flow in multithreaded programs remains an important open challenge. Existing approaches to specifying and enforcing information-flow security often suffer from over-restrictiveness, relying on nonstandard semantics, lack of compositionality, inability to handle dynamic threads,inability to handle synchronization, scheduler dependence, and efficiency overhead for the code that results from security-enforcing transformations. This paper suggests a remedy for some of these shortcomings by developing a novel treatment of the interaction between threads and the scheduler. As a result, we present a permissive noninterference-like security specification and a compositional security type system that provably enforces this specification. The type system guarantees security for a wide class of schedulers and provides a flexible and efficiency-friendly treatment of dynamic threads.

Internal timing covert channel




language-based security



Alejandro Russo

Chalmers, Data- och informationsteknik, Datavetenskap

Andrei Sabelfeld

Chalmers, Data- och informationsteknik, Datavetenskap

Journal of Logic and Algebraic Programming

1567-8326 (ISSN)

Vol. 78 593-618


Datavetenskap (datalogi)