Lazy Programs Leak Secrets

Pablo Buiras; Alejandro Russo

doi:10.1007/978-3-642-41488-6_8

Lazy Programs Leak Secrets
Paper i proceeding, 2013

To preserve confidentiality, information-flow control (IFC) restricts how untrusted code handles secret data. While promising, IFC systems are not perfect; they can still leak sensitive information via covert channels. In this work, we describe a novel exploit of lazy evaluation to reveal secrets in IFC systems. Specifically, we show that lazy evaluation might transport information through the internal timing covert channel, a channel present in systems with concurrency and shared resources. We illustrate our claim with an attack for LIO, a concurrent IFC system for Haskell. We propose a countermeasure based on restricting the implicit sharing caused by lazy evaluation.

language-based security

covert channels

lazy evaluation

Haskell

information flow control

Författare

Pablo Buiras

Chalmers, Data- och informationsteknik, Programvaruteknik

Forskning Andra publikationer

Alejandro Russo

Chalmers, Data- och informationsteknik, Programvaruteknik

Forskning Andra publikationer

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 8208 116-122
978-3-642-41488-6 (ISBN)

Styrkeområden

Informations- och kommunikationsteknik

Ämneskategorier

Datavetenskap (datalogi)

DOI

10.1007/978-3-642-41488-6_8

Publikationsdata kopplat till DOI

ISBN

978-3-642-41488-6

Mer information

Skapat

2017-10-07

Lazy Programs Leak Secrets Paper i proceeding, 2013