Language Support for Controlling Timing-Based Covert Channels
Doktorsavhandling, 2008

The problem of controlling information flow in multithreaded programs remains an important open challenge.A major difficulty for tracking information flow in concurrent programs is due to the internal timing covert channel. Information is leaked via this channel when secrets affect the timing behavior of a thread, which, via the scheduler, affects the interleaving of public events. This channel is particularly dangerous because, in contrast to external timing, the attacker does not need to observe the actual execution time of programs. This thesis introduces a novel treatment of the interaction between threads and the scheduler. As a result, a permissive security specification and a compositional security type system are obtained. The type system guarantees security for a wide class of schedulers and provides a flexible treatment of dynamic thread creation and synchronization. The approach relies on the modification of the scheduler in the run-time environment. In some scenarios, the modification of the run-time environment might not be an acceptable requirement. For such scenarios, the thesis presents two transformations that eliminate the need for modifying the scheduler while avoiding internal timing leaks. The first transformation is given for programs running under cooperative schedulers. It states that threads must not yield control inside of computations that branch on secrets. The second transformation closes internal timing channel when the scheduler is preemptive and behaves as round-robin. It spawns dedicated threads, whenever computation may affect secrets, and carefully synchronizes them. This dissertation also presents two libraries for information-flowsecurity in Haskell. The first proposed library supports multithreaded code and evaluates the implementations of some of the ideas described above to avoid internal timing leaks. This implementation includes an online-shopping case study. The case study reveals that exploiting concurrency to leak secrets is feasible and dangerous in practice and shows how the library can help avoiding internal timing leaks. Up to the publication date, this is the first tool that provides information-flow security in multithreaded programs and the first implementation of a case study that involves concurrency and information-flow policies. The second library, in constrast, is designed for sequential programs and includes a novel treatment for inteded release of information (declassification).


language-based security






internal timing covert channel

EC Room (EDIT-Building)
Opponent: Martín Abadi


Alejandro Russo

Chalmers, Data- och informationsteknik

A Library for Light-Weight Information-Flow Security in Haskell

1st ACM SIGPLAN Haskell Symposium, Haskell'08; Victoria, BC; Canada; 25 September 2008 through 25 September 2008,; (2008)p. 13-24

Paper i proceeding

Security for Multithreaded Programs under Cooperative Scheduling

Proceedings of Andrei Ershov International Conference on Perspectives of System Informatics, Akademgorodok, Novosibirsk, Russia, June 27-30, 2006. LNCS, Springer-Verlag.,; (2006)

Paper i proceeding

Security of Multithreaded Programs by Compilation

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 4734(2007)p. 2-18

Paper i proceeding

Securing Interaction between Threads and the Scheduler

Proceedings of the 19th IEEE Computer Security Foundations Workshop, Venice, Italy, July 5-7, 2006. IEEE Computer Society Press.,; (2006)

Paper i proceeding

Securing Interaction between Threads and the Scheduler in the Presence of Synchronization

Journal of Logic and Algebraic Programming,; Vol. 78(2009)p. 593-618

Artikel i vetenskaplig tidskrift

A Library for Secure Multi-threaded Information Flow in Haskell

Proceedings of the 20th IEEE Computer Security Foundations Symposium. IEEE Computer Society Press.,; (2007)

Paper i proceeding

Closing Internal Timing Channels by Transformation

Proceedings of the 11th Annual Asian Computing Science Conference,; (2007)

Paper i proceeding


Datavetenskap (datalogi)



Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie: 2852

Technical report D - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University: 47

EC Room (EDIT-Building)

Opponent: Martín Abadi

Mer information