A library for removing cache-based attacks in concurrent information flow systems

Pablo Buiras, Amit Levy, Deian Stefan, Alejandro Russo, David Mazières

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

Information-flow control (IFC) is a security mechanism conceived to allow untrusted code to manipulate sensitive data without compromising confidentiality. Unfortunately, untrusted code might exploit some covert channels in order to reveal information. In this paper, we focus on the LIO concurrent IFC system. By leveraging the effects of hardware caches (e.g., the CPU cache), LIO is susceptible to attacks that leak information through the internal timing covert channel. We present a resumption-based approach to address such attacks. Resumptions provide fine-grained control over the interleaving of thread computations at the library level. Specifically, we remove cache-based attacks by enforcing that every thread yield after executing an "instruction," i.e., atomic action. Importantly, our library allows for porting the full LIO library - our resumption approach handles local state and exceptions, both features present in LIO. To amend for performance degradations due to the library-level thread scheduling, we provide two novel primitives. First, we supply a primitive for securely executing pure code in parallel. Second, we provide developers a primitive for controlling the granularity of "instructions"; this allows developers to adjust the frequency of context switching to suit application demands.

Original languageEnglish (US)
Title of host publicationTrustworthy Global Computing - 8th International Symposium, TGC 2013, Revised Selected Papers
PublisherSpringer Verlag
Pages199-216
Number of pages18
ISBN (Print)9783319051185
DOIs
StatePublished - 2014
Externally publishedYes
Event8th International Symposium on Trustworthy Global Computing, TGC 2013 - Buenos Aires, Argentina
Duration: Aug 30 2013Aug 31 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8358 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other8th International Symposium on Trustworthy Global Computing, TGC 2013
CountryArgentina
CityBuenos Aires
Period8/30/138/31/13

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'A library for removing cache-based attacks in concurrent information flow systems'. Together they form a unique fingerprint.

  • Cite this

    Buiras, P., Levy, A., Stefan, D., Russo, A., & Mazières, D. (2014). A library for removing cache-based attacks in concurrent information flow systems. In Trustworthy Global Computing - 8th International Symposium, TGC 2013, Revised Selected Papers (pp. 199-216). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8358 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-05119-2_12